svphost hjelp (trojaner) Nå med logger

ignoreme · 30. september 2008

Hei

Da har svphost.exe klart å snike seg inn på pcen. Uheldigvis.

Søkt litt rundt på google finner mye info om hva den gjør, men lite om hvordan jeg fjerner den.

Den roter det vist til i register, noe som umulig kan være bra. svphost oppretter også en fjern tilkobling.

Har avast antivirus (klarer ikke og fjerne den), spybot search and destroy (same old story) og Ccleaner fikser ikke opp.

Forslag? Hva skal jeg gjøre?

Har søkt rundt på forumet her uten hell om dette problemet.

Endret 30. september 2008 av mreinha

Tosha0007 · 30. september 2008

du kan jo følge denne guiden https://www.diskusjon.no/index.php?showtopic=691246

Svenni212000 · 30. september 2008

Finner avast viruset? Har du da forsøkt Boot time scan funksjonen til avast?

Start avast ved å dobbelklikke på avast ikonet på skrivebordet.

Trykk meny, og trykk på: Planlegg skanning ved oppstart.

Under område som skal skannes tar dere valgene:

Skann alle lokale disker, og setter en hake i: Skann arkivfiler.

Sett en hake i avanserte innstillinger, og bruk valget: Spør etter handling.

Trykk planlegg, og bekreft at du vil starte maskinen på nytt.

Kan heller ikke skade å gi dette programmet et forsøk:

http://www.free-av.com/en/tools/12/avira_a...cue_system.html

ignoreme · 30. september 2008

Lager logger nå!

Avast finner det men kommer bare opp med en feil melding. Har prøvd scan ved boot opp ja, det gjør den hver gang.

Når det kommer til virus er jeg grønn kan generelt mye om pc og hardware så kom gjerne med råd som går ut over det en vanlig bruker klarer!

Logg fra combi:

ComboFix 08-09-28.05 - Morten 2008-09-30 15:58:54.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2004 [GMT 2:00]

Running from: D:\Firefox downloads\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\drivers\npf.sys

C:\Windows\system32\packet.dll

C:\Windows\system32\wpcap.dll

F:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))

.

2008-09-30 15:58 . 2008-09-30 15:58 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Malwarebytes

2008-09-30 15:58 . 2008-09-30 15:58 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-30 15:58 . 2008-09-30 15:58 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-30 15:58 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-30 15:58 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-30 15:50 . 2008-09-30 15:50 <DIR> d-------- C:\Users\Morten\.housecall6.6

2008-09-30 01:40 . 2008-09-30 15:32 <DIR> d-------- C:\GTR2

2008-09-29 15:49 . 2008-09-29 21:18 <DIR> d-------- C:\Program Files\SmartList Sidebar

2008-09-29 15:21 . 2008-09-29 15:21 <DIR> d-------- C:\NVIDIA

2008-09-29 04:09 . 2008-09-29 04:10 276,987,095 --a------ C:\Windows\MEMORY.DMP

2008-09-27 03:07 . 2008-09-27 03:07 <DIR> d-------- C:\Program Files\Wildfire

2008-09-27 02:30 . 2008-09-27 03:06 <DIR> d-------- C:\Downloads

2008-09-27 01:48 . 2008-09-27 01:48 <DIR> d-------- C:\Program Files\Real

2008-09-27 01:48 . 2008-09-27 01:48 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-09-27 01:48 . 2008-09-27 01:48 <DIR> d-------- C:\Program Files\Common Files\Real

2008-09-26 18:48 . 2008-09-30 15:32 <DIR> d-------- C:\Program Files\sixteen tons entertainment

2008-09-26 18:23 . 2008-09-26 18:29 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Ludia

2008-09-26 18:23 . 2008-09-26 18:23 <DIR> d-------- C:\Users\All Users\Ludia

2008-09-26 18:23 . 2008-09-26 18:23 <DIR> d-------- C:\ProgramData\Ludia

2008-09-26 02:35 . 2008-09-26 02:35 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Leadertech

2008-09-26 02:26 . 2008-09-26 02:26 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Atari

2008-09-25 23:25 . 2008-09-25 23:25 <DIR> d-------- C:\Program Files\Common Files\Invictus

2008-09-25 16:51 . 2008-09-25 16:51 <DIR> d-------- C:\Program Files\OpenAL

2008-09-25 16:50 . 2008-09-25 16:50 <DIR> d-------- C:\Program Files\City Interactive

2008-09-25 15:36 . 2008-09-25 15:36 <DIR> d-------- C:\Program Files\Strategy First

2008-09-24 20:03 . 2008-09-24 20:03 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys

2008-09-24 20:03 . 2008-09-24 20:03 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

2008-09-24 16:50 . 2004-03-09 02:00 1,081,616 --a------ C:\Windows\System32\mscomctl.ocx

