Peppep Skrevet 20. oktober 2008 Del Skrevet 20. oktober 2008 (endret) Hei. Jeg holder på å rense min brors maskin, og forsøker å banke litt fornuft i ham i forhold til å være kritisk til nedlastinger. Det var AVG som reagerte på problemene i utgangspunktet, men programmet klarte tilsynelatende ikke å fjerne det selv. Både MBAM og ComboFix har fjernet en del nå, logger følger. MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.29Database versjon: 1298 Windows 5.1.2600 Service Pack 3 20.10.2008 15:14:55 mbam-log-2008-10-20 (15-14-55).txt Skanntype: Rask Skann Objekter skannet: 52072 Tid tilbakelagt: 4 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 1 Registerverdier infisert: 17 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 17 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c003DD25.dat (Trojan.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003dd25 (Trojan.Vundo) -> Delete on reboot. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1495f94.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1d00d2e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1d01200.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f14dc45.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a58cf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a72a1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f6b3b1c.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f75efb6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f7f60d3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f87949e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f9acd65.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fbbcb80.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fc01f59.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fc02d44.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fc08065.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fd4a159.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fd282a.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\__c003DD25.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\__c0022E1E.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0031972.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0045AD2.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c004D809.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c004E896.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c004F530.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c005E9C0.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00961BA.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c009D640.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00A89F0.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00B4DBF.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00BC7CA.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00CF131.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00D9769.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00DEB5C.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-10-19.04 - JKS 2008-10-20 15:27:23.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.938 [GMT 2:00] Running from: C:\Documents and Settings\JKS\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))))) . 2008-10-20 15:08 . 2008-10-20 15:08 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-20 15:08 . 2008-10-20 15:08 <DIR> d-------- C:\Documents and Settings\JKS\Programdata\Malwarebytes 2008-10-20 15:08 . 2008-10-20 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-20 15:08 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-20 15:08 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-20 15:06 . 2008-10-20 15:06 <DIR> dr-h----- C:\Documents and Settings\JKS\Siste 2008-10-15 18:56 . 2008-08-14 15:27 2,190,976 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 18:56 . 2008-08-14 15:27 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 18:56 . 2008-08-14 15:27 2,067,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 18:56 . 2008-08-14 15:27 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 15:14 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 15:04 . 2008-09-15 17:29 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 13:20 --------- d-----w C:\Documents and Settings\JKS\Programdata\Skype 2008-10-20 13:00 --------- d-----w C:\Programfiler\Opera 2008-10-20 12:53 --------- d-----w C:\Documents and Settings\JKS\Programdata\BitTorrent 2008-10-20 12:50 --------- d-----w C:\Documents and Settings\JKS\Programdata\skypePM 2008-10-20 12:48 --------- d-----w C:\Programfiler\LogMeIn 2008-10-17 18:04 47,640 ----a-w C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-10-15 21:39 --------- d-----w C:\Documents and Settings\JKS\Programdata\LimeWire 2008-10-06 12:46 --------- d-----w C:\Programfiler\EvilLyrics 2008-09-30 14:53 --------- d-----w C:\Documents and Settings\JKS\Programdata\Apple Computer 2008-09-12 22:48 --------- d-----w C:\Programfiler\iTunes 2008-09-12 22:48 --------- d-----w C:\Programfiler\Apple Software Update 2008-09-12 22:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-12 22:47 --------- d-----w C:\Programfiler\iPod 2008-09-12 22:47 --------- d-----w C:\Programfiler\Bonjour 2008-09-12 22:46 --------- d-----w C:\Programfiler\QuickTime 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-01 20:47 --------- d-----w C:\Programfiler\DNA 2008-09-01 20:32 --------- d-----w C:\Programfiler\Lavasoft 2008-09-01 20:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-09-01 20:29 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-30 18:28 --------- d-----w C:\Documents and Settings\JKS\Programdata\DNA 2008-08-29 15:32 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-22 15:57 81 ----a-w C:\CTX.DAT 2008-08-22 15:56 --------- d-----w C:\Programfiler\Citrix 2008-08-22 13:28 --------- d-----w C:\Documents and Settings\SHS\Programdata\AVGTOOLBAR 2008-07-29 21:25 23 ----a-w C:\Documents and Settings\JKS\jagex_runescape_preferences.dat 2007-12-09 02:31 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2005-11-29 14:17 24,848 ----a-w C:\Programfiler\opera\program\plugins\cgpcfg.dll 2005-11-29 14:17 74,000 ----a-w C:\Programfiler\opera\program\plugins\CgpCore.dll 2005-11-29 14:17 45,328 ----a-w C:\Programfiler\opera\program\plugins\icalogon.dll 2005-11-29 14:17 28,944 ----a-w C:\Programfiler\opera\program\plugins\PScript.dll 2005-11-29 14:17 69,904 ----a-w C:\Programfiler\opera\program\plugins\sslsdk_b.dll 2005-11-29 14:17 24,848 ----a-w C:\Programfiler\opera\program\plugins\TcpPServ.dll 2008-06-28 11:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008062820080629\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.EXE" [2008-04-14 1695232] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-09-23 21755688] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 36352] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "itype"="c:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "IntelliPoint"="c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "MBM 5"="C:\Programfiler\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944] "DPAgnt"="C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 807440] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576] "C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe] "AtiPTA"="atiptaxx.exe" [2006-02-22 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 14:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ] 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 20:04 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\CCP\\EVE\\bin\\ExeFile.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programfiler\\Spill\\Warcraft III\\Warcraft III.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 atitray;atitray;C:\Programfiler\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [2006-11-30 14336] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 76040] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-10-17 47640] R3 AR5523;3Com OfficeConnect Wireless 108Mbps 11g USB Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2004-12-31 284224] R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 35584] R3 N100;Compaq Ethernet eller Fast Ethernet-kortdriver;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-10-06 128512] R3 usbdpfp;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360] S3 ATHFMWDL;3Com USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-29 43392] S3 CoolerXPDriver;CoolerXPDriver;C:\Programfiler\MSI\PC Alert 4\NTCooler.sys [2006-08-09 15345] . Contents of the 'Scheduled Tasks' folder 2008-09-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.123spill.no/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JKS\Start-meny\Programmer\IMVU\Run IMVU.lnk O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JKS\Start-meny\Programmer\IMVU\Run IMVU.lnk - O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab C:\WINDOWS\Downloaded Program Files\MSIWDev.inf . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 15:31:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\Programfiler\LogMeIn\x86\ramaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\LogMeIn\x86\LMIGuardian.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\Programfiler\LogMeIn\x86\LMIGuardian.exe C:\Programfiler\Microsoft IntelliPoint\dpupdchk.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-10-20 15:37:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-20 13:37:06 Pre-Run: 16 330 350 592 byte ledig Post-Run: 16,472,924,160 byte ledig 198 --- E O F --- 2008-10-15 22:03:36 HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:44:32, on 20.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\LogMeIn\x86\LMIGuardian.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\Mixer.exe C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\Motherboard Monitor 5\MBM5.EXE C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\LogMeIn\x86\LMIGuardian.exe c:\Programfiler\Microsoft IntelliPoint\dpupdchk.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\MSMSGS.EXE C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\AVG\AVG8\avgui.exe C:\Documents and Settings\JKS\Skrivebord\Sikkerhet og vedlikehold\HJT.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123spill.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [itype] "c:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [MBM 5] "C:\Programfiler\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JKS\Start-meny\Programmer\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe -- End of file - 9539 bytes Endret 20. oktober 2008 av Peppep Lenke til kommentar
norbat Skrevet 20. oktober 2008 Del Skrevet 20. oktober 2008 Ser greit ut dette. Pc kjører ok? Lenke til kommentar
Peppep Skrevet 20. oktober 2008 Forfatter Del Skrevet 20. oktober 2008 Ja, det virker greit så langt. Fjerner ComboFix, takk for hjelpen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå