Virus blokerer internett?

[eUnaas]

Jeg har aldri vært særlig plaget av virus. Min holdning har vært at om jeg lar virusene være, plager dem meg ikke heller. Men når begynner jeg å slite litt her.

 

-Internett blir på en eller annen måte blokert etter en stund. Når maskinen får en reboot, virker alt som det skal igjen. Jeg mistenker at bare enkelte porter blir blokert. F,eks så virker nettradio, selv om ingen internettsider virker.

 

Symptomer:

 

-Ekstremt mange programmer krasjer når jeg prøver å gjøre dem, eller lukke dem.

 

-Minnepenner har begynnt å viste seg som mapper, istede for "harddsik ikoner"

 

-MSN har blitt blokkert, fordi pcen min prøvde å logge på x antall tusen ganger i løpet av kort tid.

 

Jeg har avg virus scann, Ad-aware, og har prøvd å gjøre noen internett virus scannere. Men jeg har mistet litt av tilliten til disse programmene nå, for i blandt virker det som de finner noen slemme filer her og der, i blandt får jeg spørsmål om å fjerne dem, andre ganger ikke. Noenganger finner de bare filer på andre scann osv...

 

Noen som har noen tips?

[r2d290]

Følg veiledningen som er linket til i øverste link i signaturen min. Post loggene her

[eUnaas]

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 14

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 7

 

...Så noe er nok ikke riktig nei.

[Tosha0007]

post heile loggen er du snill. I tillegg ta med ein Combofix logg

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes

Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.

 

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

Endret 24. november 2008 av tosha0007

[eUnaas]

Så, dere klarer å lese fornuft ut av loggene?

 

ComboFix

 

ComboFix 08-11-23.02 - eUnaas 2008-11-24 19:05:00.1 - NTFSx86

Microsoft Windows XP Professional [GMT 1:00]

Running from: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML

c:\windows\system32\EeKkkUvw.ini

c:\windows\system32\EeKkkUvw.ini2

c:\windows\system32\jpsmspbk.ini

c:\windows\system32\lsprst7.dll

c:\windows\system32\oolpdony.ini

c:\windows\system32\ruqxxnls.ini

c:\windows\system32\ssprs.dll

E:\install.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))

.

 

2008-11-24 18:54 . 2008-11-24 19:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 18:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0

2008-11-23 02:42 . 2006-03-06 05:10 1,232,896 --a------ c:\windows\system32\WibuKe32.cpl

2008-11-23 02:42 . 2006-03-06 05:10 573,440 --a------ c:\windows\system32\wibuKJni.dll

2008-11-23 02:42 . 2006-03-06 05:11 507,904 --a------ c:\windows\system32\WibuXpm4J32.dll

2008-11-23 02:42 . 2005-07-25 04:01 356,352 --a------ c:\windows\system32\WkExt32.dll

2008-11-23 02:42 . 2006-03-06 05:10 139,264 --a------ c:\windows\system32\WkWin32.dll

2008-11-23 02:42 . 2006-03-06 05:10 72,192 --a------ c:\windows\system32\drivers\WibuKey.sys

2008-11-23 02:42 . 2000-10-18 02:00 57,552 --a------ c:\windows\system32\WkDos.exe

2008-11-23 02:42 . 2006-03-06 05:10 54,336 --a------ c:\windows\system\WkWin.dll

2008-11-23 02:42 . 2004-09-02 03:10 17,408 --a------ c:\windows\system32\drivers\Wibukey2.sys

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBUKEY

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group

2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts

2008-11-17 01:35 . 2008-11-20 23:21 6,656 --a------ c:\documents and settings\eUnaas\planet.exe

2008-11-14 19:30 . 2008-11-14 19:30 244 --ah----- C:\sqmnoopt03.sqm

2008-11-14 19:30 . 2008-11-14 19:30 232 --ah----- C:\sqmdata03.sqm

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\Fellesfiler\BinarySense

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\BinarySense

2008-11-08 00:11 . 2008-11-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\ALM

2008-11-08 00:05 . 2008-11-08 00:05 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-11-06 23:08 . 2008-11-06 23:09 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Autodesk

2008-11-06 23:00 . 2008-11-06 23:00 <DIR> d-------- c:\programfiler\turbo squid tentacles

2008-11-06 22:57 . 2008-11-06 22:57 231 --a------ c:\windows\system32\3dsmax.ini

2008-11-06 22:57 . 2008-11-06 22:57 43 --a------ c:\windows\system32\InstallSettings.ini

2008-11-06 22:56 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Fellesfiler\Autodesk Shared

2008-11-06 22:55 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Autodesk

2008-11-06 22:55 . 2008-11-12 09:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\Autodesk

2008-11-06 22:54 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll

2008-11-06 22:54 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2008-11-06 22:54 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2008-11-06 22:54 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll

2008-11-06 22:54 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll

2008-11-05 05:32 . 2008-11-05 05:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Minnetonka Audio Software

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\sysprs7.tgz

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\sysprs7.dll

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\clauth2.dll

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\clauth1.dll

2008-11-05 05:32 . 2008-11-05 05:32 219 --a------ c:\windows\system32\lsprst7.tgz

2008-11-05 05:32 . 2008-11-05 05:32 87 --a------ c:\windows\system32\ssprs.tgz

2008-11-05 04:51 . 2008-11-05 04:51 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\vlc

2008-11-03 01:23 . 2008-11-03 01:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\TSplines

2008-11-03 01:17 . 2008-11-03 01:17 <DIR> d-------- c:\documents and settings\All Users\Programdata\ASGvis

2008-11-03 01:17 . 2008-05-27 08:34 200,704 --a------ c:\windows\system32\BongoSDK.10.v40.dll

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\All Users\Programdata\InstallShield

2008-11-03 01:15 . 2005-08-11 17:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl

2008-11-03 01:14 . 2008-11-24 19:08 <DIR> d-------- c:\programfiler\T-Splines for Rhino

2008-11-02 21:47 . 2008-11-02 21:50 <DIR> d-------- c:\programfiler\Flamingo 1.1

2008-11-02 21:28 . 2008-11-02 21:31 <DIR> d-------- c:\programfiler\Rhinoceros 3.0

2008-11-02 21:28 . 2008-11-02 21:28 <DIR> d-------- c:\programfiler\Common Files

2008-11-02 21:28 . 2006-03-31 09:39 724,992 --a------ c:\windows\system32\RhinoShExt.dll

2008-11-01 01:34 . 2008-11-01 01:34 <DIR> d-------- c:\programfiler\MagicDisc

2008-11-01 01:34 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys

2008-10-31 18:02 . 2008-10-31 20:09 <DIR> d-------- c:\programfiler\AV Vcs 6.0 DIAMOND

2008-10-31 14:35 . 2008-10-31 14:37 <DIR> d-------- C:\vcs5core

2008-10-31 14:35 . 2008-11-01 00:36 <DIR> d-------- C:\vcs5BGEffects

2008-10-31 14:35 . 2008-10-31 14:35 <DIR> d-------- C:\AV_LOGS

2008-10-31 14:22 . 2008-10-31 14:22 <DIR> d-------- c:\programfiler\Audacity

2008-10-26 00:29 . 2008-10-26 00:29 <DIR> d-------- c:\programfiler\Symbian

2008-10-26 00:27 . 2008-10-26 00:40 <DIR> d-------- c:\programfiler\Sony Ericsson

2008-10-26 00:27 . 2008-10-26 00:29 <DIR> d-------- c:\programfiler\Fellesfiler\Sony Ericsson Shared

2008-10-26 00:27 . 2008-10-26 00:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Teleca

2008-10-26 00:23 . 2008-10-26 00:23 244 --ah----- C:\sqmnoopt02.sqm

2008-10-26 00:23 . 2008-10-26 00:23 232 --ah----- C:\sqmdata02.sqm

2008-10-26 00:21 . 2008-10-26 00:21 244 --ah----- C:\sqmnoopt01.sqm

2008-10-26 00:21 . 2008-10-26 00:21 232 --ah----- C:\sqmdata01.sqm

2008-10-25 19:35 . 2008-11-05 04:45 <DIR> d-------- c:\programfiler\K-Lite Codec Pack

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss

2008-11-23 01:39 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent

2008-11-22 18:45 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP

2008-11-11 17:35 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-11-07 23:09 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip

2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel

2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0

2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen

2008-10-29 15:06 --------- d-----w c:\programfiler\Google

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat

2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008

2008-10-21 22:13 27,136 ----a-w c:\windows\~GLH0000.TMP

2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro

2008-10-18 08:05 --------- d-----w c:\programfiler\Java

2008-10-16 22:17 --------- d-----w c:\programfiler\Namebadge

2008-10-14 21:12 --------- d-----w c:\programfiler\iTunes

2008-10-14 21:12 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-14 21:11 --------- d-----w c:\programfiler\iPod

2008-10-12 12:09 --------- d-----w c:\programfiler\Fellesfiler\McNeel Shared

2008-10-08 23:28 --------- d-----w c:\programfiler\Imagenomic

2008-10-05 00:15 --------- d-----w c:\programfiler\Universal Extractor

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-09-28 21:19 --------- d-----w c:\documents and settings\eUnaas\Programdata\TeamViewer

2008-09-28 20:33 --------- d-----w c:\programfiler\TeamViewer3

2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll

2008-09-08 15:51 737,280 ----a-w c:\windows\iun6002.exe

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"UltraMon"="c:\programfiler\UltraMon\UltraMon.exe" [2006-10-12 304640]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928]

R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]

R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848]

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-21 32000]

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264]

S4 hpt3xx;hpt3xx; []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{CDA0AA86-BEFD-4F6C-A25F-0E4269610EC4} - c:\windows\system32\wvUkkKeE.dll

HKCU-Run-AdobeBridge - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\

FF -: plugin - c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll

FF -: plugin - c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 19:10:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(664)

c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\rundll32.exe

c:\programfiler\BinarySense\HDDTemp4\HDDtemp4.exe

c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

c:\programfiler\Fellesfiler\Teleca Shared\logger.exe

c:\programfiler\Fellesfiler\Teleca Shared\Generic.exe

c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

c:\programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\searchprotocolhost.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\windows\system32\searchfilterhost.exe

.

**************************************************************************

.

Completion time: 2008-11-24 19:15:18 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-24 18:15:15

 

Pre-Run: 24 049 782 784 byte ledig

Post-Run: 28,335,828,992 byte ledig

 

296 --- E O F --- 2008-06-26 01:00:48[/code]

 

Malwarebytes

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 5.1.2600 Service Pack 3

 

24.11.2008 19:03:24

mbam-log-2008-11-24 (19-03-24).txt

 

Skanntype: Rask Skann

Objekter skannet: 62337

Tid tilbakelagt: 6 minute(s), 12 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 14

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20e59ca2-78b0-4431-bfd0-d8b5adfc0056} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdwqjd (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20e59ca2-78b0-4431-bfd0-d8b5adfc0056} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd54da38-8979-4cb4-9c01-43f644e6e894} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fd54da38-8979-4cb4-9c01-43f644e6e894} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20e59ca2-78b0-4431-bfd0-d8b5adfc0056} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20e59ca2-78b0-4431-bfd0-d8b5adfc0056} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5cc57b96 (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

 

Filer infisert:

C:\WINDOWS\system32\ljJDWQJd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pwogmn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

 

Endret 25. november 2008 av eunaas

[r2d290]

Så, dere klarer å lese fornuft ut av loggene?

Ja, det er liksom det vi er her for

 

Legg merke til at alle instruksjonene som blir gitt i denne tråden er skreddersydd for denne maskinen, og at verktøyene som blir brukt her, kan forårsake skade på en annen maskin med andre typer infeksjoner.

 

Hvis du tror du har det samme problemet, bør du følge veiledningen til norbat, og poste loggene i en ny tråd.

 

Hallo

 

Mitt navn er r2d290, og jeg skal være med på å hjelpe deg med å fjerne alle infeksjoner du måtte ha på PC-en.

• Det kommer til å bli gitt en rekke instruksjoner som må bli fulgt i den rekkefølgen vi skriver dem i.
   
  
• Hvis det er en instruksjon du ikke forstår, du er usikker på noe, eller det skjer noe uventet, må du ikke gjette/gå videre, men skrive en post på forumet der du spør om det du lurer på.
   
  
• Ikke start flere tråder (hverken her på diskusjon.no eller på andre forum). Dette vil bare forvirre oss som driver support.
   
  
• Det kan hende at opperasjonen vil gå i flere ledd, og det kan hende det tar litt tid før du får svar, men vi gir oss ikke hvis ikke du gjør det.
   
  
• Ikke gi opp og formater PC-en (selvom noen sier at det er det eneste som hjelper). Det er svært usansynlig at man må formatere grunnet virus.
   
  
• I noen tilfeller hender det at tråder går oss hus forbi, så hvis du ikke har fått svar innen 24 timer kan det være lurt å skrive en liten "purre-post" så tråden din havner øverst på lista.
  

Hvis du følger disse instruksjonene, skal vi nok få fikset problemet med maskinen.

Jeg analyserer loggene dine nå, og vil komme tilbake med respons så snart jeg kan...

 

PS: Det kan hende at sikkerhetsprogrammene dine gir advarsler på noen av verktøyene vi ber deg om å bruke.

sikkerhetsprogrammene kan ikke vite om verktøyene har gode eller dårlige hensikter. Verktøyene blir brukt av profesjonelle rundt om i hele verden, så du kan stole på at programmene er trygge.

[r2d290]

P2P Advarsel!

• Viktig Loggene viser at det finnes ett eller fler P2P (Person to Person) fildelingsprogram på maskinen din.
   
  LimeWire
   
  Vær klar over at så lenge du bruker noen form for Peer-to-Peer nettverk for å laste ned filer fra en "uoffisiell" kilde, må du gå ut ifra at maskinen din kan bli infisert.
  Før i tiden ble P2P fildeling regnet som ganske trygt. Dette er ikke lenger tilfelle. Du kan fortsette å bruke P2P på din egen risiko, men husk at dette kan være kilden til din nåværende eller neste infeksjon.
   
  Referanser om risikoen for disse programmene, kan du finne i disse linkene:
   
  http://www.microsoft.com/windows/ie/commun...protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  Se en liste over rene/risikable P2P-programmer her: http://p2p.malwareremoval.com/
   
  Jeg anbefaler at du avinstallerer de nevnte programmene, men valget er ditt. Hvis du velger å fjerne disse programmene, kan du gjøre det fra Kontrollpanel->Legg til/fjern programmer.
   
  Hvis du ønsker å beholde programmet, ber jeg deg om å ikke bruke det før maskinen er ren for malware.
  

 

 

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\windows\system32\WkWin32.dll

c:\windows\system32\drivers\WibuKey.sys

c:\windows\system32\WkDos.exe

c:\documents and settings\eUnaas\planet.exe

c:\windows\system32\drivers\egxkxz_445.set

c:\windows\system32\drivers\biusvhm144.dat

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

 

 

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

 

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

 

File::
c:\windows\~GLH0000.TMP




DirLook::
c:\windows\system32\drivers\hosts

 

Lagre det som CFScript på Skrivebordet

 

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

 

 

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

 

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

[eUnaas]

Det var en litt morrsom scanner. Den Found nothing på alle filene, bortsett fra planet.exe. Hva er det for en fil?

 

 

File: planet.exe

Status:

INFECTED/MALWARE

MD5: 72908156b0025f7ef4ddef1dde224475

Packers detected:

-

Scanner results

Scan taken on 25 Nov 2008 07:22:41 (GMT)

A-Squared

Found Packer.Krunchy.B!IK

AntiVir

Found HEUR/Crypted

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found Packer.Krunchy.B

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

G DATA

Found Packer.Krunchy.B

Ikarus

Found Packer.Krunchy.B

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found W32/Packed_Krunchy.A

Panda Antivirus

Found Trj/Agent.KFR

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Endret 25. november 2008 av eunaas

[eUnaas]

 

ComboFix 08-11-24.01 - eUnaas 2008-11-25 9:28:23.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2172 [GMT 1:00]

Running from: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

Command switches used :: c:\documents and settings\eUnaas\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\windows\~GLH0000.TMP

.

 

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-11-24 18:54 . 2008-11-24 19:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 18:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0

2008-11-23 02:42 . 2006-03-06 05:10 1,232,896 --a------ c:\windows\system32\WibuKe32.cpl

2008-11-23 02:42 . 2006-03-06 05:10 573,440 --a------ c:\windows\system32\wibuKJni.dll

2008-11-23 02:42 . 2006-03-06 05:11 507,904 --a------ c:\windows\system32\WibuXpm4J32.dll

2008-11-23 02:42 . 2005-07-25 04:01 356,352 --a------ c:\windows\system32\WkExt32.dll

2008-11-23 02:42 . 2006-03-06 05:10 139,264 --a------ c:\windows\system32\WkWin32.dll

2008-11-23 02:42 . 2006-03-06 05:10 72,192 --a------ c:\windows\system32\drivers\WibuKey.sys

2008-11-23 02:42 . 2000-10-18 02:00 57,552 --a------ c:\windows\system32\WkDos.exe

2008-11-23 02:42 . 2006-03-06 05:10 54,336 --a------ c:\windows\system\WkWin.dll

2008-11-23 02:42 . 2004-09-02 03:10 17,408 --a------ c:\windows\system32\drivers\Wibukey2.sys

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBUKEY

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group

2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts

2008-11-17 01:35 . 2008-11-20 23:21 6,656 --a------ c:\documents and settings\eUnaas\planet.exe

2008-11-14 19:30 . 2008-11-14 19:30 244 --ah----- C:\sqmnoopt03.sqm

2008-11-14 19:30 . 2008-11-14 19:30 232 --ah----- C:\sqmdata03.sqm

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\Fellesfiler\BinarySense

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\BinarySense

2008-11-08 00:11 . 2008-11-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\ALM

2008-11-08 00:05 . 2008-11-08 00:05 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-11-06 23:08 . 2008-11-06 23:09 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Autodesk

2008-11-06 23:00 . 2008-11-06 23:00 <DIR> d-------- c:\programfiler\turbo squid tentacles

2008-11-06 22:57 . 2008-11-06 22:57 231 --a------ c:\windows\system32\3dsmax.ini

2008-11-06 22:57 . 2008-11-06 22:57 43 --a------ c:\windows\system32\InstallSettings.ini

2008-11-06 22:56 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Fellesfiler\Autodesk Shared

2008-11-06 22:55 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Autodesk

2008-11-06 22:55 . 2008-11-12 09:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\Autodesk

2008-11-06 22:54 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll

2008-11-06 22:54 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2008-11-06 22:54 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2008-11-06 22:54 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll

2008-11-06 22:54 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll

2008-11-05 05:32 . 2008-11-05 05:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Minnetonka Audio Software

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\sysprs7.tgz

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\sysprs7.dll

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\clauth2.dll

2008-11-05 05:32 . 2008-11-05 05:32 1,025 --a------ c:\windows\system32\clauth1.dll

2008-11-05 05:32 . 2008-11-05 05:32 219 --a------ c:\windows\system32\lsprst7.tgz

2008-11-05 05:32 . 2008-11-05 05:32 87 --a------ c:\windows\system32\ssprs.tgz

2008-11-05 04:51 . 2008-11-05 04:51 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\vlc

2008-11-03 01:23 . 2008-11-03 01:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\TSplines

2008-11-03 01:17 . 2008-11-03 01:17 <DIR> d-------- c:\documents and settings\All Users\Programdata\ASGvis

2008-11-03 01:17 . 2008-05-27 08:34 200,704 --a------ c:\windows\system32\BongoSDK.10.v40.dll

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\All Users\Programdata\InstallShield

2008-11-03 01:15 . 2005-08-11 17:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl

2008-11-03 01:14 . 2008-11-24 19:08 <DIR> d-------- c:\programfiler\T-Splines for Rhino

2008-11-02 21:47 . 2008-11-02 21:50 <DIR> d-------- c:\programfiler\Flamingo 1.1

2008-11-02 21:28 . 2008-11-02 21:31 <DIR> d-------- c:\programfiler\Rhinoceros 3.0

2008-11-02 21:28 . 2008-11-02 21:28 <DIR> d-------- c:\programfiler\Common Files

2008-11-02 21:28 . 2006-03-31 09:39 724,992 --a------ c:\windows\system32\RhinoShExt.dll

2008-11-01 01:34 . 2008-11-01 01:34 <DIR> d-------- c:\programfiler\MagicDisc

2008-11-01 01:34 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys

2008-10-31 18:02 . 2008-10-31 20:09 <DIR> d-------- c:\programfiler\AV Vcs 6.0 DIAMOND

2008-10-31 14:35 . 2008-10-31 14:37 <DIR> d-------- C:\vcs5core

2008-10-31 14:35 . 2008-11-01 00:36 <DIR> d-------- C:\vcs5BGEffects

2008-10-31 14:35 . 2008-10-31 14:35 <DIR> d-------- C:\AV_LOGS

2008-10-31 14:22 . 2008-10-31 14:22 <DIR> d-------- c:\programfiler\Audacity

2008-10-26 00:29 . 2008-10-26 00:29 <DIR> d-------- c:\programfiler\Symbian

2008-10-26 00:27 . 2008-10-26 00:40 <DIR> d-------- c:\programfiler\Sony Ericsson

2008-10-26 00:27 . 2008-10-26 00:29 <DIR> d-------- c:\programfiler\Fellesfiler\Sony Ericsson Shared

2008-10-26 00:27 . 2008-10-26 00:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Teleca

2008-10-26 00:23 . 2008-10-26 00:23 244 --ah----- C:\sqmnoopt02.sqm

2008-10-26 00:23 . 2008-10-26 00:23 232 --ah----- C:\sqmdata02.sqm

2008-10-26 00:21 . 2008-10-26 00:21 244 --ah----- C:\sqmnoopt01.sqm

2008-10-26 00:21 . 2008-10-26 00:21 232 --ah----- C:\sqmdata01.sqm

2008-10-25 19:35 . 2008-11-05 04:45 <DIR> d-------- c:\programfiler\K-Lite Codec Pack

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-11-24 23:40 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent

2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss

2008-11-22 18:45 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP

2008-11-07 23:09 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip

2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel

2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0

2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen

2008-10-29 15:06 --------- d-----w c:\programfiler\Google

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat

2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008

2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro

2008-10-18 08:05 --------- d-----w c:\programfiler\Java

2008-10-16 22:17 --------- d-----w c:\programfiler\Namebadge

2008-10-14 21:12 --------- d-----w c:\programfiler\iTunes

2008-10-14 21:12 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-14 21:11 --------- d-----w c:\programfiler\iPod

2008-10-12 12:09 --------- d-----w c:\programfiler\Fellesfiler\McNeel Shared

2008-10-08 23:28 --------- d-----w c:\programfiler\Imagenomic

2008-10-05 00:15 --------- d-----w c:\programfiler\Universal Extractor

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-28 21:19 --------- d-----w c:\documents and settings\eUnaas\Programdata\TeamViewer

2008-09-28 20:33 --------- d-----w c:\programfiler\TeamViewer3

2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-08 15:51 737,280 ----a-w c:\windows\iun6002.exe

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\windows\system32\drivers\hosts ----

 

c:\windows\system32\drivers\hosts\

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"UltraMon"="c:\programfiler\UltraMon\UltraMon.exe" [2006-10-12 304640]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928]

R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]

R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848]

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-21 32000]

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264]

S4 hpt3xx;hpt3xx; []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 09:29:15

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(652)

c:\windows\system32\avgrsstx.dll

c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'lsass.exe'(756)

c:\windows\system32\avgrsstx.dll

.

Completion time: 2008-11-25 9:30:08

ComboFix-quarantined-files.txt 2008-11-25 08:29:46

ComboFix2.txt 2008-11-25 08:24:51

ComboFix3.txt 2008-11-24 18:15:19

 

Pre-Run: 27 264 712 704 byte ledig

Post-Run: 27,249,819,648 byte ledig

 

271 --- E O F --- 2008-11-25 02:08:52

 

Endret 25. november 2008 av eunaas

[raWrz]

kunne du være så snill og skrive [*spoiler] Logg [*/spolier] ? og ikke code? blir så mye scrolling på oss :s (uten * sefølgelig

[r2d290]

Jeg overså noe

 

Kan du scanne denne fila med jotti:

c:\windows\system32\drivers\hosts

 

post deretter resultatet

[eUnaas]

Arhg. Noe er ikke bra hos meg. Hvor mer jeg kjemper for å fjerne Malewaret, jo værre blir det. Jeg har funnet en rekke programmer som har instalert seg helt uten grunn. MSN har blitt kapret igjen. Når jeg kobler til minnepenner, så ser jeg at de blir konstant avlest, osv.

Nå driver jeg til og med å får opp poppup fra IE. Jeg bruker aldri IE. Hvorfor?

Om du ser på bildet, så er det et program som starter i blandt, og jeg tror den har skylden i poppupen om om dagen. Hva er det? Hvorfor klarer jeg ikke å fjerne programmet?

 

Men pcen sliter på mange områder nå. Hva skal jeg gjøre? Jeg har prøvd en rekke antivirus/spyware programmer. Og de finner liksom litt i hytt og gevær. Ved et søk blir alt fjernet, søker jeg igjen finner den alt på nytt. Andre programmer finner ingenting osv osv.

 

Hvor god er WinXp sin brannmur?

[norbat]

Kjør hele veiledningen på nytt.

Post følgende logger: Malwarebytes, Combofix og Hijackthis

[eUnaas]

Ny logg fra: Malwarebytes

 

 

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1466

Windows 5.1.2600 Service Pack 3

 

06.12.2008 13:13:02

mbam-log-2008-12-06 (13-13-02).txt

 

Skanntype: Rask Skann

Objekter skannet: 56011

Tid tilbakelagt: 3 minute(s), 32 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\windg77.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

[eUnaas]

ComboFix logg.

 

-Jeg stusset litt på at Combofix ikke klarte å oppdatere seg selv. Eller, er det kanskje ikke en stå stor nødvendighet?

 

 

ComboFix 08-12-05.06 - eUnaas 2008-12-06 13:17:05.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2124 [GMT 1:00]

Kjører fra: c:\documents and settings\eUnaas\Skrivebord\Litt rot\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\tmpPrst.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-06 til 2008-12-06 )))))))))))))))))))))))))))))))))

.

 

2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll

2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll

2008-12-04 10:49 . 2008-12-04 10:49 14 --a------ c:\windows\system32\tmpPrst.tgz

2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db

2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\programfiler\SUPERAntiSpyware

2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com

2008-12-02 18:56 . 2008-12-02 18:56 25,658 --a------ c:\windows\system32\onbar.exe

2008-12-02 17:19 . 2008-12-02 17:19 110,592 --a------ c:\documents and settings\eUnaas\mir.exe

2008-12-01 18:26 . 2008-12-01 18:26 29,286 --a------ c:\windows\system32\infmgr.exe

2008-12-01 17:09 . 2008-12-01 17:09 34,222 --a------ c:\windows\system32\axmgr.exe

2008-11-30 22:37 . 2008-12-02 17:19 9,216 --a------ c:\documents and settings\eUnaas\docs32.exe

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-11-24 18:54 . 2008-12-06 13:08 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group

2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts

2008-11-17 01:35 . 2008-11-20 23:21 6,656 --a------ c:\documents and settings\eUnaas\planet.exe

2008-11-14 19:30 . 2008-11-14 19:30 244 --ah----- C:\sqmnoopt03.sqm

2008-11-14 19:30 . 2008-11-14 19:30 232 --ah----- C:\sqmdata03.sqm

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\Fellesfiler\BinarySense

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\BinarySense

2008-11-08 00:11 . 2008-11-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\ALM

2008-11-08 00:05 . 2008-11-08 00:05 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-11-06 23:08 . 2008-11-06 23:09 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Autodesk

2008-11-06 23:00 . 2008-11-06 23:00 <DIR> d-------- c:\programfiler\turbo squid tentacles

2008-11-06 22:57 . 2008-11-06 22:57 231 --a------ c:\windows\system32\3dsmax.ini

2008-11-06 22:57 . 2008-11-06 22:57 43 --a------ c:\windows\system32\InstallSettings.ini

2008-11-06 22:56 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Fellesfiler\Autodesk Shared

2008-11-06 22:55 . 2008-11-06 22:58 <DIR> d-------- c:\programfiler\Autodesk

2008-11-06 22:55 . 2008-11-12 09:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\Autodesk

2008-11-06 22:54 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll

2008-11-06 22:54 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2008-11-06 22:54 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2008-11-06 22:54 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll

2008-11-06 22:54 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent

2008-12-03 00:11 --------- d-----w c:\programfiler\T-Splines for Rhino

2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND

2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta

2008-12-02 21:52 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour

2008-12-02 17:16 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP

2008-12-01 21:15 9,216 ----a-w c:\windows\Fonts\docs32.exe

2008-12-01 21:15 110,592 ----a-w c:\windows\Fonts\mir.exe

2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime

2008-11-25 16:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes

2008-11-25 12:15 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss

2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip

2008-11-05 04:32 2,048 ----a-w c:\windows\system32\sysprs7.dll

2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software

2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc

2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack

2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel

2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines

2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis

2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield

2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0

2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1

2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0

2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files

2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc

2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen

2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity

2008-10-29 15:06 --------- d-----w c:\programfiler\Google

2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson

2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat

2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008

2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro

2008-10-18 08:05 --------- d-----w c:\programfiler\Java

2008-10-16 22:17 --------- d-----w c:\programfiler\Namebadge

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-12 12:09 --------- d-----w c:\programfiler\Fellesfiler\McNeel Shared

2008-10-08 23:28 --------- d-----w c:\programfiler\Imagenomic

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-08 15:51 737,280 ----a-w c:\windows\iun6002.exe

2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html

.

 

((((((((((((((((((((((((((((( snapshot_2008-11-25_ 9.24.19,25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-10-26 18:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL

+ 2006-10-27 13:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL

+ 2008-11-25 12:15:52 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe

- 2008-11-25 02:08:04 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-25 16:06:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-11-25 02:08:05 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-25 16:06:13 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-11-25 02:08:04 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-25 16:06:13 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-11-25 02:08:04 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-11-25 16:06:13 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-11-25 02:08:05 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-11-25 16:06:13 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-11-25 02:08:05 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-11-25 16:06:13 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-11-25 02:08:05 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-11-25 16:06:13 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-11-25 02:08:05 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-11-25 16:06:13 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-11-25 02:08:05 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-11-25 16:06:13 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-11-25 02:08:05 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-11-25 16:06:13 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-11-25 02:08:05 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-11-25 16:06:13 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-11-25 02:08:04 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-25 16:06:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-04 12:11:46 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat.exe

+ 2008-12-04 12:11:46 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_3D.exe

+ 2008-12-04 12:11:46 36,294 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_Standard.exe

+ 2008-12-04 12:11:46 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Distiller.exe

+ 2008-12-04 12:11:46 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_ELEMENTS_DT.exe

+ 2008-12-04 12:11:46 335,872 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe

+ 2008-12-02 21:52:27 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-12-02 21:52:27 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2003-10-17 12:44:08 89,088 ----a-r c:\windows\system32\atl71.dll

- 2007-07-30 17:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-09-05 22:30:52 267,304 -c----w c:\windows\system32\dllcache\wgaLogon.dll

+ 2008-09-05 22:30:02 950,824 -c----w c:\windows\system32\dllcache\WgaTray.exe

+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2007-07-30 17:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2007-07-30 17:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

- 2008-04-01 11:23:34 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys

+ 2007-12-10 02:00:00 9,072 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

- 2008-04-01 11:23:34 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys

+ 2007-12-10 02:00:00 9,200 ----a-w c:\windows\system32\drivers\cdralw2k.sys

- 2008-04-01 11:23:36 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys

+ 2008-02-06 02:00:00 44,608 ----a-w c:\windows\system32\drivers\pxhelp20.sys

+ 2008-02-06 14:52:12 68,080 ----a-w c:\windows\system32\drvins64.exe

- 2008-11-25 07:03:35 2,331,240 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-12-05 08:50:27 2,337,712 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-03-20 16:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll

+ 2008-09-05 22:30:06 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll

+ 2004-02-20 15:15:42 40,960 ----a-r c:\windows\system32\MFC71CHS.DLL

+ 2004-02-20 15:15:42 45,056 ----a-r c:\windows\system32\MFC71CHT.DLL

+ 2004-02-20 15:15:42 65,536 ----a-r c:\windows\system32\MFC71DEU.DLL

+ 2003-10-17 12:44:08 57,344 ----a-r c:\windows\system32\MFC71ENU.DLL

+ 2004-02-20 15:15:42 61,440 ----a-r c:\windows\system32\MFC71ESP.DLL

+ 2004-02-20 15:15:42 61,440 ----a-r c:\windows\system32\MFC71FRA.DLL

+ 2004-02-20 15:15:42 61,440 ----a-r c:\windows\system32\MFC71ITA.DLL

+ 2004-02-20 15:15:42 49,152 ----a-r c:\windows\system32\MFC71JPN.DLL

+ 2004-02-20 15:15:42 49,152 ----a-r c:\windows\system32\MFC71KOR.DLL

- 2008-05-29 23:35:11 17,486,968 ----a-w c:\windows\system32\MRT.exe

+ 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe

- 2008-04-01 11:23:34 63,784 ------w c:\windows\system32\pxcpya64.exe

+ 2008-02-06 14:52:20 66,544 ----a-w c:\windows\system32\pxcpya64.exe

- 2008-04-01 11:23:34 118,056 ------w c:\windows\system32\pxcpyi64.exe

+ 2008-02-06 14:52:18 120,304 ----a-w c:\windows\system32\pxcpyi64.exe

- 2008-04-01 11:23:34 64,760 ------w c:\windows\system32\pxinsa64.exe

+ 2008-02-06 14:52:14 65,008 ----a-w c:\windows\system32\pxinsa64.exe

- 2008-04-01 11:23:34 118,520 ------w c:\windows\system32\pxinsi64.exe

+ 2008-02-06 14:52:16 118,256 ----a-w c:\windows\system32\pxinsi64.exe

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

+ 2008-04-07 04:38:06 45,392 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AdobePdf.dll

+ 2008-04-07 04:38:12 22,872 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AdobePDFUI.dll

+ 2008-04-28 04:30:46 29,312 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADREGP.DLL

+ 2008-04-07 04:37:36 193,904 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADUIGP.DLL

- 2006-11-02 02:46:12 728,576 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL

+ 2008-04-14 08:22:20 728,576 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL

- 2006-11-02 02:46:12 543,232 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL

+ 2008-04-14 08:22:20 543,232 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL

+ 2008-09-05 22:30:52 267,304 ------w c:\windows\system32\WgaLogon.dll

+ 2008-09-05 22:30:02 950,824 ------w c:\windows\system32\WgaTray.exe

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"UltraMon"="c:\programfiler\UltraMon\UltraMon.exe" [2006-10-12 304640]

"PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"onbar"="c:\windows\system32\onbar.exe" [2008-12-02 25658]

"Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]

R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848]

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]

R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-21 32000]

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

Toolbar-{0AC9BDBA-280B-4272-A35F-2DE7D9AFD463} - c:\windows\system32\winqg77.dll

WebBrowser-{0AC9BDBA-280B-4272-A35F-2DE7D9AFD463} - c:\windows\system32\winqg77.dll

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll

 

c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB}

hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB

c:\windows\Downloaded Program Files\WCAFLauncher.INF

FireFox -: Profile - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\

FF -: plugin - c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll

FF -: plugin - c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-06 13:19:26

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(652)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Tidspunkt ferdig: 2008-12-06 13:20:25

ComboFix-quarantined-files.txt 2008-12-06 12:20:10

ComboFix2.txt 2008-11-25 08:30:09

ComboFix3.txt 2008-11-25 08:24:51

ComboFix4.txt 2008-11-24 18:15:19

 

Pre-Run: 21 755 846 656 byte ledig

Post-Run: 21,850,714,112 byte ledig

 

389 --- E O F --- 2008-11-25 16:08:27

 

 

[eUnaas]

HijackThis <-Er det riktig at den bruker ca 0.01 sekund på scanne pcen min?

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:51, on 06.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\onbar.exe

C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\MagicDisc\MagicDisc.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe

C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Fellesfiler\Teleca Shared\logger.exe

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\KAPREDENNE.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [onbar] C:\WINDOWS\system32\onbar.exe

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [HDDtemp4] C:\Programfiler\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211386472320

O16 - DPF: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} (WCAFLauncher.Launcher) - https://rootxtra01.hafslund.no/include/laun...CAFLauncher.CAB

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/eUnaas/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg

 

--

End of file - 11567 bytes

 

 

 

Endret 6. desember 2008 av eunaas

[norbat]

Hjt-skannen går på få strakser, ja.

 

Før vi tar noe manuelt, så gjør du følgende:

 

Hent Dr.Web, lagre det på skrivebordet.

 

Kjør drweb-cureit.exe og klikk Start. Det kjøres nå en ekspresskann.

Når dette er ferdig klikker du på Innstillinger -> Endre innstillinger

 

Under fanearket Skann, fjerner du haken ved Heuristic analysis.

Under fanearket Actions/Avgjørelser, skal alle punkt under Malware settes til Endre. Klikk OK

Sett deretter merke framfor Full skann. Du starter skanningne ved å klikke på den 'grønne pila'.

Velg "yes to all" når det finner noe for første gang.

 

Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list".

En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du sammen med en ny Combofix-logg (kjør altså combofix på nytt etter DrWeb)

[eUnaas]

Dr.Web logg:

 

onbar.exe c:\windows\system32 Trojan.DownLoad.3694 Slettet.

docs32.exe C:\Documents and Settings\eUnaas Trojan.Packed.162 Slettet.

ComboFix.exe\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\eUnaas\Skrivebord\Litt rot\ComboFix.exe Program.PsExec.171

ComboFix.exe C:\Documents and Settings\eUnaas\Skrivebord\Litt rot Arkiv inneholder infiserte objekter Flyttet.

A0027702.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP221 Trojan.MulDrop.3941 Slettet.

A0028016.EXE C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP225 Program.PsExec.170 Endret.

A0029023.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP226\A0029023.exe Program.PsExec.171

A0029023.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP226 Arkiv inneholder infiserte objekter Flyttet.

A0031114.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP235 Trojan.Packed.162 Slettet.

A0031116.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP235 Trojan.Packed.162 Slettet.

A0031872.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP242\A0031872.exe Program.PsExec.171

A0031872.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP242 Arkiv inneholder infiserte objekter Flyttet.

A0032041.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Trojan.Packed.162 Slettet.

A0032093.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Trojan.Packed.162 Slettet.

A0032094.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243\A0032094.exe Program.PsExec.171

A0032094.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Arkiv inneholder infiserte objekter Flyttet.

A0032096.exe C:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Trojan.DownLoad.23535 Slettet.

docs32.exe C:\WINDOWS\Fonts Trojan.Packed.162 Slettet.

axmgr.exe C:\WINDOWS\system32 Trojan.DownLoad.3694 Slettet.

infmgr.exe C:\WINDOWS\system32 Trojan.DownLoad.3694 Slettet.

WINDIR.7z\system32/pskill.exe E:\Download\MicroXP-v0.82\$OEM$\INST\ITEMS.exe\WINDIR.7z Tool.Prockill

WINDIR.7z E:\Download\MicroXP-v0.82\$OEM$\INST\ITEMS.exe Arkiv inneholder infiserte objekter

ITEMS.exe E:\Download\MicroXP-v0.82\$OEM$\INST Arkiv inneholder infiserte objekter Flyttet.

WINDIR.7z\system32/pskill.exe E:\Download\MicroXP_v0.82_For.External.USB.DRIVE\MicroXP_v0.82_For.External.USB.DRIVE\$OEM$\INST\ITEMS.exe\WINDIR.7z Tool.Prockill

WINDIR.7z E:\Download\MicroXP_v0.82_For.External.USB.DRIVE\MicroXP_v0.82_For.External.USB.DRIVE\$OEM$\INST\ITEMS.exe Arkiv inneholder infiserte objekter

ITEMS.exe E:\Download\MicroXP_v0.82_For.External.USB.DRIVE\MicroXP_v0.82_For.External.USB.DRIVE\$OEM$\INST Arkiv inneholder infiserte objekter Flyttet.

WINDIR.7z\system32/pskill.exe E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243\A0032101.exe\WINDIR.7z Tool.Prockill

WINDIR.7z E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243\A0032101.exe Arkiv inneholder infiserte objekter

A0032101.exe E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Arkiv inneholder infiserte objekter Flyttet.

WINDIR.7z\system32/pskill.exe E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243\A0032102.exe\WINDIR.7z Tool.Prockill

WINDIR.7z E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243\A0032102.exe Arkiv inneholder infiserte objekter

A0032102.exe E:\System Volume Information\_restore{43B582E6-4B96-496E-BD97-0643E15EF4A6}\RP243 Arkiv inneholder infiserte objekter Flyttet.

 

 

Combofix

 

ComboFix 08-12-06.06 - eUnaas 2008-12-07 19:56:15.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.580 [GMT 1:00]

Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

Command switches brukt :: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))

.

 

2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb

2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files

2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll

2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll

2008-12-04 10:49 . 2008-12-04 10:49 14 --a------ c:\windows\system32\tmpPrst.tgz

2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db

2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\programfiler\SUPERAntiSpyware

2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-11-24 18:54 . 2008-12-06 13:08 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group

2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts

2008-11-17 01:35 . 2008-11-20 23:21 6,656 --a------ c:\documents and settings\eUnaas\planet.exe

2008-11-14 19:30 . 2008-11-14 19:30 244 --ah----- C:\sqmnoopt03.sqm

2008-11-14 19:30 . 2008-11-14 19:30 232 --ah----- C:\sqmdata03.sqm

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\Fellesfiler\BinarySense

2008-11-12 21:43 . 2008-11-12 21:43 <DIR> d-------- c:\programfiler\BinarySense

2008-11-08 00:11 . 2008-11-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\ALM

2008-11-08 00:05 . 2008-11-08 00:05 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent

2008-12-03 00:11 --------- d-----w c:\programfiler\T-Splines for Rhino

2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND

2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta

2008-12-02 21:52 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour

2008-12-02 17:16 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP

2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime

2008-11-25 16:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes

2008-11-25 12:15 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss

2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk

2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk

2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip

2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles

2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared

2008-11-06 21:58 --------- d-----w c:\programfiler\Autodesk

2008-11-05 04:32 2,048 ----a-w c:\windows\system32\sysprs7.dll

2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software

2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc

2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack

2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel

2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines

2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis

2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield

2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0

2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1

2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0

2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files

2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc

2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen

2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity

2008-10-29 15:06 --------- d-----w c:\programfiler\Google

2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson

2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat

2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008

2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro

2008-10-18 08:05 --------- d-----w c:\programfiler\Java

2008-10-16 22:17 --------- d-----w c:\programfiler\Namebadge

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-12 12:09 --------- d-----w c:\programfiler\Fellesfiler\McNeel Shared

2008-10-08 23:28 --------- d-----w c:\programfiler\Imagenomic

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-08 15:51 737,280 ----a-w c:\windows\iun6002.exe

2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"UltraMon"="c:\programfiler\UltraMon\UltraMon.exe" [2006-10-12 304640]

"PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]

R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848]

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]

R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-21 32000]

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll

 

c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB}

hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB

c:\windows\Downloaded Program Files\WCAFLauncher.INF

FireFox -: Profile - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\

FF -: plugin - c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll

FF -: plugin - c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 20:00:14

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(652)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Tidspunkt ferdig: 2008-12-07 20:01:16

ComboFix-quarantined-files.txt 2008-12-07 19:01:05

ComboFix2.txt 2008-12-06 12:20:26

ComboFix3.txt 2008-11-25 08:30:09

ComboFix4.txt 2008-11-25 08:24:51

ComboFix5.txt 2008-12-07 18:55:23

 

Pre-Run: 21 466 791 936 byte ledig

Post-Run: 21,469,995,008 byte ledig

 

277 --- E O F --- 2008-11-25 16:08:27

 

 

[eUnaas]

å herregud. Nå har jeg får jeg noe poppup eller noe, som spiller julesanger med ved hjelp av prompelyder. Aner ikke hvor det kommer fra, men lyd er det hvertfall. Latterlig.

 

Etter at Dr.Web hadde jobbet noen timer, trudde jeg pcen var frist og fin, men neida.

Hva er egnetlig Dr.Web? Har ikke hørt om programmet før.

[ThomasQ]

å herregud. Nå har jeg får jeg noe poppup eller noe, som spiller julesanger med ved hjelp av prompelyder..

 

 

Har du lastet ned noe, mellom skanningene?