2008-09-21 21:44 . 2008-09-21 21:44 <DIR> d-------- C:\Program Files\Futuremark

2008-09-21 21:28 . 2008-09-21 21:28 <DIR> d-------- C:\Program Files\NVIDIA Corporation

2008-09-21 21:27 . 2008-09-21 21:27 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-09-21 21:16 . 2008-09-21 21:16 45 --a------ C:\Windows\System32\initdebug.nfo

2008-09-19 02:30 . 2008-09-19 04:01 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Mount&Blade

2008-09-19 02:29 . 2008-09-22 23:00 <DIR> d-------- C:\Program Files\Mount&Blade

2008-09-18 11:39 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-18 11:39 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-18 11:39 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-18 11:39 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-18 11:39 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-18 11:39 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-18 11:39 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-18 11:39 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-18 11:39 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-17 20:53 . 2008-09-17 20:53 <DIR> d-------- C:\Users\All Users\Google

2008-09-17 20:53 . 2008-09-17 20:53 3,120 --a------ C:\Windows\System32\ALLFSAF6a.ocx

2008-09-17 20:51 . 2008-09-17 20:51 <DIR> d-------- C:\Windows\System32\URTTEMP

2008-09-17 20:21 . 2007-12-03 02:10 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX

2008-09-17 20:20 . 2008-09-17 20:20 <DIR> d-------- C:\Program Files\Google

2008-09-17 17:57 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-09-16 01:51 . 2008-09-16 01:51 43 --a------ C:\Windows\wininit.ini

2008-09-16 01:51 . 2008-09-16 02:00 24 -rah----- C:\Windows\wcpx_.dat

2008-09-16 01:50 . 2008-09-16 01:50 20,992 --a------ C:\Windows\bw-uninstall.exe

2008-09-16 01:14 . 2008-09-16 01:14 <DIR> d-------- C:\Windows\Downloaded Installations

2008-09-15 17:43 . 2008-09-15 17:43 <DIR> dr-h----- C:\Users\Morten\AppData\Roaming\SecuROM

2008-09-15 17:43 . 2008-09-15 17:43 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-09-15 17:12 . 2004-08-18 05:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll

2008-09-15 02:30 . 2008-09-25 16:51 413,696 --a------ C:\Windows\System32\wrap_oal.dll

2008-09-15 02:30 . 2008-09-25 16:51 110,592 --a------ C:\Windows\System32\OpenAL32.dll

2008-09-15 02:29 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys

2008-09-15 00:16 . 2008-09-15 00:16 <DIR> d-------- C:\Windows\System32\Futuremark

2008-09-15 00:16 . 2007-09-07 14:55 27,672 --a------ C:\Windows\System32\drivers\Entech.sys

2008-09-15 00:16 . 2001-11-16 15:23 9,474 --------- C:\Windows\System32\drivers\PciBus.vxd

2008-09-15 00:16 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\Entech.vxd

2008-09-15 00:16 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd

2008-09-15 00:16 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys

2008-09-14 20:07 . 2008-09-14 20:07 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads

2008-09-14 19:49 . 2008-09-14 19:49 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents

2008-09-13 06:00 . 2008-09-30 16:04 <DIR> d-a------ C:\Users\All Users\TEMP

2008-09-13 06:00 . 2008-09-30 16:04 <DIR> d-a------ C:\ProgramData\TEMP

2008-09-13 05:58 . 2008-09-13 05:58 <DIR> d-------- C:\Users\Morten\AppData\Roaming\iWinArcade

2008-09-13 05:58 . 2008-09-15 03:28 <DIR> d-------- C:\Users\All Users\iWin Games

2008-09-13 05:58 . 2008-09-15 03:28 <DIR> d-------- C:\ProgramData\iWin Games

2008-09-13 03:35 . 2008-09-13 03:35 <DIR> d-------- C:\Users\Morten\AppData\Roaming\PlayFirst

2008-09-13 03:35 . 2008-09-13 03:35 <DIR> d-------- C:\Users\All Users\PlayFirst

2008-09-13 03:35 . 2008-09-13 03:35 <DIR> d-------- C:\ProgramData\PlayFirst

2008-09-13 02:54 . 2008-09-13 02:54 <DIR> d-------- C:\Users\Morten\AppData\Roaming\ViquaSoft

2008-09-13 02:52 . 2008-09-13 02:52 4,096 --a------ C:\Windows\d3dx.dat

2008-09-13 02:50 . 2008-09-15 03:12 <DIR> d-------- C:\Program Files\Oval Office

2008-09-10 12:21 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 12:21 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 12:21 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 12:21 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 12:21 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 12:21 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 12:21 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 12:21 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 12:21 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 01:53 . 2008-09-10 01:53 <DIR> d-------- C:\Program Files\OpenTTD

