[Løst] Hjelp trengs: Virus sannsynligvis fortsatt tilstede.

durban · 1. september 2008

Heisann.

Jeg var så "heldig" å få et virus i dag morrest og har fulgt retningslinjene i dette forumet for å få fjernet dette slik at pc'en nok en gang er trygg. Jeg tror imidlertid at viruset fortsatt er på pc'en.

Jeg lurer på om noen kan hjelpe meg å tolke filene fra SuperAntiSpyware, ComboFix og HiJack This.

SAS:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/01/2008 at 11:12 AM

Application Version : 4.20.1046

Core Rules Database Version : 3553

Trace Rules Database Version: 1542

Scan type : Quick Scan

Total Scan Time : 00:18:55

Memory items scanned : 638

Memory threats detected : 2

Registry items scanned : 528

Registry threats detected : 52

File items scanned : 11136

File threats detected : 7

Adware.VideoAccessCodec/Gen

C:\WINDOWS\RQBMVPSO.DLL

Adware.Vundo-Variant/J

C:\WINDOWS\PDOSKEGL.DLL

Trojan.Net-MSV/VPS-Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26027218-80B3-40FA-9FA1-70FD56AA5328}

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\InprocServer32

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\InprocServer32#ThreadingModel

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\ProgID

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\Programmable

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\TypeLib

HKCR\CLSID\{26027218-80B3-40FA-9FA1-70FD56AA5328}\VersionIndependentProgID

HKCR\QXK.Olive

HKCR\TypeLib\{FD924082-30CA-4C7F-8866-9B494A03889D}

HKCR\TypeLib\{FD924082-30CA-4C7F-8866-9B494A03889D}\1.0

HKCR\TypeLib\{FD924082-30CA-4C7F-8866-9B494A03889D}\1.0\win32

HKCR\TypeLib\{FD924082-30CA-4C7F-8866-9B494A03889D}\1.0\FLAGS

HKCR\TypeLib\{FD924082-30CA-4C7F-8866-9B494A03889D}\1.0\HELPDIR

C:\WINDOWS\RODQGPVLDBV.DLL

HKCR\Interface\{9DA604E4-8A8F-47FB-B4F1-BB4BC73E546C}

HKCR\Interface\{9DA604E4-8A8F-47FB-B4F1-BB4BC73E546C}\ProxyStubClsid

HKCR\Interface\{9DA604E4-8A8F-47FB-B4F1-BB4BC73E546C}\ProxyStubClsid32

HKCR\Interface\{9DA604E4-8A8F-47FB-B4F1-BB4BC73E546C}\TypeLib

HKCR\Interface\{9DA604E4-8A8F-47FB-B4F1-BB4BC73E546C}\TypeLib#Version

HKCR\Interface\{A878FFB4-52DE-4396-8F6E-A03417493F9A}

HKCR\Interface\{A878FFB4-52DE-4396-8F6E-A03417493F9A}\ProxyStubClsid

HKCR\Interface\{A878FFB4-52DE-4396-8F6E-A03417493F9A}\ProxyStubClsid32

HKCR\Interface\{A878FFB4-52DE-4396-8F6E-A03417493F9A}\TypeLib

HKCR\Interface\{A878FFB4-52DE-4396-8F6E-A03417493F9A}\TypeLib#Version

Trojan.Unclassified/QALKFXOR

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5371FF76-9602-4029-9626-BE8CD757EB36}

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\InprocServer32

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\InprocServer32#ThreadingModel

