Noen som kan skjekke loggene? har gjort alt som står i veilederen

Svampebob · 24. oktober 2008

noen som hadde giddet å ta seg tid til å se gjenom loggene? og se om jeg har noe virus.

MBAM logg

Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 2

23.10.2008 23:26:52

mbam-log-2008-10-23 (23-26-52).txt

Skanntype: Rask Skann

Objekter skannet: 53246

Tid tilbakelagt: 6 minute(s), 13 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 5

Registernøkler infisert: 13

Registerverdier infisert: 4

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 13

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

C:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.

C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\WINDOWS\system32\tuvusqqo.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\iifddDvV.dll (Trojan.Vundo) -> Delete on reboot.

Registernøkler infisert:

HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e9349597-6e81-47f3-b05d-469763764fb7} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdddvv (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e9349597-6e81-47f3-b05d-469763764fb7} (Trojan.Vundo) -> Delete on reboot.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\efcDWQgF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FgQWDcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FgQWDcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gxbouecd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dceuobxg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

C:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.

C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\WINDOWS\service.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvusqqo.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\awtutrrP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGaaWom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifddDvV.dll (Trojan.Vundo) -> Delete on reboot.

Combofix logg

ComboFix 08-10-23.03 - umamir 2008-10-23 23:35:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.445 [GMT 2:00]

Running from: C:\Documents and Settings\umamir\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\admintxt.txt

C:\WINDOWS\Downloaded Program Files\setup.inf

----- BITS: Possible infected sites -----

hxxp://ped-02wsus

.

((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))

.

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Documents and Settings\umamir\Programdata\Malwarebytes

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-23 23:16 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-23 23:16 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-23 23:15 . 2008-10-23 23:15 <DIR> dr-h----- C:\Documents and Settings\umamir\Siste

2008-10-23 23:12 . 2008-10-23 23:12 <DIR> d-------- C:\Programfiler\Trend Micro

2008-10-23 23:12 . 2008-10-23 23:13 <DIR> d-------- C:\Programfiler\CCleaner

2008-10-23 22:50 . 2008-10-23 22:50 33,832 --a------ C:\WINDOWS\system32\tjbzngax.exe

2008-10-23 22:50 . 2008-10-23 22:50 33,832 --a------ C:\WINDOWS\system32\jvlkqngn.exe

2008-10-23 21:11 . 2008-10-23 21:11 <DIR> d--h----- C:\$AVG8.VAULT$

2008-10-23 17:19 . 2008-10-23 22:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-23 17:19 . 2008-10-23 17:19 <DIR> d-------- C:\Programfiler\AVG

2008-10-23 17:19 . 2008-10-23 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-10-23 17:19 . 2008-10-23 17:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-23 17:19 . 2008-10-23 17:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-23 17:12 . 2008-10-23 17:19 8,192 --a------ C:\Documents and Settings\tmp2

2008-10-23 17:12 . 2008-10-23 17:19 8,192 --a------ C:\Documents and Settings\tmp

2008-10-23 16:50 . 2008-10-23 16:50 49,714 --a------ C:\Documents and Settings\umamir\javamon.exe

2008-10-22 20:58 . 2008-10-22 20:58 <DIR> d-------- C:\Documents and Settings\Opplæring\Programdata

2008-10-22 20:58 . 2008-10-23 17:19 <DIR> d-------- C:\Documents and Settings\Opplæring

2008-10-22 11:24 . 2008-10-22 11:24 <DIR> d-------- C:\Documents and Settings\umamir\Programdata\dvdcss

2008-10-21 14:47 . 2008-10-21 14:47 <DIR> d-------- C:\Programfiler\Crocodile Clips

2008-10-20 21:25 . 2008-10-20 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-10-20 17:07 . 2008-10-20 17:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-10-19 20:01 . 2008-10-19 20:01 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-10-15 14:26 . 2008-10-15 14:26 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX

2008-10-15 14:09 . 2008-10-15 14:09 <DIR> d-------- C:\Programfiler\DAEMON Tools Toolbar

2008-10-15 14:09 . 2008-10-15 14:10 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-10-15 12:26 . 2008-10-15 12:26 <DIR> d-------- C:\Documents and Settings\umamir\Programdata\DAEMON Tools

2008-10-15 12:26 . 2008-10-15 12:26 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-10-13 10:22 . 2008-10-13 10:22 <DIR> d-------- C:\Documents and Settings\umamir\Programdata\vlc

2008-10-12 23:18 . 2008-10-12 23:18 <DIR> d-------- C:\Programfiler\VideoLAN

2008-10-12 23:13 . 2008-10-12 23:13 <DIR> d-------- C:\Programfiler\Combined Community Codec Pack

2008-10-06 14:16 . 2008-10-20 17:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-10-04 20:53 . 2008-10-04 20:53 0 --a------ C:\WINDOWS\iPlayer.INI

2008-09-27 09:40 . 2008-09-27 09:40 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-09-27 09:39 . 2008-09-27 09:40 <DIR> d-------- C:\Programfiler\iTunes

2008-09-27 09:39 . 2008-09-27 09:39 <DIR> d-------- C:\Programfiler\iPod

2008-09-27 09:39 . 2008-09-27 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-27 09:38 . 2008-09-27 09:38 <DIR> d-------- C:\Programfiler\Bonjour

2008-09-27 09:37 . 2008-09-27 09:38 <DIR> d-------- C:\Programfiler\QuickTime

2008-09-23 19:16 . 2008-09-23 19:16 137,728 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 21:06 --------- d-----w C:\Documents and Settings\umamir\Programdata\uTorrent

2008-10-23 15:20 --------- d-----w C:\Programfiler\Norton Security Scan

2008-10-23 15:20 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-10-15 12:18 --------- d-----w C:\Programfiler\EA GAMES

2008-10-14 21:09 --------- d-----w C:\Programfiler\LimeWire

2008-10-14 20:47 --------- d-----w C:\Documents and Settings\umamir\Programdata\LimeWire

2008-10-14 13:55 --------- d-----w C:\Programfiler\Steam

2008-09-24 06:16 --------- d-----w C:\Programfiler\Xfire

2008-09-23 19:16 --------- d-----w C:\Documents and Settings\umamir\Programdata\Xfire

2008-09-23 17:10 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-09-23 14:18 --------- d-----w C:\Programfiler\World of Warcraft

2008-09-20 16:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-09-20 14:36 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-09-19 20:35 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Xfire

2008-09-19 17:26 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-09-18 00:41 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll

2008-09-17 08:06 --------- d-----w C:\Programfiler\Tunatic

2008-09-16 12:22 --------- d-----w C:\Programfiler\Google

2008-09-15 16:40 --------- d-----w C:\Programfiler\PowerISO

2008-09-14 16:19 --------- d-----w C:\Documents and Settings\umamir\Programdata\mIRC

2008-09-14 14:47 --------- d-----w C:\Programfiler\mIRC

2008-09-08 14:00 --------- d-----w C:\Programfiler\Sun

2008-09-08 14:00 --------- d-----w C:\Programfiler\Java

2008-09-08 11:25 --------- d-----w C:\Documents and Settings\umamir\Programdata\Unigraphics Solutions

2008-09-08 11:21 --------- d-----w C:\Programfiler\Solid Edge V20

2008-09-08 11:11 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-09-08 10:43 --------- d-----w C:\Programfiler\FLAC

2008-09-05 22:18 --------- d-----w C:\Programfiler\DivX

2008-09-05 22:18 --------- d-----w C:\Documents and Settings\umamir\Programdata\DivX

2008-09-05 20:41 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-09-05 18:50 --------- d-----w C:\Documents and Settings\umamir\Programdata\Media Player Classic

2008-09-05 17:05 --------- d-----w C:\Documents and Settings\umamir\Programdata\Apple Computer

2008-09-05 17:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-09-05 17:01 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-09-05 17:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-09-05 16:59 --------- d-----w C:\Documents and Settings\umamir\Programdata\FrostWire

2008-09-05 16:54 --------- d-----w C:\Programfiler\FrostWire

2008-09-05 16:54 --------- d-----w C:\Programfiler\AskSBar

2008-09-05 15:45 --------- d-----w C:\Programfiler\Windows Live

2008-09-05 15:39 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-09-05 15:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-09-05 11:18 --------- d-----w C:\Programfiler\uTorrent

2008-09-05 10:38 --------- d-----w C:\Programfiler\Clue

2008-09-05 10:38 --------- d-----w C:\Documents and Settings\umamir\Programdata\Clue

2008-09-05 10:35 --------- d-----w C:\Programfiler\maskin

2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-08-05 22:02 129,784 ------w C:\WINDOWS\system32\PxAFS.DLL

2008-08-05 22:02 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-08-05 22:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll

2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 124928]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 185896]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-23 1234712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\umamir\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=BBBP LA FIX.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]

"Script"=Slett-Filer.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-288002\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-23 97928]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 36608]

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-23 296216]

S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 33024]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}]

\Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb

.

Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-22 C:\WINDOWS\Tasks\Norton Security Scan for umamir.job

- C:\Programfiler\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - ORPHANS REMOVED - - - -

Notify-jkkJBQKd - jkkJBQKd.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\umamir\Programdata\Mozilla\Firefox\Profiles\l63as1fz.default\

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 23:38:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-23 23:41:15

ComboFix-quarantined-files.txt 2008-10-23 21:40:31

Pre-Run: 10 607 067 136 byte ledig

Post-Run: 10,600,230,912 byte ledig

235 --- E O F --- 2008-09-22 15:54:43

Hijack this logg

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44, on 2008-10-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skoleportalen.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ISAFarm:8080/array.dll?Get.Routing.Script

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182858104968

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182934295515

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = hfk.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

--

End of file - 8396 bytes

Tusen takk vis du tar deg tid :love:

r2d290 · 24. oktober 2008

Sånn jeg forstår det, er tmp og tmp2 filer, og ikke mapper. Kan du laste opp filene i virusscan.jotti.org og fortelle hva resultatet blir?

(Hvis jeg tar feil, og dette er mapper, må du si ifra. Si også ifra hvis du ikke finner dem...)

C:\Documents and Settings\tmp2

C:\Documents and Settings\tmp

Sjekk også denne:

C:\Documents and Settings\umamir\javamon.exe

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
C:\WINDOWS\system32\tjbzngax.exe
C:\WINDOWS\system32\jvlkqngn.exe

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

(Rakk ikke å gå gjennom hele loggen enda... ser mer på det etter responsen du gir...)

Endret 24. oktober 2008 av r2d290

Svampebob · 24. oktober 2008

Her er tmp filen

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

her er tmp2

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

kommer med mer seinere

Svampebob · 24. oktober 2008

sorry for dobbelpost, men funket ikke å redigere. Men hvordan lagrer som CfS Script? trykker på lagre som, men finner ikke CFS noe sted.

Tosha0007 · 24. oktober 2008

Start notisblokk (Trykk Start - Alle Programmer - Tilbehør - Notisblokk)

Lim inn teksten i fet under:

File::

C:\WINDOWS\system32\tjbzngax.exe

C:\WINDOWS\system32\jvlkqngn.exe

Velg lagre som.

Kall fila CFScript.txt, altså fyll inn CFSCript foran .txt

OBS! Fila skal lagras på skrivebordet!

Dra CFScript.txt over Combofix, programmet vil starte. (Sjå bilete r2d290 posta viss du er usikker.)

Endret 24. oktober 2008 av tosha0007

r2d290 · 24. oktober 2008

Er vel .txt og ikke .text ? Eller fungerer begge deler?

Men ja, poenget er som tosha0007 sier: du lagrer bare notisbok-dokumentet som et helt vanlig tekstdokument...

Tosha0007 · 24. oktober 2008

beklager veldig :wallbash:

Sånn går det når ein skriv heilt i ørska. Korleis eg har fått det med meg skjønner eg ikkje. Beklager igjen veldig

Går ikkje ann å lagre som .text som tidligare nemd. Det heiter .txt. Sånn går det når ein sitter på hw i skuletida

Endret 24. oktober 2008 av tosha0007

Svampebob · 24. oktober 2008

her er combofix loggen

ComboFix 08-10-23.08 - umamir 2008-10-24 17:06:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.328 [GMT 2:00]

Running from: C:\Documents and Settings\umamir\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\umamir\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

Error: Cfiles.dat

((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))

.

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Documents and Settings\umamir\Programdata\Malwarebytes

2008-10-23 23:16 . 2008-10-23 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-23 23:16 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-23 23:16 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-23 23:15 . 2008-10-24 17:02 <DIR> dr-h----- C:\Documents and Settings\umamir\Siste