her er mine logger

[billywillie]

Poster mine logger. Fikk ikke kjørt combofix ferdig da maskinen bare restartet. Prøvde 5 ganger også med deaktivering av Normann uten at det hjalp.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/03/2008 at 06:12 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3555

Trace Rules Database Version: 1543

 

Scan type : Quick Scan

Total Scan Time : 00:49:42

 

Memory items scanned : 531

Memory threats detected : 0

Registry items scanned : 458

Registry threats detected : 0

File items scanned : 11772

File threats detected : 0

 

 

[r2d290]

Ingen informasjon om problemet, og en logg som ikke viser noen infeksjoner... Her var det ikke mye å gå ut ifra

 

Vi ser om det hjelper å starte maskinen i Sikkerhetsmodus for å kjøre combofix:

• Restart maskinen på vanlig måte
   
  
• Trykk mange ganger på F8 rett før Windows starter å laste inn.
  
• Velg alternativet Sikkerhetsmodus.
   
  
• Til slutt logger du deg inn på brukeren din, og velger det passordet du pleier å bruke.
  

Merk: I noen tilfeller logger Windows seg inn på en bruker automatisk, og du trenger da ikke å skrive inn brukernavn eller passord.

 

 

Når du er inne i sikkerhetsmodus, prøver du å kjøre combofix, og ser om du får noe bedre resultater nå

[billywillie]

Ingen informasjon om problemet, og en logg som ikke viser noen infeksjoner... Her var det ikke mye å gå ut ifra

 

Vi ser om det hjelper å starte maskinen i Sikkerhetsmodus for å kjøre combofix:

• Restart maskinen på vanlig måte
   
  
• Trykk mange ganger på F8 rett før Windows starter å laste inn.
  
• Velg alternativet Sikkerhetsmodus.
   
  
• Til slutt logger du deg inn på brukeren din, og velger det passordet du pleier å bruke.
  

Merk: I noen tilfeller logger Windows seg inn på en bruker automatisk, og du trenger da ikke å skrive inn brukernavn eller passord.

 

 

Når du er inne i sikkerhetsmodus, prøver du å kjøre combofix, og ser om du får noe bedre resultater nå

Har nå vært i sikkerhetsmodus og kjørt combofix, her er loggen.

ComboFix 08-09-01.05 - Terje 2008-09-04 11:12:29.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.799 [GMT 2:00]

Running from: D:\Documents and Settings\Terje\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Documents and Settings\Terje\Local Settings\Temporary Internet Files\SuggestedSites.dat

D:\WINDOWS\system32\docent0.dll

D:\WINDOWS\system32\linksrvd.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NSESVC

-------\Service_nsesvc

 

 

((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))

.

 

2008-09-03 17:19 . 2008-09-03 17:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-03 17:18 . 2008-09-03 17:18 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\SUPERAntiSpyware.com

2008-09-03 15:41 . 2008-09-03 15:41 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\Malwarebytes

2008-09-03 15:41 . 2008-09-03 15:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-03 15:41 . 2008-09-02 00:16 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-03 15:41 . 2008-09-02 00:16 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-09-02 23:52 . 2008-09-02 23:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-02 10:45 . 2008-09-02 10:45 <DIR> d--hs---- D:\Documents and Settings\Terje\PrivacIE

2008-08-31 12:10 . 2002-03-22 09:14 38,667 -ra------ D:\WINDOWS\system32\isdncoin.dll

2008-08-31 12:10 . 2001-12-28 07:31 27,136 -ra------ D:\WINDOWS\system32\utilcpy.exe

2008-08-31 12:10 . 2000-10-20 08:50 9,216 -ra------ D:\WINDOWS\system32\capi2032.dll

2008-08-31 12:10 . 1999-12-01 01:16 8,976 -ra------ D:\WINDOWS\system32\capi20.dll

2008-08-31 12:10 . 1998-05-30 03:24 3,584 -ra------ D:\WINDOWS\system32\capitask.exe

2008-08-29 11:02 . 2008-08-29 11:03 <DIR> d--h-c--- D:\WINDOWS\ie8

2008-08-22 03:15 . 2008-08-22 03:15 1,216,512 --------- D:\WINDOWS\system32\ieframe.dll.mui

2008-08-22 03:14 . 2008-08-22 03:14 10,240 --------- D:\WINDOWS\system32\advpack.dll.mui

2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- D:\WINDOWS\system32\PrivacIE.dll

2008-08-21 14:02 . 2008-08-21 14:02 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\Ectaco

2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ D:\WINDOWS\system32\msdbg2.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-03 15:18 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard

2008-09-03 09:43 102,664 ----a-w D:\WINDOWS\system32\drivers\tmcomm.sys

2008-09-02 19:49 --------- d-----w D:\Documents and Settings\Terje\Application Data\Skype

2008-09-02 15:49 --------- d-----w D:\Documents and Settings\Terje\Application Data\skypePM

2008-08-30 09:06 --------- d-----w D:\Program Files\Java

2008-08-23 10:29 --------- d-----w D:\Documents and Settings\Terje\Application Data\Orbit

2008-08-22 01:08 878,592 ----a-w D:\WINDOWS\system32\wininet.dll

2008-08-22 01:08 43,008 ----a-w D:\WINDOWS\system32\licmgr10.dll

2008-08-22 01:07 18,944 ----a-w D:\WINDOWS\system32\corpol.dll

2008-08-22 01:06 72,704 ----a-w D:\WINDOWS\system32\admparse.dll

2008-08-22 01:06 71,680 ----a-w D:\WINDOWS\system32\iesetup.dll

2008-08-22 01:06 434,176 ----a-w D:\WINDOWS\system32\vbscript.dll

2008-08-22 01:05 48,128 ----a-w D:\WINDOWS\system32\mshtmler.dll

2008-08-22 01:05 35,840 ----a-w D:\WINDOWS\system32\imgutil.dll

2008-08-22 01:04 45,568 ----a-w D:\WINDOWS\system32\mshta.exe

2008-08-22 00:57 156,160 ----a-w D:\WINDOWS\system32\msls31.dll

2008-08-19 13:02 --------- d-----w D:\Documents and Settings\Terje\Application Data\dvdcss

2008-08-19 11:00 --------- d-----w D:\Program Files\Common Files\BHPS

2008-08-19 10:58 --------- d-----w D:\Program Files\DxO Labs

2008-08-16 10:11 163,712 ----a-w D:\WINDOWS\system32\drivers\vidstub.sys

2008-08-12 19:55 --------- d-----w D:\Program Files\UltimateZip 2.7

2008-08-12 19:55 --------- d-----w D:\Program Files\QuickTime Alternative

2008-08-09 12:41 --------- d-----w D:\Program Files\Logitech

2008-08-09 12:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Logitech

2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll

2008-07-07 21:24 --------- d-----w D:\Documents and Settings\Terje\Application Data\Creative

2008-07-07 20:32 253,952 ----a-w D:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w D:\WINDOWS\system32\mscms.dll

2008-06-20 17:41 245,248 ----a-w D:\WINDOWS\system32\mswsock.dll

2008-06-12 09:27 26,144 ----a-w D:\WINDOWS\system32\spupdsvc.exe

2008-06-12 09:27 26,112 ----a-w D:\WINDOWS\system32\idndl.dll

2008-06-12 09:27 24,576 ----a-w D:\WINDOWS\system32\nlsdl.dll

2008-06-12 09:27 23,552 ----a-w D:\WINDOWS\system32\normaliz.dll

2008-02-29 12:19 32 -c--a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-05 17:53 47,360 -c--a-w D:\Documents and Settings\Terje\Application Data\pcouffin.sys

2005-04-06 09:55 456,384 -c--a-w D:\WINDOWS\inf\WG311T\WG311T13.sys

2004-10-19 17:58 35,232 -c--a-w D:\WINDOWS\inf\WG311T\ME_INST.EXE

2004-10-19 17:58 26,112 -c--a-w D:\WINDOWS\inf\WG311T\install.exe

.

 

------- Sigcheck -------

 

2007-04-13 04:28 502272 6225f14b8ce08ccba8b25ad27843c674 D:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86753232-2331-2734-6784-6799ca323026}]

2008-08-21 19:05 53760 --------- D:\Program Files\Common Files\System\vss rc0.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="D:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-04-16 448768]

"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-11-24 7630848]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-11-24 86016]

"Norman ZANDA"="D:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]

"Easy Synchronization"="E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

"SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]

"PDF3 Registry Controller"="E:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496]

"BootSkin Startup Jobs"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]

"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Launch LCDMon"="D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]

"Launch LGDCore"="D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"nwiz"="nwiz.exe" [2006-11-24 D:\WINDOWS\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 D:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 D:\WINDOWS\KHALMNPR.Exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Easy Synchronization"="E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

D:\Documents and Settings\Terje\Start Menu\Programs\Startup\

Dialog Helper.lnk - E:\Program Files\VCOM\PowerDesk\pddlghlp.exe [2005-09-08 40960]