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\ProgID

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\Programmable

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\TypeLib

HKCR\CLSID\{5371FF76-9602-4029-9626-BE8CD757EB36}\VersionIndependentProgID

HKCR\qalkfxor.1

HKCR\qalkfxor

HKCR\TypeLib\{F8377C68-4AAF-4045-9C82-3F25C0378CD3}

HKCR\TypeLib\{F8377C68-4AAF-4045-9C82-3F25C0378CD3}\1.0

HKCR\TypeLib\{F8377C68-4AAF-4045-9C82-3F25C0378CD3}\1.0\win32

HKCR\TypeLib\{F8377C68-4AAF-4045-9C82-3F25C0378CD3}\1.0\FLAGS

HKCR\TypeLib\{F8377C68-4AAF-4045-9C82-3F25C0378CD3}\1.0\HELPDIR

C:\WINDOWS\QALKFXOR.DLL

HKCR\Interface\{45632A1F-8D26-4E09-98B7-2DE331F7832B}

HKCR\Interface\{45632A1F-8D26-4E09-98B7-2DE331F7832B}\ProxyStubClsid

HKCR\Interface\{45632A1F-8D26-4E09-98B7-2DE331F7832B}\ProxyStubClsid32

HKCR\Interface\{45632A1F-8D26-4E09-98B7-2DE331F7832B}\TypeLib

HKCR\Interface\{45632A1F-8D26-4E09-98B7-2DE331F7832B}\TypeLib#Version

Browser Hijacker.Internet Explorer Settings Hijack

HKU\S-1-5-21-4071480409-3800250609-3993112272-1005\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ]

Desktop Hijacker.AboutYourPrivacy

C:\Documents and Settings\<brukernavn>\Favoritter\Error Cleaner.url

C:\Documents and Settings\<brukernavn>\Favoritter\Privacy Protector.url

C:\Documents and Settings\<brukernavn>\Favoritter\Spyware&Malware Protection.url

Trojan.Net-MU/Gen

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Combofix:

ComboFix 08-08-31.01 - <brukernavn> 2008-09-01 13:31:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1261 [GMT 2:00]

Running from: C:\Documents and Settings\<brukernavn>\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

2008-09-01 13:05 . 2008-09-01 13:05 <DIR> d-------- C:\Programfiler\Trend Micro

2008-09-01 11:38 . 2008-09-01 11:38 <DIR> dr-h----- C:\Documents and Settings\<brukernavn>\Siste

2008-09-01 10:50 . 2008-09-01 10:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-01 10:50 . 2008-09-01 10:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-01 10:50 . 2008-09-01 10:50 <DIR> d-------- C:\Documents and Settings\<brukernavn>\Programdata\SUPERAntiSpyware.com

2008-09-01 10:50 . 2008-09-01 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-01 10:46 . 2008-09-01 10:46 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-01 09:30 . 2008-09-01 09:30 <DIR> d-------- C:\Programfiler\Alwil Software

2008-09-01 09:17 . 2008-09-01 09:17 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll

2008-09-01 09:16 . 2008-08-31 11:10 102,400 --a------ C:\WINDOWS\rvoelbxt.exe

2008-08-14 19:21 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-10 20:26 . 2008-08-10 20:31 <DIR> d-------- C:\WINDOWS\NKCCDViewerSetting

2008-08-06 13:58 . 2008-08-06 13:58 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-06 13:57 . 2008-08-06 13:57 <DIR> d-------- C:\Programfiler\iTunes

2008-08-06 13:57 . 2008-08-06 13:57 <DIR> d-------- C:\Programfiler\iPod

2008-08-06 13:54 . 2008-08-06 13:55 <DIR> d-------- C:\Programfiler\QuickTime

2008-08-04 19:52 . 2004-11-15 19:02 258,048 --a------ C:\WINDOWS\system32\cmdiag.cpl

2008-08-04 19:52 . 2003-09-16 18:11 163,840 --a------ C:\WINDOWS\system32\cmabout.dll

2008-08-04 19:52 . 2004-09-20 10:19 57,344 --a------ C:\WINDOWS\system32\chksvrn.dll

2008-08-04 19:52 . 2005-05-23 09:30 43,737 --a------ C:\WINDOWS\system32\drivers\cmeu0wdm.sys

2008-08-04 19:52 . 2001-04-27 09:39 41,926 --a------ C:\WINDOWS\system32\ok.bmp

2008-08-04 19:52 . 2005-04-25 09:08 9,823 --a------ C:\WINDOWS\system32\cmdiag.ini

2008-08-04 19:52 . 2005-03-15 11:40 143 --a------ C:\WINDOWS\system32\cmabout.ini

2008-08-04 19:51 . 2008-08-04 19:51 <DIR> d-------- C:\Programfiler\Buypass

2008-08-04 09:04 . 2008-08-04 09:04 <DIR> d-------- C:\Programfiler\QuickSFV

2008-08-03 19:04 . 2008-08-03 19:04 <DIR> d--h----- C:\WINDOWS\PIF

2008-08-03 19:02 . 2008-08-03 19:02 <DIR> d-------- C:\Documents and Settings\<brukernavn>\Programdata\Windows Search

2008-08-03 18:58 . 2008-08-03 18:58 <DIR> d-------- C:\Documents and Settings\<brukernavn>\Programdata\Windows Desktop Search

2008-08-03 18:34 . 2008-08-03 18:34 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-08-03 18:34 . 2008-08-03 18:34 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-03 18:33 . 2008-03-07 18:56 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-08-03 18:33 . 2008-03-07 18:56 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-08-03 18:33 . 2008-03-07 18:56 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 11:12 --------- d-----w C:\Programfiler\Macrogaming

2008-09-01 11:00 --------- d-----w C:\Documents and Settings\<brukernavn>\Programdata\Skype

2008-08-30 16:49 --------- d-----w C:\Documents and Settings\<brukernavn>\Programdata\OpenOffice.org2

2008-08-27 05:22 --------- d-----w C:\Documents and Settings\<brukernavn>\Programdata\Wave Systems Corp

2008-08-23 01:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-21 07:46 --------- d-----w C:\Programfiler\Opera

2008-08-11 18:14 --------- d-----w C:\Documents and Settings\<brukernavn>\Programdata\U3

2008-08-07 10:29 --------- d-----w C:\Programfiler\Launchy

2008-08-05 05:18 --------- d-----w C:\Programfiler\Java

2008-08-04 17:55 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-04 08:10 --------- d-----w C:\Programfiler\Safari

2008-08-02 18:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-07-27 13:39 --------- d-----w C:\Programfiler\Xobni

2008-07-27 11:01 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-12 20:12 --------- d-----w C:\Programfiler\Picasa2

2008-07-09 13:39 --------- d-----w C:\Programfiler\Notepad++

2008-07-09 13:39 --------- d-----w C:\Documents and Settings\<brukernavn>\Programdata\Notepad++

2008-04-04 16:30 3,136 ------w C:\Documents and Settings\<brukernavn>\Programdata\mpauth.dat

.

((((((((((((((((((((((((((((( snapshot@2008-09-01_12.10.02.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-01 09:59:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_154.dat

+ 2008-09-01 11:36:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_154.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 10:30 68856]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2007-04-15 22:49 159744]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 12:45 138008]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 12:45 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 12:45 138008]

"Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-02-20 13:29 1191936]

"Document Manager"="C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 16:32 102400]

"SecureUpgrade"="C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 12:53 212992]

"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]

"RoxioDragToDisc"="C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]

"PDVDDXSrv"="C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-13 16:39 1838592]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 17:32 823296]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 17:30 974848]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-27 13:01 1235736]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 303104 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\<brukernavn>\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Bluetooth Manager.lnk - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 21:43:46 2150400]

Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2007-09-08 15:37:16 50688]

Launchy.lnk - C:\Programfiler\Launchy\Launchy.exe [2007-09-12 17:36:45 286720]

VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-05-31 11:16:17 6144]

Windows Search.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-23 10:47]

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2006-08-28 16:00]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-27 13:01]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 15:21]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-27 13:01]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-23 10:48]

R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00]

R2 XobniService;XobniService;C:\Programfiler\Xobni\XobniService.exe [2008-07-18 22:18]

R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 13:32]

S3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 09:30]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 21:51]

S3 SecureStorageService;SecureStorageService;C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 22:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a6e58b0-38c2-11dd-b01c-b656ea2944ab}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\<brukernavn>\Programdata\Mozilla\Firefox\Profiles\g8vo94sa.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.no/ig?hl=no

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\NPInfotl.dll

FF -: plugin - C:\Programfiler\Opera\program\plugins\npmeadax.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 13:37:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\scardsvr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Cobian Backup 8\cbService.exe

C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Dell\QuickSet\NicConfigSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\SigmaTel\C-dur-lyd\WDM\stacsv.exe

C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\system32\searchindexer.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Apoint\ApMsgFwd.exe

C:\Programfiler\Apoint\hidfind.exe

C:\Programfiler\Apoint\ApntEx.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

.

**************************************************************************

.

Completion time: 2008-09-01 13:47:46 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-01 11:47:16

ComboFix2.txt 2008-09-01 10:10:51

Pre-Run: 6,021,185,536 byte ledig

Post-Run: 5,989,769,216 byte ledig

232 --- E O F --- 2008-08-23 01:04:31

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:50, on 01.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Cobian Backup 8\cbService.exe

C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programfiler\Xobni\XobniService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programfiler\Apoint\Apoint.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Apoint\ApMsgFwd.exe

C:\Programfiler\Apoint\HidFind.exe

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\Digital Line Detect\DLG.exe

C:\Programfiler\Launchy\Launchy.exe

C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Programfiler\Opera\opera.exe

C:\Programfiler\AVG\AVG8\avgui.exe

C:\Programfiler\Trend Micro\HijackThis\testh-j.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karabin.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row-rel&channel=no&ibd=5070908

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5070908

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [secureUpgrade] C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe

O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programfiler\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programfiler\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programfiler\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Programfiler\Cobian Backup 8\cbService.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: XobniService - Xobni Corporation - C:\Programfiler\Xobni\XobniService.exe

--

End of file - 14789 bytes

Endret 2. september 2008 av durban

norbat · 1. september 2008

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere.

durban · 1. september 2008

Tusen takk for kjapt svar :-) Jeg har installert og kjørt MBAM og loggen er her. Den rapporterte 3 tronjanere virker det som. Setter fortsatt stor pris på hjelp.

Malwarebytes' Anti-Malware 1.25

Database versjon: 1103

Windows 5.1.2600 Service Pack 2

15:46:04 01.09.2008

mbam-log-09-01-2008 (15-46-04).txt

Skanntype: Rask Skann

Objekter skannet: 51707

Tid tilbakelagt: 4 minute(s), 59 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\qalkfxor.bmva (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Endret 1. september 2008 av durban

norbat · 1. september 2008

Så kjører du combofix på nytt slik at vi kan se at alt av malware er fjernet.

durban · 1. september 2008

Tusen takk igjen. Her er loggen fra Combifix. Jeg ønsker bare også nevne at det kom en feilmelding når jeg startet Combofix om at en eller annen exe-fil ikke ble funnet. Combofix fant heller ikke c:\windows\system32\combfix.sys. Jeg vet ikke om dette er vesentlig.

Loggen er her:

ComboFix 08-08-31.01 - <brukernavn> 2008-09-01 17:57:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1020 [GMT 2:00]

Running from: C:\Documents and Settings\<brukernavn>\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

2008-09-01 18:04 . 2008-09-01 18:04 <DIR> dr-h----- C:\Documents and Settings\<brukernavn>\Siste

2008-09-01 15:33 . 2008-09-01 15:33 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-01 15:33 . 2008-09-01 15:33 <DIR> d-------- C:\Documents and Settings\<brukernavn>\Programdata\Malwarebytes

2008-09-01 15:33 . 2008-09-01 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-01 15:33 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-01 15:33 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys