Virus blokerer internett?

eUnaas · 9. desember 2008

Nå tar det helt av her. Microsoft Sam driver å snakker. Tydlig at trojanene løper løpsk.

Jeg har ikke lastet ned noe mer. Men puttet inn noen minnepenner og slik, som tja, ja de har nok inneholdt fandenskap.

Så, jeg begynner fra toppen av igjen og scanner meg igjennom. Første runde med SUPERantispyware viste at trojanene hadde formert seg som kaniner det siste halve døgnet...

raWrz · 9. desember 2008

ok la oss kjøre HELE guiden på nytt

først Mbam, så combofix også HJT trojaneren skal bort :xmas:

og vær så snill og ikke last ened noe før vi er ferdige

Endret 9. desember 2008 av Submit

eUnaas · 15. desember 2008

Da gjør jeg et nytt forsøk på å bli kvitt alt. Jeg har den siste uken koktuerlig kjørt diverse scanne programmer. Og alltid fjernet diverse tull. Likevell så kommer problemene tilbake og formerer seg som kaniner. Hvorfor?

Malwarebytes

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1501

Windows 5.1.2600 Service Pack 3

15.12.2008 12:34:40

mbam-log-2008-12-15 (12-34-40).txt

Skanntype: Rask Skann

Objekter skannet: 58227

Tid tilbakelagt: 4 minute(s), 24 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 2

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® System Manager (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\syrmgr.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

eUnaas · 15. desember 2008

ComboFix 08-12-14.04 - eUnaas 2008-12-15 12:49:30.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2070 [GMT 1:00]

Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\tmpPrst.dll

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BNDMSS

-------\Service_BNDMSS

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-15 til 2008-12-15 )))))))))))))))))))))))))))))))))

.

2008-12-14 06:19 . 2008-12-14 06:19 17,920 --a------ c:\documents and settings\eUnaas\cleannt.exe

2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI

2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite

2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia

2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite

2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite

2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia

2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX

2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution

2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia

2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations

2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb

2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files

2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll

2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll

2008-12-04 10:49 . 2008-12-04 10:49 14 --a------ c:\windows\system32\tmpPrst.tgz

2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db

2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware

2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod

2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-11-24 18:54 . 2008-12-15 12:19 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup

2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group

2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts

2008-11-17 01:35 . 2008-11-20 23:21 6,656 --a------ c:\documents and settings\eUnaas\planet.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 03:16 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP

2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino

2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI

2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk

2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2008-12-07 19:13 --------- d-----w c:\programfiler\Java

2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent

2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND

2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta

2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour

2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime

2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes

2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss

2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense

2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense

2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk

2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM

2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR

2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk

2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip

2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles

2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared

2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software

2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc

2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack

2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel

2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines

2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis

2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield

2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0

2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1

2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0

2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files

2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc

2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen

2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity

2008-10-29 15:06 --------- d-----w c:\programfiler\Google

2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson

2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared

2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca

2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set

2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat

2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008

2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro

2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html

.

((((((((((((((((((((((((((((( snapshot_2008-12-06_13.19.54,32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 12:39:50 17,784 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:45:15 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:08:08 17,784 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:08:08 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:08:08 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:44:45 760,696 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:44:52 385,912 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-12-14 01:43:32 77,824 ----a-r c:\windows\Installer\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}\ARPPRODUCTICON.exe

+ 2008-12-10 20:03:08 10,134 ----a-r c:\windows\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe

+ 2008-12-14 01:43:21 77,824 ----a-r c:\windows\Installer\{3A6829EF-0791-4FDD-9382-C690DD0821B9}\ARPPRODUCTICON.exe

- 2008-11-25 16:06:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-12-13 02:05:59 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-11-25 16:06:13 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-12-13 02:05:59 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-11-25 16:06:13 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-12-13 02:05:59 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-11-25 16:06:13 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-12-13 02:05:59 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-11-25 16:06:13 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-12-13 02:05:59 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-11-25 16:06:13 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-12-13 02:05:59 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-11-25 16:06:13 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-12-13 02:05:59 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-11-25 16:06:13 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-12-13 02:05:59 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-11-25 16:06:13 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-12-13 02:05:59 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-11-25 16:06:13 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-12-13 02:05:59 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-11-25 16:06:13 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-12-13 02:05:59 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-11-25 16:06:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-13 02:05:59 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-10 20:02:53 3,262 ----a-r c:\windows\Installer\{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}\ARPPRODUCTICON.exe

+ 2008-12-10 20:03:55 15,086 ----a-r c:\windows\Installer\{D5577624-0626-4C4B-87AA-D966DA1739D6}\ARPPRODUCTICON.exe

+ 2007-03-29 22:00:40 203,264 ----a-r c:\windows\system32\CddbCdda.dll

+ 2008-10-23 12:43:42 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll

- 2004-08-10 23:45:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-10 08:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2008-08-20 05:30:32 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll

+ 2008-10-16 01:02:36 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-20 05:30:28 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll

+ 2008-10-16 01:02:35 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll

- 2008-04-14 07:22:30 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:04:49 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-20 05:30:29 618,496 -c----w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 01:02:36 618,496 -c----w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-20 05:30:29 665,600 -c----w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 01:02:36 665,600 -c----w c:\windows\system32\dllcache\wininet.dll

- 2004-08-10 23:45:04 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll

+ 2008-06-10 10:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-10 10:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

+ 2008-05-07 06:38:20 17,536 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys

+ 2008-05-07 06:38:24 90,624 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll

+ 2008-05-07 06:38:34 659,968 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll

+ 2008-05-07 06:39:22 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll

+ 2008-05-07 06:38:36 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys

+ 2008-06-06 08:24:44 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys

+ 2008-05-07 06:38:20 20,864 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys

+ 2007-09-17 14:53:26 21,632 -c--a-w c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys

+ 2008-05-20 09:37:00 525,824 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll

+ 2008-05-20 09:32:30 831,048 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll

- 2008-12-05 08:50:27 2,337,712 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-12-14 02:14:11 7,231,488 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-04-14 07:22:04 285,184 ----a-w c:\windows\system32\gdi32.dll

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\system32\gdi32.dll

- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-12-07 19:13:52 144,792 ----a-w c:\windows\system32\java.exe

- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-07 19:13:52 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-07 19:13:52 148,888 ----a-w c:\windows\system32\javaws.exe

- 2004-08-10 23:45:04 96,768 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-10 08:17:42 96,768 ----a-w c:\windows\system32\logagent.exe

+ 2008-09-03 18:23:10 235,424 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10.exe

- 2008-03-24 18:21:00 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-09-03 22:55:38 4,478,680 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2008-03-24 18:21:00 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-09-03 22:55:38 233,176 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-05-21 16:11:54 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-12-14 01:43:20 89,100 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-12-14 01:43:32 85,020 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe

+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe

- 2008-08-20 05:30:32 3,088,896 ----a-w c:\windows\system32\mshtml.dll

+ 2008-10-16 01:02:36 3,088,896 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-20 05:30:28 1,499,136 ----a-w c:\windows\system32\shdocvw.dll

+ 2008-10-16 01:02:35 1,499,136 ----a-w c:\windows\system32\shdocvw.dll

- 2008-04-14 07:22:30 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:04:49 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe

- 2008-08-20 05:30:29 618,496 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 01:02:36 618,496 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-20 05:30:29 665,600 ----a-w c:\windows\system32\wininet.dll

+ 2008-10-16 01:02:36 665,600 ----a-w c:\windows\system32\wininet.dll

- 2004-08-10 23:45:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll

+ 2008-06-10 10:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-10 10:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]

"Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]

"PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"=

"c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"skp66.exe"= skp66.exe:BNDMSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704]

R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848]

R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360]

S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys []

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys []

S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200]

S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848]

S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568]

S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll

c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB}

hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB

c:\windows\Downloaded Program Files\WCAFLauncher.INF

FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\

FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll

FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-15 12:52:41

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(656)

c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\rundll32.exe

c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\searchprotocolhost.exe

c:\programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

c:\programfiler\PC Connectivity Solution\ServiceLayer.exe

c:\programfiler\Fellesfiler\Teleca Shared\Generic.exe

c:\programfiler\Fellesfiler\Teleca Shared\logger.exe

c:\programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe

c:\programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

c:\windows\system32\searchfilterhost.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-15 12:58:28 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-15 11:58:24

ComboFix2.txt 2008-12-07 19:01:17

ComboFix3.txt 2008-12-06 12:20:26

ComboFix4.txt 2008-11-25 08:30:09

ComboFix5.txt 2008-12-15 11:44:14

Pre-Run: 14 145 875 968 byte ledig

Post-Run: 14,652,813,312 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

425 --- E O F --- 2008-12-13 02:06:07

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:00:56, on 15.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

C:\Programfiler\MagicDisc\MagicDisc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Fellesfiler\Teleca Shared\logger.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\eUnaas\Skrivebord\slett_test\slett test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [HDDtemp4] C:\Programfiler\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211386472320

O16 - DPF: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} (WCAFLauncher.Launcher) - https://rootxtra01.hafslund.no/include/laun...CAFLauncher.CAB

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/eUnaas/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg

--

End of file - 11908 bytes

raWrz · 15. desember 2008

yep du har noe tull

skal gjøre lekser så skal jeg hjelpe deg :mrgreen:

eUnaas · 15. desember 2008

Hvordan kan jeg ha noe tull nå? Har akrautt scannet pcen med AVG antivirus, Med Trendmicro online scan, med SUPERantispyware, med Maleware anti-malware og AdAware. Jeg har brannmur og AVG er satt opp til å scanne at jeg foretar meg... De har jo drept alt mulig forskjellig. Og likevell er det tull? :/

-Men, takker på forhold for hjelpen jeg får her!

norbat · 15. desember 2008

Bruk utforsker til å finne følgende to filer:

c:\windows\system32\drivers\egxkxz_445.set

c:\windows\system32\drivers\biusvhm144.dat

Endre filendelsen på begge: egxkxz_445.set -> egxkxz_445.set.bak

biusvhm144.dat -> biusvhm144.dat.bak

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

c:\windows\system32\tmpPrst.tgz

c:\documents and settings\eUnaas\planet.exe

FileLook::

c:\documents and settings\eUnaas\cleannt.exe

eUnaas · 15. desember 2008

ComboFix 08-12-14.04 - eUnaas 2008-12-15 18:39:49.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.1901 [GMT 1:00]

Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe

Command switches brukt :: c:\documents and settings\eUnaas\Skrivebord\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

FILE ::

c:\documents and settings\eUnaas\planet.exe

c:\windows\system32\tmpPrst.tgz

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\eUnaas\planet.exe

c:\windows\system32\tmpPrst.tgz

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_BNDMSS

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-15 til 2008-12-15 )))))))))))))))))))))))))))))))))

.

2008-12-15 18:52 . 2008-12-15 14:10 30,720 -r-hs---- c:\windows\system32\bndmss.exe

2008-12-15 18:32 . 2008-12-15 18:32 30,392 --a------ c:\windows\system32\avcenter.exe