NVidia Desktop Run.exe [2008-08-27 26624]

Thoosje Sidebar.lnk - E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-08-18 605696]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]

Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-22 805392]

Logiteck Office Run.exe [2008-08-27 26624]

NETGEAR WG311T Wireless Assistant.lnk - D:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 4517888]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "E:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "E:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 d:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"msacm.imc"= imc32.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk

backup=D:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^Terje^Start Menu^Programs^Startup^TomTom HOME.lnk]

path=D:\Documents and Settings\Terje\Start Menu\Programs\Startup\TomTom HOME.lnk

backup=D:\WINDOWS\pss\TomTom HOME.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2006-06-12 14:32 700416 D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]

--a------ 2005-10-05 12:00 53248 E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

--a------ 2004-01-14 03:10 409600 D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

--a------ 2003-07-25 11:15 536576 E:\Program Files\Eraser\eraser.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2007-04-13 04:11 98304 D:\WINDOWS\system32\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

--a------ 2002-04-11 04:19 69632 E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2001-12-07 17:24 1216512 D:\WINDOWS\Mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Program Files\\Opera\\Opera.exe"=

"E:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"E:\Program Files\Microsoft ActiveSync\rapimgr.exe"= E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"E:\Program Files\Microsoft ActiveSync\wcescomm.exe"= E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"D:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"E:\\Program Files\\LimeWire\\LimeWire.exe"=

"E:\\Program Files\\eMule\\emule.exe"=

"D:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=

"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"D:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"E:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"D:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"4672:TCP"= 4672:TCP:4662

 

R0 WDMCAPI;ISDN PCI CAPI;D:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-04-24 612669]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]

R2 Ndiskio;Ndiskio;D:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]

R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;D:\WINDOWS\system32\Drivers\ousbehci.sys [2002-02-01 26752]

R3 NvcMFlt;NvcMFlt;D:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 19512]

R3 nvcoas;Norman Virus Control on-access component;D:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352]

R3 NVCScheduler;Norman Virus Control Scheduler;D:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;D:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-02-01 40704]

R3 WDMWANMP;NDIS WAN miniport;D:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-03-26 26067]

S2 P1C1394;Phase One 1394 Camera Driver;D:\WINDOWS\system32\Drivers\p1c1394.sys [ ]

S3 msloop;Microsoft Loopback Adapter Driver;D:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]

S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;D:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]

S3 nvcfsr;nvcfsr;D:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]

S3 nvcoafl51;nvcoafl51;D:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]

S3 nvcoaft51;nvcoaft51;D:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]

S3 nvcoarc51;nvcoarc51;D:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]

S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07048ee9-6d14-11dc-b011-00146c89304b}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332f440c-62d0-11dc-a8f0-00146c89304b}]

\Shell\AutoRun\command - J:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8e1168-f319-11db-a880-00146c89304b}]

\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE

Notify-WgaLogon - (no file)

MSConfigStartUp-Norman ZANDA - D:\Norman\bin\ZLH.EXE

MSConfigStartUp-Device Detector - DevDetect.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - D:\Documents and Settings\Terje\Application Data\Mozilla\Firefox\Profiles\swqlvsw7.default\

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-04 11:34:44

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\konfig]

"ImagePath"="f:\opt\MBCASE\pm\bin\mcp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\license]

"ImagePath"="f:\opt\MBCASE\pm\bin\mcp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcp]

"ImagePath"="f:\opt\MBCASE\pm\bin\mcp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\e:\Program Files\CyberLink\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

D:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

D:\Norman\npm\bin\elogsvc.exe

D:\Norman\npm\bin\Zanda.exe

E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\system32\scardsvr.exe

D:\WINDOWS\system32\acs.exe

D:\WINDOWS\system32\CTSVCCDA.EXE

E:\Program Files\Logitech\Easy Synchronization\servicestub.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Cyberlink\Shared files\RichVideo.exe

E:\Program Files\Logitech\SetPoint\LBTWiz.exe

D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\LCDMon.exe

D:\PROGRA~1\Logitech\GAMEPA~1\G-SERI~1\LGDCore.exe

D:\PROGRA~1\Java\JRE16~4.0_0\bin\jusched.exe

D:\PROGRA~1\CLOCKT~1\CLOCKT~1.EXE

D:\PROGRA~1\MESSEN~1\msmsgs.exe

D:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

D:\PROGRA~1\NETGEAR\WG311T\wlancfg5.exe

D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDClock.exe

E:\PROGRA~1\MICROS~2\rapimgr.exe

D:\Norman\npm\bin\Njeeves.exe

D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDCOU~1.EXE

D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDPop3.exe

D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDMedia.exe

D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

D:\PROGRA~1\COMMON~1\Logishrd\KHAL2\KHALMNPR.exe

D:\Norman\NVC\Bin\Nip.exe

D:\Norman\NVC\Bin\CClaw.exe

.

**************************************************************************

.

Completion time: 2008-09-04 11:39:28 - machine was rebooted [Terje]

ComboFix-quarantined-files.txt 2008-09-04 09:39:16

 

Pre-Run: 10,016,100,352 bytes free

Post-Run: 9,837,699,072 bytes free

 

287 --- E O F --- 2008-08-29 09:15:22

 

 

[r2d290]

Kjenner du denne mappen:

D:\Documents and Settings\Terje\PrivacIE

 

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

D:\WINDOWS\system32\isdncoin.dll

D:\WINDOWS\system32\utilcpy.exe

D:\Program Files\Common Files\System\vss rc0.dll

D:\Program Files\Clock Tray Skins\ClockTraySkins.exe

E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

[billywillie]

Kjenner du denne mappen:

D:\Documents and Settings\Terje\PrivacIE Åpnet den og fant en fil som heter index.dat

Client UrlCache MMF Ver 5.2 € @ € 2 ÿÿÿÿÿÿ HASH À±žñ X @ü"G W @£l R HN> V @’”æ U ÀPí S €,åµ Q ÊÉ P @Qj÷ T ï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾

Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï

­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þ

¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­

ï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾

Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL põ.CØÉ €Q ` h þ ¸ "9±E ï¾­ÞPrivacIE:doubleclick.net/adi/N1893.nrk.no/*/B3058983;sz=180x500;ord=1247493259 Þ n r k . n o ­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL Ð5DØÉ €Q ` h þ œ , "9²E ï¾­ÞPrivacIE:2mdn.net/879366/*/DartRichMedia_1_03.js ¾­Þ d o u b l e c l i c k . n e t ï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL ÅvPØÉ €Q ` h þ ˜ "9¼E ï¾­ÞPrivacIE:statistik-gallup.net/*/VC1220345155389 n r k . n o ­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL pý¯PØÉ €Q ` h þ ” "9½E ï¾­ÞPrivacIE:statistik-gallup.net/V11http://*/ Þ n r k . n o ­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL àbRØÉ €Q ` h þ Œ "9ÀE ï¾­ÞPrivacIE:sitestat.com/nrk/nrk/*/s ­Þ n r k . n o ­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þ

RL  DÿRØÉ €Q ` h þ Ü "9ÁE ï¾­ÞPrivacIE:adtech.de/*/addyn%7C3.0%7C580%7C1675256%7C0%7C339%7CADTECH;loc=100;target=_blank;misc=282001299;rdclick= ­Þ n r k . n o ­Þï¾­Þï¾­ÞURL €_fðØÉ €Q ` h þ ¼ "9MF ï¾­ÞPrivacIE:doubleclick.net/noidadi/N1893.nrk.no/*/B3058983;sz=180x500;ord=125161282 ­Þ n r k . n o ­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL €‹L"‰É €Q ` h þ ( $9c ï¾­ÞPrivacIE:google-analytics.com/*/ga.js ­Þ e e t n o r d i c . c o m üï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­ÞURL `_È=‰É €Q ` h þ ” ( $9c ï¾­ÞPrivacIE:google-analytics.com/*/__utm.gif ­Þ e e t n o r d i c . c o m ï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þï¾­Þ

 

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

D:\WINDOWS\system32\isdncoin.dll

D:\WINDOWS\system32\utilcpy.exe

D:\Program Files\Common Files\System\vss rc0.dll

D:\Program Files\Clock Tray Skins\ClockTraySkins.exe

E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

 

Her fant den noe og resultatet er her.

Service load: 0% 100%

 

File: vss_rc0.dll

Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

MD5: 81e5335e9ef4185c188d132e3dff2ab9

Packers detected: UPX

 

Scanner results

Scan taken on 04 Sep 2008 14:57:41 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Trojan.Dropper.IRC.TKB

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found Virus.Win32.BHO.PO

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

 

Endret 4. september 2008 av billywillie

[r2d290]

altså, det var den eneste fila du fant noe på? Da tror jeg kanskje noen andre bør overta her. Ble litt usikker

[billywillie]

altså, det var den eneste fila du fant noe på? Da tror jeg kanskje noen andre bør overta her. Ble litt usikker

Ja alle de andre var (grønne) ok