Har jeg skadelige programmer i maskinen?

Urbanlapp · 15. november 2008

Jeg har fulgt "oppskriften" postet her, og her er loggen til HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:24, on 2008-11-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\OfficeScan NT\ntrtscan.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\OfficeScan NT\tmlisten.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\OfficeScan NT\OfcPfwSvc.exe

C:\WINDOWS\TEMP\QZ820F.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\OfficeScan NT\pccntmon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\MSN Messenger\usnsvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: PowerTech - {4E21EFFE-F0AB-4C0E-A01E-8A60C4690CB8} - http://www.powertech.no/ (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sastud/officescan/console/ClientInstall/WinNTChk.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sastud/officescan/console/ClientInstall/setup.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://sastud/officescan/console/html/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sastud/officescan/console/ClientIns.../RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187686828103

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187687231305

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = studentnett.intern

O17 - HKLM\Software\..\Telephony: DomainName = studentnett.intern

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = studentnett.intern

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = studentnett.intern

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

raWrz · 15. november 2008

kunne du gitt meg COmbofix logg og MBAM logg og ?

r2d290 · 15. november 2008

Altså, først kjører du MBAM, deretter Combofix, og til slutt en ny HijackThis. Viktig at rekkefølgen er som jeg skrev.

Urbanlapp · 15. november 2008

ComboFix 08-11-13.02 - evamhg 2008-11-15 21:25:43.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 1:00]

Running from: c:\documents and settings\evamhg\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))

.

2008-11-15 20:07 . 2008-11-15 20:07 <DIR> d-------- c:\program files\Trend Micro

2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\evamhg\Programdata\Malwarebytes

2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-15 17:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-15 17:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-15 16:55 . 2008-11-15 16:55 118 --a------ c:\windows\system32\MRT.INI

2008-11-15 16:41 . 2008-11-15 16:41 19,085 --a------ c:\documents and settings\All Users\Application Data\edomyqinec.exe

2008-11-15 16:41 . 2008-11-15 16:41 18,791 --a------ c:\windows\xedyqy.ban

2008-11-15 16:41 . 2008-11-15 16:41 18,745 --a------ c:\windows\system32\zomuz.db

2008-11-15 16:41 . 2008-11-15 16:41 18,510 --a------ c:\windows\iluj.vbs

2008-11-15 16:41 . 2008-11-15 16:41 18,238 --a------ c:\program files\Common Files\ytyjyxetu.sys

2008-11-15 16:41 . 2008-11-15 16:41 17,531 --a------ c:\program files\Common Files\ofiro.pif

2008-11-15 16:41 . 2008-11-15 16:41 17,442 --a------ c:\windows\ocyhiwyt.sys

2008-11-15 16:41 . 2008-11-15 16:41 17,322 --a------ c:\documents and settings\evamhg\Programdata\mocimy.sys

2008-11-15 16:41 . 2008-11-15 16:41 15,155 --a------ c:\windows\system32\ucyrixora.lib

2008-11-15 16:41 . 2008-11-15 16:41 14,992 --a------ c:\program files\Common Files\rysoxys.vbs

2008-11-15 16:41 . 2008-11-15 16:41 14,714 --a------ c:\windows\mawuwe.com

2008-11-15 16:41 . 2008-11-15 16:41 13,504 --a------ c:\windows\ylowumu.com

2008-11-15 16:41 . 2008-11-15 16:41 12,247 --a------ c:\windows\abujyrozap.dl

2008-11-15 16:41 . 2008-11-15 16:41 11,467 --a------ c:\documents and settings\evamhg\Programdata\motyva.scr

2008-11-15 16:41 . 2008-11-15 16:41 10,134 --a------ c:\windows\ubyvito.lib

2008-10-25 16:28 . 2008-10-25 16:28 268 --ah----- C:\sqmdata06.sqm

2008-10-25 16:28 . 2008-10-25 16:28 244 --ah----- C:\sqmnoopt06.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-03 11:33 --------- d-----w c:\program files\ICE

2008-09-20 20:39 --------- d-----w c:\documents and settings\evamhg\Programdata\vlc

2008-09-20 20:37 --------- d-----w c:\program files\VideoLAN

2008-08-25 09:29 10,752 ----a-w c:\windows\DCEBoot.exe

2008-08-23 10:50 24,314,424 ----a-w C:\Norman_Malware_Cleaner.exe

2007-12-06 20:55 20,632 ----a-w c:\documents and settings\evamhg\Programdata\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-11-15_18.29.01.79 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-15 17:13:52 71,710 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-15 20:32:44 71,710 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-15 17:13:52 442,192 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-15 20:32:44 442,192 ----a-w c:\windows\system32\perfh009.dat

+ 2007-01-08 19:15:18 176,195 ----a-w c:\windows\temp\BUC623.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2007-01-08 356429]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 24576]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"Btn_Back"= 0 (0x0)

"Btn_Forward"= 0 (0x0)

"Btn_Stop"= 0 (0x0)

"Btn_Refresh"= 0 (0x0)

"Btn_Home"= 0 (0x0)

"Btn_Search"= 0 (0x0)

"Btn_History"= 0 (0x0)

"Btn_Favorites"= 0 (0x0)

"Btn_Folders"= 0 (0x0)

"Btn_Fullscreen"= 0 (0x0)

"Btn_Tools"= 0 (0x0)

"Btn_MailNews"= 0 (0x0)

"Btn_Size"= 0 (0x0)

"Btn_Print"= 0 (0x0)

"Btn_Edit"= 0 (0x0)

"Btn_Discussions"= 0 (0x0)

"Btn_Cut"= 0 (0x0)

"Btn_Copy"= 0 (0x0)

"Btn_Paste"= 0 (0x0)

"Btn_Encoding"= 0 (0x0)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-28 28544]

S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2008-10-03 93440]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]

.

Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com

R0 -: HKLM-Main,Start Page = hxxp://www.google.com

R1 -: HKCU-Internet Settings,ProxyOverride = <local>

O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://sastud/officescan/console/html/AtxEnc.cab

c:\windows\Downloaded Program Files\AtxEnc.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 21:42:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\scardsvr.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\officescan nt\NTRtScan.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\officescan nt\TmListen.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\officescan nt\OfcPfwSvc.exe

c:\windows\temp\BUC623.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\hidfind.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2008-11-15 21:44:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-15 20:44:28

ComboFix2.txt 2008-11-15 17:29:27

Pre-Run: 10,548,830,208 bytes free

Post-Run: 10,539,724,800 byte ledig

168 --- E O F --- 2008-11-15 15:55:45

raWrz · 15. november 2008

ta en mbam skann og post ny combofix logg

Urbanlapp · 15. november 2008

Malwarebytes' Anti-Malware 1.30

Database versjon: 1400

Windows 5.1.2600 Service Pack 2

15.11.2008 18:08:08

mbam-log-2008-11-15 (18-08-08).txt

Skanntype: Rask Skann

Objekter skannet: 46733

Tid tilbakelagt: 4 minute(s), 28 second(s)

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 4

Registerverdier infisert: 4

Registerfiler infisert: 0

Mapper infisert: 6

Filer infisert: 21

Minneprosesser infisert:

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00c2b9 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f783b4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Program Files\Antispy (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\AboutBuster (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\CWShredder (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\HSRemove (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\McAfee Avert Stinger (Rogue.AntiSpy) -> Quarantined and deleted successfully.

Filer infisert:

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\flav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\AboutBuster\AboutBuster.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\AboutBuster\AboutBuster.zip (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\AboutBuster\Read Me.rtf (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\CWShredder\cwshredder.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\HSRemove\hsremove.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\McAfee Avert Stinger\stng260.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\Program Files\Antispy\McAfee Avert Stinger\stng260.opt (Rogue.AntiSpy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10542.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\evamhg\Cookies\woqy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Skal scanne på nytt....

raWrz · 15. november 2008

ser at du ikke har et antivirus program. anbefaler STERKT at du får det

finnes bra med gratis alternativ da avira antivir er den beste ( så langt jeg hvet)

avira: http://www.free-av.com/en/download/1/avira..._antivirus.html

finnes også andre som AVG:

http://free.avg.com/download?prd=afe

og Avast:

http://www.avast.com/eng/download-avast-home.html

NB!: husk at du bare kan ha et antivirus program samtidig hvis du har 2 eller mer kan det føre til mye krøll

Endret 15. november 2008 av Submit

Urbanlapp · 15. november 2008

Av en eller annen grunn har virusprogrammet blitt borte..... derfor misstanken om skumle programmer på maskinen...

AVG skal installeres straks..

norbat · 15. november 2008

Vent litt med å installere av-prog. Post combofix-loggen slik at supporten får fjernet malwaren først.

Urbanlapp · 15. november 2008

Malwarebytes' Anti-Malware 1.30

Database versjon: 1400

Windows 5.1.2600 Service Pack 2

2008-11-15 22:48:15

mbam-log-2008-11-15 (22-48-15).txt

Skanntype: Rask Skann

Objekter skannet: 45358

Tid tilbakelagt: 3 minute(s), 53 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

raWrz · 15. november 2008

ny combofix logg ?

Urbanlapp · 15. november 2008

Beklager at det tok litt tid...

ComboFix 08-11-13.02 - evamhg 2008-11-15 23:30:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.572 [GMT 1:00]