<LØST>trojan vundo, kan noen sjekke logger

[kroghelg]

combofix

 

ComboFix 08-09-05.03 - Inger 2008-09-07 17:03:36.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2098 [GMT 2:00]

Running from: C:\Users\Inger\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-07 14:44 --------- d-----w C:\Users\Inger\AppData\Roaming\Malwarebytes

2008-09-07 14:44 --------- d-----w C:\ProgramData\Malwarebytes

2008-09-07 14:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-07 14:36 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-09-07 14:35 --------- d-----w C:\Users\Inger\AppData\Roaming\SUPERAntiSpyware.com

2008-09-07 14:35 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-09-07 14:35 --------- d-----w C:\Program Files\CCleaner

2008-09-07 14:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-05 12:55 --------- d-----w C:\Users\Inger\AppData\Roaming\BitTorrent

2008-09-05 11:25 0 ----a-w C:\Users\Inger\AppData\Roaming\wklnhst.dat

2008-09-05 11:25 --------- d-----w C:\Users\Inger\AppData\Roaming\Template

2008-09-04 19:50 --------- d-----w C:\Program Files\DAEMON Tools Toolbar

2008-09-04 19:14 --------- d-----w C:\Users\Inger\AppData\Roaming\vlc

2008-09-04 18:56 --------- d-----w C:\Program Files\VideoLAN

2008-09-04 18:49 --------- d-----w C:\Users\Inger\AppData\Roaming\Sony

2008-09-04 18:49 --------- d-----w C:\ProgramData\Sony

2008-09-04 18:48 --------- d-----w C:\Program Files\Vstplugins

2008-09-04 18:44 --------- d-----w C:\ProgramData\Pinnacle

2008-09-04 18:18 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-09-04 18:17 --------- d-----w C:\Users\Inger\AppData\Roaming\DAEMON Tools

2008-09-04 12:59 --------- d-----w C:\Users\Inger\AppData\Roaming\DNA

2008-09-04 12:58 --------- d-----w C:\ProgramData\CyberLink

2008-09-04 12:06 --------- d-----w C:\Users\Inger\AppData\Roaming\CyberLink

2008-09-04 11:54 --------- d-----w C:\ProgramData\WildTangent

2008-09-04 11:36 --------- d-----w C:\Users\Inger\AppData\Roaming\PlayFirst

2008-09-04 11:20 --------- d-----w C:\ProgramData\PlayFirst

2008-09-04 11:17 --------- d-----w C:\Users\Inger\AppData\Roaming\WildTangent

2008-09-04 09:21 --------- d-----w C:\Users\Inger\AppData\Roaming\LimeWire

2008-09-04 08:46 --------- d-----w C:\Program Files\LimeWire

2008-09-03 18:17 --------- d-----w C:\Program Files\PhotoScape

2008-09-03 18:07 --------- d-----w C:\Program Files\DNA

2008-09-03 18:07 --------- d-----w C:\Program Files\BitTorrent

2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-09-01 14:36 --------- d-----w C:\Program Files\Windows Mail

2008-09-01 14:34 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-01 14:19 --------- d-----w C:\ProgramData\Symantec

2008-09-01 14:18 --------- d-----w C:\Program Files\MSXML 4.0

2008-09-01 14:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-01 14:01 --------- d-----w C:\Users\Inger\AppData\Roaming\Symantec

2008-09-01 14:01 --------- d-----w C:\Users\Inger\AppData\Roaming\ATI

2008-09-01 14:00 --------- d-----w C:\Users\Inger\AppData\Roaming\DigitalPersona

2008-09-01 13:56 --------- d-----w C:\Users\Inger\AppData\Roaming\Hewlett-Packard

2008-09-01 13:54 --------- d-----w C:\Program Files\Microsoft Works

2008-09-01 13:51 --------- d-----w C:\Program Files\MSN Messenger

2008-09-01 13:50 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF83148MN_E465488-DH2_4A_I3600_SHP_V98.1E_F.07_T080717_WV3-1_L414_M3069_J320_7AMD_8F31_92.00_#080901_N10EC8168;168C002A_(FP692EA#UUW)_XMOBILE_CN10_Z_

Rev 1.MRK

2008-09-01 13:50 --------- d-----w C:\Users\Inger\AppData\Roaming\Macrovision

2008-08-11 17:11 --------- d-----w C:\ProgramData\ATI

2008-08-11 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-11 17:09 --------- d-----w C:\ProgramData\Macrovision

2008-08-11 17:09 --------- d-----w C:\Program Files\DigitalPersona

2008-08-11 17:08 --------- d-----w C:\Program Files\CyberLink

2008-08-11 17:03 --------- d-----w C:\ProgramData\Hewlett-Packard

2008-08-11 17:03 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-08-11 16:37 --------- d-----w C:\Program Files\WIDCOMM

2008-08-11 16:36 --------- d-----w C:\Program Files\AMD

2008-08-11 16:35 --------- d-----w C:\Program Files\Hewlett-Packard

2008-08-11 16:35 --------- d-----w C:\Program Files\AVerMedia

2008-08-11 16:35 --------- d-----w C:\Program Files\Atheros

2008-08-11 16:34 --------- d-----w C:\ProgramData\Atheros

2008-08-11 16:34 --------- d-----w C:\Program Files\Realtek

2008-08-11 16:34 --------- d-----w C:\Program Files\IDT

2008-08-11 16:34 --------- d-----w C:\Program Files\Cisco

2008-08-11 16:30 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-08-11 16:30 --------- d-----w C:\Program Files\Validity Sensors, Inc

2008-08-11 16:30 --------- d-----w C:\Program Files\Synaptics

2008-08-11 16:28 --------- d-----w C:\Program Files\ATI Technologies

2008-08-11 16:25 --------- d-----w C:\Program Files\ATI

2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-16 442433]

"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-25 222504]

"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2008-03-13 699456]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-07 51048]

"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]

"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-02 1244848]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{BA1C6823-0502-47B7-9DA7-7058F0930690}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{38AF2B09-7495-462C-BC2E-D413638784D3}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)

"{823AD503-AE50-4648-9AB4-C1C88915C122}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R0 ahcix86s;ahcix86s;C:\Windows\system32\DRIVERS\ahcix86s.sys [2008-04-15 170000]

R0 Amddfltr;Amd Disk Lower Filter Driver;C:\Windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680]

R0 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.002\IDSvix86.sys [2008-03-20 261680]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]

R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2008-03-19 19456]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-15 292248]

R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-15 116112]

R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-03-27 341328]

R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-03-27 595248]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]

R3 AVerAF15;HP DVB-T TV Tuner;C:\Windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]

R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 41008]

R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 165416]

S3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

*Newly Created Service* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/

R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb

O8 -: &Søkefunksjon i AOL-verktrylinjen - C:\ProgramData\AOL\ieToolbar\resources\nb-NO\local\search.html

O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/5026/defaults/activex/ips/IPSUploader4.cab

C:\Windows\Downloaded Program Files\IPSUploader4.inf

C:\Windows\System32\unicows.dll

C:\Windows\Downloaded Program Files\IPSUploader4.ocx

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 17:12:31

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\WinRAR\rarext.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\wlanext.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\conime.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-09-07 17:20:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-07 15:20:14

 

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 218,602,147,840 byte ledig

 

247 --- E O F --- 2008-09-07 14:32:59

 

 

hjt-log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:19, on 2008-09-07

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\cmd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\CF30494.exe

C:\ComboFix\sed.cfexe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/5026/...PSUploader4.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

 

--

End of file - 10118 bytes

 

Endret 11. september 2008 av kroghelg

[norbat]

Loggene ser greie ut.

Hvem gir melding om Vundo?

[kroghelg]

Loggene ser greie ut.

Hvem gir melding om Vundo?

 

Fikk den beskjeden fra windows defender ved oppstarten.

Har kjørt ccleaner, SAS og combofix

Får ikke den beskjeden lenger ved oppstart.

[norbat]

SAS-loggen viser kanskje at den fjernet noe.

Du skulle være malwarefri nå

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-