[Løst]Logg fra HJT, Combofix, SAS, Malware

[aure]

Hei,

jeg har problemer med pop-ups. Fulgte oppskriften som Norbat laget. Punkt 1 til 4. Trenger hjelp til å studere loggene.

 

 

 

Logg fra anti-Malware:

 

Malwarebytes' Anti-Malware 1.25

Database versjon: 1094

Windows 5.1.2600 Service Pack 2

 

11:18:15 29.08.2008

mbam-log-08-29-2008 (11-18-15).txt

 

Skanntype: Rask Skann

Objekter skannet: 46392

Tid tilbakelagt: 7 minute(s), 43 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 2

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

C:\WINDOWS\system32\__c006ED86.dat (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\__c006BB17.dat (Trojan.Zlob) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006bb17 (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2872c66f382 (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\__c006BB17.dat (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\__c006ED86.dat (Trojan.Agent) -> Delete on reboot.

 

 

 

 

Logg fra SAS:

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/29/2008 at 12:08 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3551

Trace Rules Database Version: 1539

 

Scan type : Quick Scan

Total Scan Time : 00:36:15

 

Memory items scanned : 522

Memory threats detected : 0

Registry items scanned : 505

Registry threats detected : 0

File items scanned : 10936

File threats detected : 4

 

Adware.Tracking Cookie

C:\Documents and Settings\ID\Cookies\id@adtech[2].txt

C:\Documents and Settings\ID\Cookies\[email protected][2].txt

C:\Documents and Settings\ID\Cookies\[email protected][1].txt

 

Trojan.Unclassified/C00-Installer

C:\WINDOWS\SYSTEM32\~.0XE

 

 

 

Logg fra Combofix:

 

ComboFix 08-08-28.06 - ID 2008-08-29 12:23:09.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.534 [GMT 2:00]

Running from: C:\Documents and Settings\ID\Skrivebord\nedlasting\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\xcrashdump.dat

 

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))

.

 

2008-08-29 11:29 . 2008-08-29 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-29 11:28 . 2008-08-29 11:28 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-29 11:28 . 2008-08-29 11:28 <DIR> d-------- C:\Documents and Settings\ID\Programdata\SUPERAntiSpyware.com

2008-08-29 11:08 . 2008-08-29 11:08 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-29 11:08 . 2008-08-29 11:08 <DIR> d-------- C:\Documents and Settings\ID\Programdata\Malwarebytes

2008-08-29 11:08 . 2008-08-29 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-29 11:08 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-29 11:08 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-29 11:07 . 2008-08-29 12:20 <DIR> dr-h----- C:\Documents and Settings\ID\Siste

2008-08-29 11:04 . 2008-08-29 11:04 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-29 10:50 . 2008-08-29 10:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-08-25 12:31 . 2008-08-25 12:31 <DIR> d-------- C:\Programfiler\Lavasoft

2008-08-25 12:31 . 2008-08-25 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-22 23:15 . 2008-08-23 10:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-08-14 21:36 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-07-29 14:58 . 2008-08-28 19:57 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 10:27 --------- d-----w C:\Documents and Settings\ID\Programdata\Skype

2008-08-29 10:25 --------- d-----w C:\Documents and Settings\ID\Programdata\DNA

2008-08-29 09:28 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-29 09:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-28 17:58 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-27 09:22 --------- d-s---w C:\Programfiler\Xfire

2008-08-27 09:22 --------- d-----w C:\Documents and Settings\ID\Programdata\EssentialPIM

2008-08-27 09:22 --------- d-----w C:\Documents and Settings\ID\Programdata\BitTorrent

2008-08-27 09:22 --------- d-----w C:\Documents and Settings\ID\Programdata\Azureus

2008-08-23 19:37 --------- d-----w C:\Documents and Settings\ID\Programdata\dvdcss

2008-08-13 18:21 --------- d-----w C:\Programfiler\CLUE

2008-08-03 15:32 --------- d-----w C:\Documents and Settings\ID\Programdata\teamspeak2

2008-08-01 08:08 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-01 08:07 --------- d-----w C:\Documents and Settings\ID\Programdata\AdobeUM

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2007-11-13 10:37 88 --sh--r C:\WINDOWS\system32\AEE0A5DFDC.sys

2007-11-13 10:37 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]

"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2005-02-26 03:23 53248]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 12:04 67128]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-06-08 19:18 289088]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 18:33 155648]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]

"Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 18:34 213936]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]

"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" [2003-06-17 15:43 208896]

"F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2005-09-19 09:30 106571]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 11:54 282624]

"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"Corel Photo Downloader"="C:\Programfiler\Fellesfiler\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-23 12:04:00 67128]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-01-04 17:20:59 528384]

VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-10-01 09:46:31 6144]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 18:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Anti-Blaxx Manager"=C:\Utilities\Anti-Blaxx\Anti-Blaxx.exe

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime

"DAEMON Tools-1033"="C:\Utilities\Daemon\daemon.exe" -lang 1033

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

"Picasa Media Detector"=C:\Programfiler\Picasa2\PicasaMediaDetector.exe

"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

"WinampAgent"=C:\Utilities\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\Return to Castle Wolfenstein\\WolfMP.exe"=

"C:\\Spill\\Wolfenstein - Enemy Territory\\ET.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 04:16]

R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 15:37]

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-01 10:14]

R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 17:52]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 09:23]

R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 12:32]

R2 FSpm;F-Secure Policy Manager;C:\Programfiler\F-Secure\Common\FSPM.SYS [2005-09-19 09:30]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Programfiler\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

 

2007-05-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]

.

- - - - ORPHANS REMOVED - - - -

 

Notify-2872c66f382 - (no file)

Notify-WgaLogon - (no file)

Notify-__c006BB17 - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=no&l=no&s=gen

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-29 12:27:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-29 12:30:36

ComboFix-quarantined-files.txt 2008-08-29 10:30:32

 

Pre-Run: 3,937,837,056 byte ledig

Post-Run: 3,942,297,600 byte ledig

 

201 --- E O F --- 2008-08-15 07:39:17

 

 

 

 

Logg fra HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:37:59, on 29.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe

C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE

C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINDOWS\system32\PSIService.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\F-Secure\Common\FSMA32.EXE

C:\Programfiler\F-Secure\Common\FSMB32.EXE

C:\Programfiler\F-Secure\Common\FCH32.EXE

C:\Programfiler\F-Secure\Common\FAMEH32.EXE

C:\Programfiler\F-Secure\Common\FNRB32.EXE

C:\Programfiler\F-Secure\Common\FIH32.EXE

C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Apoint\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\F-Secure\Common\FSM32.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe

C:\Programfiler\Fellesfiler\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programfiler\Fellesfiler\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: 2872c66f382 - C:\WINDOWS\

O20 - Winlogon Notify: __c006BB17 - C:\WINDOWS\

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 11967 bytes

 

 

Endret 29. august 2008 av aure

[r2d290]

Du har blitt infisert av en Honda-reklame som ble reklamert for i MSN. Du kan lese mer om det her: https://www.diskusjon.no/index.php?showtopic=1000251

 

Så vidt jeg kan se, er alle filer som er knyttet til infeksjonen fjernet, så du skulle være ren nå... Det som er viktig nå, er at du går inn på den linken, og oppdaterer Flash.

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

[aure]

Du har blitt infisert av en Honda-reklame som ble reklamert for i MSN. Du kan lese mer om det her: https://www.diskusjon.no/index.php?showtopic=1000251

 

Så vidt jeg kan se, er alle filer som er knyttet til infeksjonen fjernet, så du skulle være ren nå... Det som er viktig nå, er at du går inn på den linken, og oppdaterer Flash.

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

 

 

Trur linken du gav meg er til feil sak :-) . Men takk for hjelpen med gjennomgang av loggene. Lastet ned ny versjon av Flash. Har ikke merket noe til pop-upsene.

Trur den riktige skal være:

https://www.diskusjon.no/index.php?showtopic=1000218

Endret 29. august 2008 av aure

[r2d290]

Ops... mente denne linken: https://www.diskusjon.no/index.php?showtopic=998167