2008-09-10 01:01 . 2008-09-16 01:23 <DIR> d-------- C:\MPS

2008-09-10 01:01 . 1996-09-30 21:46 24,576 --------- C:\Windows\UniFISH.exe

2008-09-09 15:06 . 2008-09-09 15:06 0 --a------ C:\Windows\System32\tviresource.val

2008-09-09 15:05 . 2008-09-09 15:05 <DIR> d-------- C:\Windows\TweakVI

2008-09-09 15:05 . 2008-09-09 15:06 <DIR> d-------- C:\Program Files\TweakVI

2008-09-08 18:45 . 2008-09-08 18:45 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-09-08 17:48 . 2008-09-08 17:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

2008-09-08 17:42 . 2008-09-08 17:43 <DIR> d-------- C:\Users\Morten\{2b39f295-3bca-48cd-a3d4-5116af1327d5}

2008-09-08 17:41 . 2008-09-08 17:41 <DIR> d-------- C:\Program Files\Windows Mobile-ressurser

2008-09-06 00:21 . 2008-09-06 00:21 <DIR> d-------- C:\Papyrus

2008-09-05 23:00 . 2004-02-27 00:00 962,612 --a------ C:\Windows\System32\mfc42d.dll

2008-09-05 23:00 . 2004-02-17 00:00 434,252 --a------ C:\Windows\System32\MSVCRTD.DLL

2008-09-05 23:00 . 2006-01-10 10:50 24,576 -ra------ C:\Windows\System32\AsIO.dll

2008-09-05 23:00 . 2006-10-18 21:12 12,664 -ra------ C:\Windows\System32\drivers\AsIO.sys

2008-09-05 23:00 . 2006-10-19 03:11 12,096 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys

2008-09-05 23:00 . 2006-10-19 03:11 10,304 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys

2008-09-05 22:25 . 2008-09-05 22:25 1,905 --a------ C:\Windows\diagwrn.xml

2008-09-05 22:25 . 2008-09-05 22:25 1,905 --a------ C:\Windows\diagerr.xml

2008-09-04 23:56 . 2008-09-04 23:56 <DIR> d-------- C:\Users\Morten\AppData\Roaming\BlackBean

2008-09-04 23:53 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-04 23:53 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-09-04 23:53 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-09-04 23:53 . 2008-05-30 14:19 507,400 --a------ C:\Windows\System32\XAudio2_1.dll

2008-09-04 23:53 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-09-04 23:53 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-09-04 23:53 . 2008-05-30 14:18 238,088 --a------ C:\Windows\System32\xactengine3_1.dll

2008-09-04 23:53 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-09-04 23:53 . 2008-05-30 14:17 65,032 --a------ C:\Windows\System32\XAPOFX1_0.dll

2008-09-04 13:58 . 2003-01-17 03:59 1,984 --a------ C:\Windows\System32\drivers\papycpu2.sys

2008-09-04 13:58 . 2003-01-17 03:59 1,856 --a------ C:\Windows\System32\drivers\papyjoy.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-28 18:52 --------- d-----w C:\Program Files\Microsoft Games

2008-08-25 11:14 --------- d-----w C:\Program Files\Windows Sidebar

2008-08-25 11:14 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-08-25 11:14 --------- d-----w C:\Program Files\Windows Mail

2008-08-25 11:14 --------- d-----w C:\Program Files\Windows Defender

2008-08-25 11:14 --------- d-----w C:\Program Files\Windows Calendar

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-12 00:03 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-06-12 00:01 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-06-12 00:01 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-06-12 00:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-06-12 00:01 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini

2008-01-21 02:22 933,888 --sh--r C:\Windows\System32\spvhost.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-08-25 267056]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 24576]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-27 185872]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]

"Printer Driver"="spvhost.exe" [2008-01-21 C:\Windows\System32\spvhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Printer Driver"="spvhost.exe" [2008-01-21 C:\Windows\System32\spvhost.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]

--a------ 2006-07-27 20:39 415744 C:\Program Files\ASUS\AI Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]

--a------ 2006-12-08 15:24 3714048 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{B5888203-B6CE-4CA9-9459-7E895E62E060}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{8611ED33-498A-4D82-B805-3EBDBD6C7691}C:\\program files\\rarmaradio\\rarmaradio.exe"= UDP:C:\program files\rarmaradio\rarmaradio.exe:RarmaRadio

"UDP Query User{BFF5CECA-34DD-41F6-AD56-31F13AA99636}C:\\program files\\rarmaradio\\rarmaradio.exe"= TCP:C:\program files\rarmaradio\rarmaradio.exe:RarmaRadio

"{B8C12F84-FBA2-4571-BD6D-3CA5ED1F1AD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DCEF7D25-C5AF-4B89-8B79-111689157352}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3BD41533-6F3D-4EA7-ABD2-159E7EC095D7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{BBD009F2-CA2E-46BF-81C2-1FA1D86EA8DF}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{362C6180-4EAB-45B8-B177-8EDBFECA7C96}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"TCP Query User{30ECCBA3-BDCA-4885-8522-9EA20F067975}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"UDP Query User{922AFD89-D4A2-45BA-A0D3-A415C529412D}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"TCP Query User{2545D658-DC3D-48AD-B2D0-E354A7E8DDD8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{7A2C5217-455C-445B-B3D8-842513D4B6F7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FA5A3F33-EF4B-4204-9BC0-377E625A4D8D}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps

"UDP Query User{4FD0817F-9C93-498D-B24C-4468EFA8CB9C}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps

"TCP Query User{8DEB26E8-DA92-4FCA-BE1B-10AB55930702}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{67302140-FBC8-4DE4-A5EC-C500C7FACCEF}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{D899EC08-5396-46E3-9AFE-1B7CBC3B44BC}C:\\program files\\warship extreme\\warship.exe"= UDP:C:\program files\warship extreme\warship.exe:CBattle

"UDP Query User{3F9555A1-EC95-4CC7-AD2C-3984E2816169}C:\\program files\\warship extreme\\warship.exe"= TCP:C:\program files\warship extreme\warship.exe:CBattle

"TCP Query User{628423A3-A6BD-485D-9396-6975A391B481}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"UDP Query User{DB29E353-CD9C-4129-9758-A7E72ED2642B}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"TCP Query User{F8EEE503-79C8-408A-AE2B-4BEED592AC4E}C:\\program files\\rarmaradio\\rarmaradio.exe"= UDP:C:\program files\rarmaradio\rarmaradio.exe:RarmaRadio

"UDP Query User{BF96D03C-B695-4323-B084-2C769AD32C66}C:\\program files\\rarmaradio\\rarmaradio.exe"= TCP:C:\program files\rarmaradio\rarmaradio.exe:RarmaRadio

"TCP Query User{CA84391F-42F8-49E6-AAB5-7E16CF3B8EE2}D:\\spill\\xider\\esr\\game.exe"= UDP:D:\spill\xider\esr\game.exe:Game

"UDP Query User{98E60BBF-B5FC-4C63-85EC-4C5325CA3FD4}D:\\spill\\xider\\esr\\game.exe"= TCP:D:\spill\xider\esr\game.exe:Game

"TCP Query User{596CDEF8-36D3-4B05-A329-048968A4EF03}C:\\program files\\microsoft games\\motocross madness 2\\mcm2.exe"= UDP:C:\program files\microsoft games\motocross madness 2\mcm2.exe:Microsoft® Motocross Madness 2

"UDP Query User{2B354A1A-75AB-4A37-B465-3FF96DE95B1A}C:\\program files\\microsoft games\\motocross madness 2\\mcm2.exe"= TCP:C:\program files\microsoft games\motocross madness 2\mcm2.exe:Microsoft® Motocross Madness 2

"TCP Query User{5CB53DD7-B9A4-482E-8EB5-BC868814B33D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{DFF00681-F56A-456D-8985-B65FAA7BB462}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\Groove Games\\LASR\\LASR.exe"= C:\Program Files\Groove Games\LASR\LASR.exe:*:Enabled:LASR

R0 amacpi;Microsoft Away Mode System;C:\Windows\system32\DRIVERS\null.sys [2008-01-21 4608]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]

S3 NPF;Netgroup Packet Filter;C:\Windows\system32\drivers\npf.sys [2008-09-30 42512]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bcba527-786a-11dd-be3b-001d60ce463d}]

\shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5ac5fa-722e-11dd-98d2-806e6f6e6963}]

\shell\AutoRun\command - E:\dvdcheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5ac626-722e-11dd-98d2-001d60ce4097}]

\shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a819ba3d-72ee-11dd-9cfd-001d60ce463d}]

\shell\AutoRun\command - G:\MLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Morten\AppData\Roaming\Mozilla\Firefox\Profiles\j1dh7tn7.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.thepiratebay.org

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 16:03:56

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\nvvsvc.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\brss01a.exe

C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Windows\System32\PnkBstrA.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2008-09-30 16:07:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-30 14:07:26

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 76,732,850,176 byte ledig

291 --- E O F --- 2008-09-19 11:55:24

logg fra Mam:

Malwarebytes' Anti-Malware 1.28

Database versjon: 1224

Windows 6.0.6001 Service Pack 1

30.09.2008 16:13:41

mbam-log-2008-09-30 (16-13-41).txt

Skanntype: Rask Skann

Objekter skannet: 39099

Tid tilbakelagt: 2 minute(s), 9 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert: