Bulf Skrevet 18. juni 2010 Del Skrevet 18. juni 2010 (endret) Bruttern har drivd å lasta ned masse dritt på datan til muttern.... Regner med at det er en del her, så kan noen se over loggene fra mbam og combofix? MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4210 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17.06.2010 23:45:39 mbam-log-2010-06-17 (23-45-39).txt Skanntype: Hurtigsøk Objekter skannet: 142317 Tid tilbakelagt: 10 minutt(er), 51 sekund(er) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 4 Filer infisert 2 Minneprosesser infisert: C:\Programfiler\Registry Helper\RegistryHelperService.exe (Rogue.RegistryHelper) -> Unloaded process successfully. Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\registry helper service (Rogue.RegistryHelper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KwinzySrch Service (Adware.Zwangi) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KWINZYSRCH_SERVICE (Adware.Zwangi) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: C:\Programfiler\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully. C:\Programfiler\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully. C:\Programfiler\KwinzySrch\KwinzySrch_deleted_ (Adware.Zwangi) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully. Filer infisert C:\Programfiler\Registry Helper\RegistryHelperService.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully. C:\Programfiler\Registry Helper\Thumbs.db (Rogue.RegistryHelper) -> Quarantined and deleted successfully. Combofix: ComboFix 10-06-17.02 - Gunhild Kvam 18.06.2010 0:19.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1022.382 [GMT 2:00] Kjører fra: c:\documents and settings\Gunhild Kvam\Skrivebord\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Toolbar4 c:\documents and settings\Gunhild Kvam\Programdata\inst.exe c:\windows\21029.exe c:\windows\system32\win.com . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-05-17 til 2010-06-17 ))))))))))))))))))))))))))))))))) . 2010-11-19 14:38 . 2010-11-19 14:38 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Ahead 2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Malwarebytes 2010-06-17 21:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-06-17 21:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-16 18:05 . 2010-06-16 18:05 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Canneverbe Limited 2010-06-16 18:05 . 2010-06-16 18:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Canneverbe Limited 2010-06-16 18:04 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-06-16 18:04 . 2010-06-16 18:04 -------- d-----w- c:\programfiler\CDBurnerXP 2010-06-16 15:10 . 2010-06-16 15:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-16 15:05 . 2010-06-16 15:05 -------- d-----w- c:\programfiler\LSoft Technologies 2010-06-16 14:31 . 2010-06-16 14:31 -------- d-----w- c:\programfiler\TrendyFlash Intro Builder 2010-06-16 14:21 . 2010-06-16 14:21 -------- d-----w- c:\programfiler\TrendyFlash Site Builder 2010-06-13 14:59 . 2010-06-13 14:59 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Avira 2010-06-13 14:55 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-13 14:55 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-13 14:55 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-13 14:55 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-13 14:54 . 2010-06-13 14:54 -------- d-----w- c:\programfiler\Avira 2010-06-13 14:54 . 2010-06-13 14:54 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira 2010-06-12 18:49 . 2010-06-14 16:45 -------- d-----w- c:\programfiler\Yahoo SiteBuilder 2010-06-12 18:22 . 2010-06-12 18:24 23147 ----a-w- c:\windows\hpqins15.dat 2010-06-12 18:19 . 2010-06-12 18:19 -------- d-----w- c:\programfiler\CoffeeCup Software 2010-06-11 17:25 . 2003-08-29 21:52 75264 ----a-w- c:\windows\system32\unacev2.dll 2010-06-11 17:25 . 2003-08-29 21:51 156160 ----a-w- c:\windows\system32\unrar3.dll 2010-06-11 17:25 . 2010-06-11 17:25 -------- d-----w- c:\programfiler\TUGZip 2010-06-11 17:22 . 2010-06-11 17:23 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\jZip 2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- c:\programfiler\jZip 2010-06-11 17:13 . 2010-06-17 21:12 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\HPAppData 2010-06-11 16:58 . 2010-06-11 16:58 -------- d-----w- c:\documents and settings\All Users\Programdata\WEBREG 2010-06-11 16:58 . 2010-06-11 16:58 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\HP 2010-06-11 16:49 . 2010-06-11 16:54 -------- d-----w- c:\programfiler\HP 2010-06-11 16:48 . 2010-06-11 16:58 169111 ----a-w- c:\windows\hphins33.dat 2010-06-11 16:48 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-17 22:33 . 2009-03-26 09:23 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\uTorrent 2010-06-17 21:01 . 2009-03-26 09:23 -------- d-----w- c:\programfiler\uTorrent 2010-06-16 15:05 . 2005-12-02 07:54 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2010-06-12 20:29 . 2006-07-04 21:51 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\OpenOffice.org2 2010-06-11 17:10 . 2008-06-21 16:33 -------- d-----w- c:\programfiler\Windows Live 2010-06-11 16:58 . 2010-06-11 16:57 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\HP 2010-06-11 16:58 . 2006-07-03 22:55 87040 ----a-w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-06-11 16:57 . 2010-06-11 16:51 -------- d-----w- c:\documents and settings\All Users\Programdata\HP 2010-06-11 16:54 . 2010-06-11 16:54 -------- d-----w- c:\programfiler\Fellesfiler\HP 2010-06-11 16:53 . 2010-06-11 16:53 -------- d-----w- c:\documents and settings\All Users\Programdata\HP Product Assistant 2010-06-11 16:51 . 2010-06-11 16:51 -------- d-----w- c:\programfiler\Fellesfiler\Hewlett-Packard 2010-06-11 16:21 . 2009-11-24 18:34 -------- d-----w- c:\programfiler\Mozilla Firefox 3.6 Beta 3 2010-06-03 17:25 . 2009-09-15 13:20 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLds.DAT 2010-06-03 17:25 . 2006-10-22 15:09 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLec.DAT 2010-04-22 11:32 . 2010-04-22 11:32 -------- d-----w- c:\programfiler\ImgBurn 2010-04-19 14:09 . 2010-04-19 14:08 12380708 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\rp\RealPlayerSPGold.exe 2010-04-19 14:08 . 2010-04-19 14:08 8405312 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-04-19 14:06 . 2010-04-19 14:06 149000 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\chr_helper\LaunchHelper.exe 2010-04-19 14:06 . 2010-04-19 14:06 10309448 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\chr\ChromeInstaller.exe 2010-04-19 14:04 . 2010-04-19 14:04 79368 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\vista.exe 2010-04-19 14:04 . 2010-04-19 14:04 52288 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\gtapi.dll 2010-04-19 14:04 . 2010-04-19 14:04 64000 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll 2010-04-19 14:04 . 2010-04-19 14:04 50688 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll 2010-04-19 14:04 . 2010-04-19 14:04 49152 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll 2010-04-19 14:04 . 2010-04-19 14:04 118784 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-04-17 00:17 . 2010-04-17 00:17 306544 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-16 13:09 . 2010-04-16 13:09 439816 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\setup.exe 2010-04-16 13:05 . 2010-04-16 13:05 49 ----a-w- c:\windows\drprofile.dat 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AcrobatUpdater.exe 2005-12-03 03:03 . 2005-12-03 03:03 153099 ----a-w- c:\programfiler\SetupGraph-4.3.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\programfiler\uTorrent\uTorrent.exe" [2010-06-14 324912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-16 10:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Steam"="c:\programfiler\Steam\Steam.exe" -silent "UltimateVirus!471"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe "UltimateVirus!367"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe "UltimateVirus!"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" /background "Creative Detector"=c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe /R "GM4IE"=c:\programfiler\GM4IE\gm4ie.exe "Google Update"="c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c "OM_Monitor"=c:\programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart "Minimizer-XP"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\minixp.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot "PPort11reminder"="c:\programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "InternetDownload_upgrade"="c:\programfiler\NBget\InternetDownload\InternetDownload.exe" /upgrade "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe "BrMfcWnd"=c:\programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3"=c:\programfiler\Brother\ControlCenter3\brctrcen.exe /autorun "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" "Snarvei til egenskapsside for High Definition Audio"=HDAShCut.exe "SMSERIAL"=sm56hlpr.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "OM_Monitor"=c:\programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe "OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" "PaperPort PTD"="c:\programfiler\ScanSoft\PaperPort\pptd40nt.exe" "IndexSearch"="c:\programfiler\ScanSoft\PaperPort\IndexSearch.exe" "InstantOn"="c:\powercinema linux\ion_install.exe" /c "Alcmtr"=ALCMTR.EXE "RTHDCPL"=RTHDCPL.EXE "SSBkgdUpdate"="c:\programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SynTPEnh"=c:\programfiler\Synaptics\SynTP\SynTPEnh.exe "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\ATI Technologies\\ATI.ACE\\CLI.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\java.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\Steam\\steamapps\\lundinho92\\counter-strike source\\hl2.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 DiMaint;Eicon Maintenance Driver;c:\windows\system32\drivers\disdn\dimaint.sys [04.07.2006 01:24 91305] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.06.2010 17:10 691696] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.12.2008 10:37 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.12.2008 10:37 108552] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.2007 18:08 81688] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [13.06.2010 16:55 135336] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16.08.2009 12:46 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.12.2008 10:36 297752] R2 DiCapi;Eicon CAPI 2.0-driver;c:\windows\system32\drivers\disdn\capi20.sys [04.07.2006 01:24 164923] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 01:12 1044808] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 08:24 10064] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 LasMan;Local Connection Manager;c:\windows\System32\svchost.exe -k netsvcs [20.06.2008 18:22 14336] S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe --> c:\program files\NetMeeting\comp.exe [?] S3 DiWan;Eicon-driver for alle DIVA PnP-kort;c:\windows\system32\drivers\disdn\Diwan.sys [04.07.2006 01:24 952007] S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\GUNHIL~1\LOKALE~1\Temp\ewdmaudn.sys --> c:\docume~1\GUNHIL~1\LOKALE~1\Temp\ewdmaudn.sys [?] S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [30.05.2007 17:34 39424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs LasMan UxTuneUp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678422516-1975078584-2202250191-1006Core.job - c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2005-12-17 16:34] 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678422516-1975078584-2202250191-1006UA.job - c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2005-12-17 16:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.qword.com/?s=1 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Download by NBget Internet Download - c:\programfiler\NBget\InternetDownload\adddownload.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: qword.com FF - ProfilePath - c:\documents and settings\Gunhild Kvam\Programdata\Mozilla\Firefox\Profiles\sbs2gr6l.default\ FF - plugin: c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-MagicDisc 2.7.106 - c:\progra~1\MAGICD~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-18 00:29 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FD51F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf75baf28 \Driver\ACPI -> ACPI.sys @ 0xf7412cb8 \Driver\atapi -> atapi.sys @ 0xf72f7b40 \Driver\iaStor -> iaStor.sys @ 0xf73477b0 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e368e ParseProcedure -> ntoskrnl.exe @ 0x805786b1 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e368e ParseProcedure -> ntoskrnl.exe @ 0x805786b1 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-678422516-1975078584-2202250191-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:95,a2,54,2d,4b,5d,ab,2e,ba,71,61,49,d9,6b,7c,ff,0d,cd,1c,ff,08,bd,f9, 6f,17,96,b5,50,97,5a,6e,c8,b2,3b,b8,ae,db,ed,f1,b1,d5,2f,d8,76,55,d7,16,10,\ "??"=hex:64,5a,3b,3d,73,91,a8,ff,5a,99,99,54,22,27,7c,43 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0113220f-d06b-4da4-a630-63c6b38119df}] @Denied: (Full) (Everyone) "Model"=dword:00000006 "Therad"=dword:00000018 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):0d,61,65,fd,91,04,d0,71,18,08,0c,5f,74,38,e6,50,51,df,5c,77,52, da,bc,02,9e,69,2e,81,65,4a,0e,13,b5,33,35,3a,75,af,9b,e5,00,00,00,00,00,00,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(216) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(560) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\programfiler\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\programfiler\Avira\AntiVir Desktop\avguard.exe c:\programfiler\Avira\AntiVir Desktop\avshadow.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\windows\system32\CTsvcCDA.exe c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE c:\programfiler\NetLimiter 2 Monitor\nlsvc.exe c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\UStorSrv.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\programfiler\NetLimiter 2 Monitor\NLClient.exe c:\programfiler\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\programfiler\HP\Digital Imaging\bin\hpqSTE08.exe c:\programfiler\HP\Digital Imaging\bin\hpqbam08.exe c:\programfiler\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Tidspunkt ferdig: 2010-06-18 00:36:46 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-06-17 22:36 Pre-Run: 44 937 068 544 byte ledig Post-Run: 45 007 224 832 byte ledig - - End Of File - - D53D38A01ABE982E1F8565D35745434D Endret 18. juni 2010 av Bulf Lenke til kommentar
snippsat Skrevet 18. juni 2010 Del Skrevet 18. juni 2010 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Driver:: ewdmaudn UltimateVirus er vel et tullevirus,derfor fjerner jeg den ikke. Ønsker du og fjerne den,men får det ikke til kan jeg ta det. Endret 18. juni 2010 av SNIPPSAT Lenke til kommentar
Bulf Skrevet 19. juni 2010 Forfatter Del Skrevet 19. juni 2010 ja skal ha vekk all skiten Lenke til kommentar
snippsat Skrevet 19. juni 2010 Del Skrevet 19. juni 2010 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "UltimateVirus!471"=- "UltimateVirus!367"=- "UltimateVirus!"=- Driver:: ewdmaudn Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå