kjenyg Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 Hei! Når jeg klikker meg inn på mappene mine på pcen, dukker det hele tiden opp en advarsel som sier at jeg har virus på pcen!når jeg takker nei til å få hjelp, blir jeg sendt til websiden deres uansett! Noen som har hatt noe lignende på sin pc?noen som kan hjelpe meg? Lenke til kommentar
norbat Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 Kjør gjennom veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poste du her i din egen tråd. Lenke til kommentar
kjenyg Skrevet 9. oktober 2008 Forfatter Del Skrevet 9. oktober 2008 Kjør gjennom veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poste du her i din egen tråd. OK, da har jeg fulgt veiledningen din, og under følger loggene: MALWAREBYTE: Malwarebytes' Anti-Malware 1.28 Database versjon: 1246 Windows 5.1.2600 Service Pack 3 09.10.2008 15:01:46 mbam-log-2008-10-09 (15-01-46).txt Skanntype: Rask Skann Objekter skannet: 42245 Tid tilbakelagt: 3 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 6 Registernøkler infisert: 16 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 19 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\qkvjoqtp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\znfqjr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\awtqRjJa.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bfrdahlt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cxegzp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\msysamd32.dll (Trojan.FakeAlert) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrjja (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{279c6906-fc13-48bb-9625-b562c642a925} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{279c6906-fc13-48bb-9625-b562c642a925} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{56d182b7-c06b-4a37-85f3-a7c018def8a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56d182b7-c06b-4a37-85f3-a7c018def8a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ffddffdd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fffccd.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2230e4d5-369d-4cb6-87c0-186362305c56} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{db608aae-630e-4705-b1a2-b0b0f5dae6cf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9851c584 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo) -> Delete on reboot. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\awtqRjJa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cxegzp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qkvjoqtp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ptqojvkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tvmyriqp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pqirymvt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\znfqjr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bfrdahlt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\msysamd32.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\ftfnksqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lsystipl64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\teohnlll.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trz19.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\khfCtutt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ycufqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully. COMBOFIX ComboFix 08-10-08.04 - Pc 2008-10-09 15:07:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.608 [GMT 2:00] Running from: C:\Documents and Settings\Pc\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Pc\Start-meny\Search Online.url C:\Documents and Settings\Pc\Start-meny\VIP Casino.url C:\WINDOWS\system32\aqdauenu.ini C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\twrqwlrb.ini C:\WINDOWS\system32\vDeLStwa.ini C:\WINDOWS\system32\vDeLStwa.ini2 . ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\Malwarebytes 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-09 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-09 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-09 13:36 . 2008-10-09 13:43 <DIR> dr-h----- C:\Documents and Settings\Pc\Siste 2008-10-09 13:18 . 2008-10-09 13:18 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-08 13:50 . 2008-10-08 13:51 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-10-08 13:43 . 2008-10-08 13:44 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-10-08 13:39 . 2008-10-08 13:39 <DIR> dr-h----- C:\MSOCache 2008-10-08 08:04 . 2008-10-08 08:04 2,473 --a------ C:\WINDOWS\system32\pmmpqlwm.dll 2008-10-07 11:12 . 2008-10-07 11:12 <DIR> d---s---- C:\Documents and Settings\Pc\UserData 2008-10-07 00:42 . 2008-10-07 00:42 <DIR> d-------- C:\Programfiler\Lavasoft 2008-10-07 00:42 . 2008-10-07 00:42 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-07 00:42 . 2008-10-07 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-10-07 00:39 . 2008-10-07 00:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR 2008-10-07 00:39 . 2008-10-07 00:39 <DIR> d-------- C:\Programfiler\Duplicate Finder 2008-10-07 00:39 . 2000-01-18 23:45 69,632 --a------ C:\WINDOWS\system32\CrcCtrl.ocx 2008-10-07 00:36 . 2008-10-07 00:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-07 00:34 . 2008-10-08 12:42 <DIR> d-------- C:\Programfiler\Driver Sweeper 2008-10-06 20:07 . 2008-10-06 20:07 <DIR> d-------- C:\Documents and Settings\Pc\Shared 2008-10-06 20:04 . 2008-10-06 20:15 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\LimeWire 2008-10-06 20:04 . 2008-10-06 20:07 <DIR> d-------- C:\Documents and Settings\Pc\Incomplete 2008-10-06 19:16 . 2008-10-06 19:16 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\vlc 2008-10-06 18:51 . 2008-10-08 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-10-06 18:41 . 2008-10-06 18:41 <DIR> d-------- C:\Programfiler\DAEMON Tools 2008-10-06 18:38 . 2008-10-06 18:38 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-06 18:34 . 2008-10-06 18:34 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\HP 2008-10-06 18:33 . 2008-10-06 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WEBREG 2008-10-06 18:31 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-10-06 18:31 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-10-06 18:30 . 2008-10-06 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hewlett-Packard 2008-10-06 18:30 . 2007-03-30 17:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll 2008-10-06 18:30 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll 2008-10-06 18:30 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-10-06 18:29 . 2007-03-17 18:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll 2008-10-06 18:29 . 2007-03-17 18:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll 2008-10-06 18:29 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll 2008-10-06 18:29 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll 2008-10-06 18:29 . 2007-03-17 18:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll 2008-10-06 18:18 . 2008-10-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HPSSUPPLY 2008-10-06 18:17 . 2008-10-06 18:17 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\HPAppData 2008-10-06 18:10 . 2008-10-06 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP Product Assistant 2008-10-06 18:10 . 2008-10-06 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP 2008-10-06 18:09 . 2008-10-06 18:09 <DIR> d-------- C:\Programfiler\Fellesfiler\HP 2008-10-06 18:07 . 2008-10-06 18:07 <DIR> d-------- C:\Programfiler\Hewlett-Packard 2008-10-06 18:07 . 2008-10-06 18:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-10-06 18:02 . 2008-10-06 18:18 <DIR> d-------- C:\Programfiler\HP 2008-10-06 18:02 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-10-06 18:02 . 2008-04-13 20:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-10-06 18:02 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-10-06 18:02 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-10-06 18:00 . 2008-10-06 18:33 151,881 --a------ C:\WINDOWS\hpoins14.dat 2008-10-06 18:00 . 2007-09-20 03:14 2,000 --------- C:\WINDOWS\hpomdl14.dat 2008-10-06 17:43 . 2008-10-06 17:43 <DIR> d-------- C:\Programfiler\VideoLAN 2008-10-06 17:40 . 2008-10-06 17:40 <DIR> d-------- C:\Programfiler\Alwil Software 2008-10-06 17:38 . 2008-10-06 17:38 <DIR> d-------- C:\Programfiler\LimeWire 2008-10-06 17:30 . 2008-10-06 17:30 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-06 17:22 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-06 16:45 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-06 16:40 . 2008-10-06 16:40 <DIR> d-------- C:\WINDOWS\Sun 2008-10-06 16:38 . 2008-10-06 16:38 <DIR> d-------- C:\Programfiler\Sun 2008-10-06 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-06 16:36 . 2008-10-06 16:38 <DIR> d-------- C:\Programfiler\Java 2008-10-06 16:36 . 2008-10-06 16:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-10-06 16:28 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-10-06 16:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-10-06 16:28 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-10-06 16:28 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-10-06 16:24 . 2008-10-06 16:24 <DIR> d-------- C:\WINDOWS\EHome 2008-10-06 15:50 . 2008-10-06 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab Setup Files 2008-10-06 15:32 . 2008-10-09 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-06 15:32 . 2008-10-06 15:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-06 15:31 . 2008-10-06 15:31 <DIR> d-------- C:\Programfiler\iTunes 2008-10-06 15:31 . 2008-10-06 15:31 <DIR> d-------- C:\Programfiler\iPod 2008-10-06 15:31 . 2008-10-07 09:46 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\Apple Computer 2008-10-06 15:30 . 2008-10-06 15:30 <DIR> d-------- C:\Programfiler\QuickTime 2008-10-06 15:30 . 2008-10-06 15:30 <DIR> d-------- C:\Programfiler\Bonjour 2008-10-06 15:30 . 2008-10-06 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-10-06 15:29 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-10-06 15:16 . 2008-10-06 15:19 <DIR> d-------- C:\Programfiler\BitLord 2008-10-06 15:16 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-10-06 15:10 . 2008-10-06 15:10 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-06 15:02 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-06 15:02 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-06 15:02 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-06 15:02 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-06 15:02 . 2008-10-06 15:02 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-06 15:00 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-10-06 15:00 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-10-06 15:00 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-10-06 14:25 . 2008-10-06 14:26 <DIR> d-------- C:\acerdriver 2008-10-06 14:25 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2008-10-06 14:25 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2008-10-06 14:25 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2008-10-06 14:25 . 2008-04-14 18:23 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-10-06 14:25 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2008-10-06 14:25 . 2008-04-13 20:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys 2008-10-06 14:25 . 2008-04-13 20:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2008-10-06 14:25 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2008-10-06 14:24 . 2008-04-14 18:23 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-10-06 14:24 . 2008-04-14 18:23 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-10-06 14:24 . 2008-04-14 18:22 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-10-06 14:24 . 2008-04-14 18:23 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-10-06 14:24 . 2008-04-14 18:23 28,672 --a------ C:\WINDOWS\system32\vidcap.ax 2008-10-06 14:24 . 2008-04-14 18:23 20,992 --a------ C:\WINDOWS\system32\dshowext.ax 2008-10-06 14:13 . 2008-10-06 14:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2008-10-06 14:13 . 2008-10-06 14:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Acer 2008-10-06 14:13 . 2008-10-06 14:13 <DIR> d-------- C:\Programfiler\CONEXANT 2008-10-06 14:13 . 2008-10-06 14:08 847,392 --a------ C:\WINDOWS\system32\drivers\lv321av.sys 2008-10-06 14:13 . 2008-10-06 14:08 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2008-10-06 14:13 . 2008-10-06 14:08 348,160 --a------ C:\WINDOWS\system\msvcr71.dll 2008-10-06 14:13 . 2008-10-06 14:08 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll 2008-10-06 14:13 . 2008-10-06 14:08 211,744 --a------ C:\WINDOWS\system32\LVUI2.dll 2008-10-06 14:13 . 2008-10-06 14:08 121,632 --a------ C:\WINDOWS\system32\lvcoinst.dll 2008-10-06 14:13 . 2008-10-06 14:08 42,594 --a------ C:\WINDOWS\system32\lvcoinst.ini 2008-10-06 14:13 . 2008-10-06 14:08 7,734 --a------ C:\WINDOWS\system32\Repository.reg 2008-10-06 14:12 . 2008-10-06 14:12 <DIR> d-------- C:\WINDOWS\system32\Lang . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 13:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-06 12:16 45,312 ----a-w C:\WINDOWS\system32\drivers\bcm4sbxp.sys 2008-10-06 12:04 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe 2008-10-06 12:04 86,016 ----a-w C:\WINDOWS\SoundMan.exe 2008-10-06 12:04 69,632 ----a-w C:\WINDOWS\Alcmtr.exe 2008-10-06 12:04 487,424 ----a-w C:\WINDOWS\RtlExUpd.dll 2008-10-06 12:04 4,304,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2008-10-06 12:04 364,544 ----a-w C:\WINDOWS\RtlUpd.exe 2008-10-06 12:04 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe 2008-10-06 12:04 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe 2008-10-06 12:04 2,158,592 ----a-w C:\WINDOWS\MicCal.exe 2008-10-06 12:04 16,248,320 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-10-06 12:03 192,672 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys 2008-10-06 12:02 1,166,972 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys 2008-10-06 12:01 998,656 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-10-06 12:01 721,280 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-10-06 12:01 218,496 ----a-w C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-10-06 12:01 141,392 ----a-w C:\WINDOWS\system32\drivers\HSFProf.cty 2008-10-06 12:01 12,544 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-10-06 11:59 74,752 ----a-w C:\WINDOWS\system32\drivers\ESM7SK.sys 2008-10-06 11:59 61,056 ----a-w C:\WINDOWS\system32\drivers\EMS7SK.sys 2008-10-06 11:59 40,064 ----a-w C:\WINDOWS\system32\drivers\ESD7SK.sys 2008-10-06 11:59 356,352 ----a-w C:\WINDOWS\EMCRI.dll 2008-10-06 11:59 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-10-06 11:57 --------- d-----w C:\Programfiler\Intel 2008-10-06 11:56 147,456 ----a-w C:\WINDOWS\UNINST32.EXE 2008-10-06 11:56 --------- d-----w C:\Programfiler\Launch Manager 2008-10-06 10:27 --------- d-----w C:\Programfiler\DIFX 2008-10-06 10:27 --------- d-----w C:\Documents and Settings\Pc\Programdata\U3 2008-10-06 10:26 --------- d-----w C:\Programfiler\CyberLink 2008-10-06 10:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink 2008-10-06 10:16 --------- d-----w C:\Programfiler\microsoft frontpage 2008-10-06 10:15 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-10-06 10:14 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-10-09 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-10-06 593920] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-10-06 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-10-06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-10-06 118784] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 761946] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2008-10-06 53248] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "RTHDCPL"="RTHDCPL.EXE" [2008-10-06 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2008-10-06 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cxegzp.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 C:\Programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-03-11 21:34 49152 C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 17:35 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2008-10-06 847392] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 30464] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-10-09 13:32] . - - - - ORPHANS REMOVED - - - - BHO-{420C39EA-DA8B-43FA-AEA9-E95B313F9473} - C:\WINDOWS\system32\awtSLeDv.dll MSConfigStartUp-AcerOrbicamRibbon - C:\Programfiler\Acer\OrbiCam10\OrbiCam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Pc\Programdata\Mozilla\Firefox\Profiles\t8qscng5.default\ FF -: plugin - C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 15:11:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe C:\Programfiler\iPod\bin\iPodService.exe C:\DOCUME~1\Pc\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2008-10-09 15:14:01 - machine was rebooted [Pc] ComboFix-quarantined-files.txt 2008-10-09 13:13:54 Pre-Run: 39,975,358,464 byte ledig Post-Run: 39,923,986,432 byte ledig 279 --- E O F --- 2008-10-06 13:22:50 HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:38, on 09.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\igfxext.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Pc\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - AppInit_DLLs: cxegzp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\SrvLnch\SrvLnch.exe -- End of file - 6059 bytes Lenke til kommentar
Bruker-158599 Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 (endret) Kjør gjennom veiledningen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poste du her i din egen tråd. OK, da har jeg fulgt veiledningen din, og under følger loggene: MALWAREBYTE: Malwarebytes' Anti-Malware 1.28 Database versjon: 1246 Windows 5.1.2600 Service Pack 3 09.10.2008 15:01:46 mbam-log-2008-10-09 (15-01-46).txt Skanntype: Rask Skann Objekter skannet: 42245 Tid tilbakelagt: 3 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 6 Registernøkler infisert: 16 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 19 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\qkvjoqtp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\znfqjr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\awtqRjJa.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bfrdahlt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cxegzp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\msysamd32.dll (Trojan.FakeAlert) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrjja (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{279c6906-fc13-48bb-9625-b562c642a925} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{279c6906-fc13-48bb-9625-b562c642a925} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{56d182b7-c06b-4a37-85f3-a7c018def8a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56d182b7-c06b-4a37-85f3-a7c018def8a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ffddffdd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fffccd.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2230e4d5-369d-4cb6-87c0-186362305c56} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{db608aae-630e-4705-b1a2-b0b0f5dae6cf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9851c584 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo) -> Delete on reboot. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\awtqRjJa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cxegzp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qkvjoqtp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ptqojvkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tvmyriqp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pqirymvt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\znfqjr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bfrdahlt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\msysamd32.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\ftfnksqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lsystipl64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\teohnlll.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trz19.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\khfCtutt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ycufqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully. COMBOFIX ComboFix 08-10-08.04 - Pc 2008-10-09 15:07:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.608 [GMT 2:00] Running from: C:\Documents and Settings\Pc\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Pc\Start-meny\Search Online.url C:\Documents and Settings\Pc\Start-meny\VIP Casino.url C:\WINDOWS\system32\aqdauenu.ini C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\twrqwlrb.ini C:\WINDOWS\system32\vDeLStwa.ini C:\WINDOWS\system32\vDeLStwa.ini2 . ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\Malwarebytes 2008-10-09 14:56 . 2008-10-09 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-09 14:56 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-09 14:56 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-09 13:36 . 2008-10-09 13:43 <DIR> dr-h----- C:\Documents and Settings\Pc\Siste 2008-10-09 13:18 . 2008-10-09 13:18 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-08 13:50 . 2008-10-08 13:51 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-10-08 13:43 . 2008-10-08 13:44 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-10-08 13:39 . 2008-10-08 13:39 <DIR> dr-h----- C:\MSOCache 2008-10-08 08:04 . 2008-10-08 08:04 2,473 --a------ C:\WINDOWS\system32\pmmpqlwm.dll 2008-10-07 11:12 . 2008-10-07 11:12 <DIR> d---s---- C:\Documents and Settings\Pc\UserData 2008-10-07 00:42 . 2008-10-07 00:42 <DIR> d-------- C:\Programfiler\Lavasoft 2008-10-07 00:42 . 2008-10-07 00:42 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-07 00:42 . 2008-10-07 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-10-07 00:39 . 2008-10-07 00:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR 2008-10-07 00:39 . 2008-10-07 00:39 <DIR> d-------- C:\Programfiler\Duplicate Finder 2008-10-07 00:39 . 2000-01-18 23:45 69,632 --a------ C:\WINDOWS\system32\CrcCtrl.ocx 2008-10-07 00:36 . 2008-10-07 00:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-07 00:34 . 2008-10-08 12:42 <DIR> d-------- C:\Programfiler\Driver Sweeper 2008-10-06 20:07 . 2008-10-06 20:07 <DIR> d-------- C:\Documents and Settings\Pc\Shared 2008-10-06 20:04 . 2008-10-06 20:15 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\LimeWire 2008-10-06 20:04 . 2008-10-06 20:07 <DIR> d-------- C:\Documents and Settings\Pc\Incomplete 2008-10-06 19:16 . 2008-10-06 19:16 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\vlc 2008-10-06 18:51 . 2008-10-08 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-10-06 18:41 . 2008-10-06 18:41 <DIR> d-------- C:\Programfiler\DAEMON Tools 2008-10-06 18:38 . 2008-10-06 18:38 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-06 18:34 . 2008-10-06 18:34 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\HP 2008-10-06 18:33 . 2008-10-06 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WEBREG 2008-10-06 18:31 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-10-06 18:31 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-10-06 18:30 . 2008-10-06 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hewlett-Packard 2008-10-06 18:30 . 2007-03-30 17:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll 2008-10-06 18:30 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll 2008-10-06 18:30 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-10-06 18:29 . 2007-03-17 18:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll 2008-10-06 18:29 . 2007-03-17 18:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll 2008-10-06 18:29 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll 2008-10-06 18:29 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll 2008-10-06 18:29 . 2007-03-17 18:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll 2008-10-06 18:18 . 2008-10-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HPSSUPPLY 2008-10-06 18:17 . 2008-10-06 18:17 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\HPAppData 2008-10-06 18:10 . 2008-10-06 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP Product Assistant 2008-10-06 18:10 . 2008-10-06 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP 2008-10-06 18:09 . 2008-10-06 18:09 <DIR> d-------- C:\Programfiler\Fellesfiler\HP 2008-10-06 18:07 . 2008-10-06 18:07 <DIR> d-------- C:\Programfiler\Hewlett-Packard 2008-10-06 18:07 . 2008-10-06 18:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-10-06 18:02 . 2008-10-06 18:18 <DIR> d-------- C:\Programfiler\HP 2008-10-06 18:02 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-10-06 18:02 . 2008-04-13 20:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-10-06 18:02 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-10-06 18:02 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-10-06 18:00 . 2008-10-06 18:33 151,881 --a------ C:\WINDOWS\hpoins14.dat 2008-10-06 18:00 . 2007-09-20 03:14 2,000 --------- C:\WINDOWS\hpomdl14.dat 2008-10-06 17:43 . 2008-10-06 17:43 <DIR> d-------- C:\Programfiler\VideoLAN 2008-10-06 17:40 . 2008-10-06 17:40 <DIR> d-------- C:\Programfiler\Alwil Software 2008-10-06 17:38 . 2008-10-06 17:38 <DIR> d-------- C:\Programfiler\LimeWire 2008-10-06 17:30 . 2008-10-06 17:30 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-06 17:22 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-06 16:49 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-06 16:45 . 2008-10-06 16:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-06 16:40 . 2008-10-06 16:40 <DIR> d-------- C:\WINDOWS\Sun 2008-10-06 16:38 . 2008-10-06 16:38 <DIR> d-------- C:\Programfiler\Sun 2008-10-06 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-06 16:36 . 2008-10-06 16:38 <DIR> d-------- C:\Programfiler\Java 2008-10-06 16:36 . 2008-10-06 16:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-10-06 16:28 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-10-06 16:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-10-06 16:28 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-10-06 16:28 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-10-06 16:24 . 2008-10-06 16:24 <DIR> d-------- C:\WINDOWS\EHome 2008-10-06 15:50 . 2008-10-06 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab Setup Files 2008-10-06 15:32 . 2008-10-09 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-06 15:32 . 2008-10-06 15:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-06 15:31 . 2008-10-06 15:31 <DIR> d-------- C:\Programfiler\iTunes 2008-10-06 15:31 . 2008-10-06 15:31 <DIR> d-------- C:\Programfiler\iPod 2008-10-06 15:31 . 2008-10-07 09:46 <DIR> d-------- C:\Documents and Settings\Pc\Programdata\Apple Computer 2008-10-06 15:30 . 2008-10-06 15:30 <DIR> d-------- C:\Programfiler\QuickTime 2008-10-06 15:30 . 2008-10-06 15:30 <DIR> d-------- C:\Programfiler\Bonjour 2008-10-06 15:30 . 2008-10-06 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-10-06 15:29 . 2008-10-06 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-10-06 15:29 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-10-06 15:16 . 2008-10-06 15:19 <DIR> d-------- C:\Programfiler\BitLord 2008-10-06 15:16 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-10-06 15:10 . 2008-10-06 15:10 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-06 15:02 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-06 15:02 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-06 15:02 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-06 15:02 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-06 15:02 . 2008-10-06 15:02 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-06 15:00 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-10-06 15:00 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-10-06 15:00 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-10-06 14:25 . 2008-10-06 14:26 <DIR> d-------- C:\acerdriver 2008-10-06 14:25 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2008-10-06 14:25 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2008-10-06 14:25 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2008-10-06 14:25 . 2008-04-14 18:23 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-10-06 14:25 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2008-10-06 14:25 . 2008-04-13 20:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys 2008-10-06 14:25 . 2008-04-13 20:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2008-10-06 14:25 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2008-10-06 14:24 . 2008-04-14 18:23 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-10-06 14:24 . 2008-04-14 18:23 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-10-06 14:24 . 2008-04-14 18:22 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-10-06 14:24 . 2008-04-14 18:23 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-10-06 14:24 . 2008-04-14 18:23 28,672 --a------ C:\WINDOWS\system32\vidcap.ax 2008-10-06 14:24 . 2008-04-14 18:23 20,992 --a------ C:\WINDOWS\system32\dshowext.ax 2008-10-06 14:13 . 2008-10-06 14:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2008-10-06 14:13 . 2008-10-06 14:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Acer 2008-10-06 14:13 . 2008-10-06 14:13 <DIR> d-------- C:\Programfiler\CONEXANT 2008-10-06 14:13 . 2008-10-06 14:08 847,392 --a------ C:\WINDOWS\system32\drivers\lv321av.sys 2008-10-06 14:13 . 2008-10-06 14:08 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2008-10-06 14:13 . 2008-10-06 14:08 348,160 --a------ C:\WINDOWS\system\msvcr71.dll 2008-10-06 14:13 . 2008-10-06 14:08 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll 2008-10-06 14:13 . 2008-10-06 14:08 211,744 --a------ C:\WINDOWS\system32\LVUI2.dll 2008-10-06 14:13 . 2008-10-06 14:08 121,632 --a------ C:\WINDOWS\system32\lvcoinst.dll 2008-10-06 14:13 . 2008-10-06 14:08 42,594 --a------ C:\WINDOWS\system32\lvcoinst.ini 2008-10-06 14:13 . 2008-10-06 14:08 7,734 --a------ C:\WINDOWS\system32\Repository.reg 2008-10-06 14:12 . 2008-10-06 14:12 <DIR> d-------- C:\WINDOWS\system32\Lang . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 13:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-06 12:16 45,312 ----a-w C:\WINDOWS\system32\drivers\bcm4sbxp.sys 2008-10-06 12:04 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe 2008-10-06 12:04 86,016 ----a-w C:\WINDOWS\SoundMan.exe 2008-10-06 12:04 69,632 ----a-w C:\WINDOWS\Alcmtr.exe 2008-10-06 12:04 487,424 ----a-w C:\WINDOWS\RtlExUpd.dll 2008-10-06 12:04 4,304,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2008-10-06 12:04 364,544 ----a-w C:\WINDOWS\RtlUpd.exe 2008-10-06 12:04 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe 2008-10-06 12:04 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe 2008-10-06 12:04 2,158,592 ----a-w C:\WINDOWS\MicCal.exe 2008-10-06 12:04 16,248,320 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-10-06 12:03 192,672 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys 2008-10-06 12:02 1,166,972 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys 2008-10-06 12:01 998,656 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-10-06 12:01 721,280 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-10-06 12:01 218,496 ----a-w C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-10-06 12:01 141,392 ----a-w C:\WINDOWS\system32\drivers\HSFProf.cty 2008-10-06 12:01 12,544 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-10-06 11:59 74,752 ----a-w C:\WINDOWS\system32\drivers\ESM7SK.sys 2008-10-06 11:59 61,056 ----a-w C:\WINDOWS\system32\drivers\EMS7SK.sys 2008-10-06 11:59 40,064 ----a-w C:\WINDOWS\system32\drivers\ESD7SK.sys 2008-10-06 11:59 356,352 ----a-w C:\WINDOWS\EMCRI.dll 2008-10-06 11:59 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-10-06 11:57 --------- d-----w C:\Programfiler\Intel 2008-10-06 11:56 147,456 ----a-w C:\WINDOWS\UNINST32.EXE 2008-10-06 11:56 --------- d-----w C:\Programfiler\Launch Manager 2008-10-06 10:27 --------- d-----w C:\Programfiler\DIFX 2008-10-06 10:27 --------- d-----w C:\Documents and Settings\Pc\Programdata\U3 2008-10-06 10:26 --------- d-----w C:\Programfiler\CyberLink 2008-10-06 10:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink 2008-10-06 10:16 --------- d-----w C:\Programfiler\microsoft frontpage 2008-10-06 10:15 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-10-06 10:14 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-10-09 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-10-06 593920] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-10-06 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-10-06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-10-06 118784] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 761946] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2008-10-06 53248] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "RTHDCPL"="RTHDCPL.EXE" [2008-10-06 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2008-10-06 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cxegzp.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 C:\Programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-03-11 21:34 49152 C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 17:35 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2008-10-06 847392] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 30464] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-10-09 13:32] . - - - - ORPHANS REMOVED - - - - BHO-{420C39EA-DA8B-43FA-AEA9-E95B313F9473} - C:\WINDOWS\system32\awtSLeDv.dll MSConfigStartUp-AcerOrbicamRibbon - C:\Programfiler\Acer\OrbiCam10\OrbiCam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Pc\Programdata\Mozilla\Firefox\Profiles\t8qscng5.default\ FF -: plugin - C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 15:11:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe C:\Programfiler\iPod\bin\iPodService.exe C:\DOCUME~1\Pc\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2008-10-09 15:14:01 - machine was rebooted [Pc] ComboFix-quarantined-files.txt 2008-10-09 13:13:54 Pre-Run: 39,975,358,464 byte ledig Post-Run: 39,923,986,432 byte ledig 279 --- E O F --- 2008-10-06 13:22:50 HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:38, on 09.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\igfxext.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Pc\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pc\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - AppInit_DLLs: cxegzp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\SrvLnch\SrvLnch.exe -- End of file - 6059 bytes Jeg ser at Mbam tok noe. Edit sorry norbat. Det er du som hjelper, ikke meg Endret 30. juli 2010 av riskake90 Lenke til kommentar
snippsat Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 (endret) Jeg ser at Mbam tok noe. Du trenger ikke quote alle loggene kjenyg. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\pmmpqlwm.dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Endret 9. oktober 2008 av SNIPPSAT Lenke til kommentar
Bruker-158599 Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 (endret) Jeg ser at Mbam tok noe. Du trenger ikke quote alle loggene kjenyg. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\pmmpqlwm.dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Den er grei, men har så lite å gjøre nå så, så jeg denne posten Det er jo nesten ingen som poster emner her lenger. Har ikke vært det på 2 dager. Endret 30. juli 2010 av riskake90 Lenke til kommentar
r2d290 Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 Offtopic (svar til -smash): Aktiviteten kommer og går. Noen dager er det over 20 nye problemer, andre dager er det få. Hadde vært interessant å se statestikk over dette, over uker, måneder og år). Du kan jo bli medlem på andre it-forum også, så får du kanskje litt mer å gjøre Lenke til kommentar
Bruker-158599 Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 Offtopic (svar til -smash): Aktiviteten kommer og går. Noen dager er det over 20 nye problemer, andre dager er det få. Hadde vært interessant å se statestikk over dette, over uker, måneder og år). Du kan jo bli medlem på andre it-forum også, så får du kanskje litt mer å gjøre Har tenkt til det , men har ikke opplevd at det har vært så få emner før. Har bare vært medlem i 1/2 år Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå