Sliten med en treg maskin. Kan noen se på loggene?

mona14 · 1. desember 2008

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:08:08, on 01.12.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Host Process] C:\Users\Lene\svchost.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Comodo\Css\cssdll32.dll,avgrsstx.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 11427 bytes

MBAM

Malwarebytes' Anti-Malware 1.30

Database versjon: 1441

Windows 6.0.6001 Service Pack 1

01.12.2008 19:16:37

mbam-log-2008-12-01 (19-16-37).txt

Skanntype: Rask Skann

Objekter skannet: 50412

Tid tilbakelagt: 3 minute(s), 25 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 8

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

CF

ComboFix 08-12-01.01 - Lene 2008-12-01 21:27:08.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1885 [GMT 1:00]

Kjører fra: c:\users\Lene\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\temp\vtmp2

c:\windows\system32\AutoRun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-01 til 2008-12-01 )))))))))))))))))))))))))))))))))

.

2008-12-01 19:07 . 2008-12-01 19:07 <DIR> d-------- c:\users\Lene\AppData\Roaming\Malwarebytes

2008-12-01 19:07 . 2008-12-01 19:07 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-01 19:07 . 2008-12-01 19:07 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-01 19:07 . 2008-12-01 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-01 19:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-01 19:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-28 11:39 . 2008-11-28 11:39 <DIR> d-------- c:\program files\Imikimi

2008-11-26 00:13 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 00:13 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 00:13 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 00:13 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 00:13 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-19 20:47 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-19 20:47 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-19 20:47 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-19 20:47 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-19 20:47 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-19 20:47 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-19 20:47 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-19 20:47 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-19 20:47 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-12 03:53 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 03:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 03:53 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-11 21:01 . 2008-11-11 21:01 <DIR> d-------- c:\users\All Users\1138C

2008-11-11 21:01 . 2008-11-11 21:01 <DIR> d-------- c:\programdata\1138C

2008-11-11 21:00 . 2008-11-12 11:16 <DIR> d-------- c:\program files\BearShare Applications

2008-11-11 21:00 . 2008-09-25 14:20 483,328 --a------ c:\windows\System32\actskn45.ocx

2008-11-04 07:01 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll

2008-11-04 07:01 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-11-04 07:01 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-11-04 07:01 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-11-04 07:01 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax

2008-11-03 17:55 . 2008-11-03 17:55 <DIR> dr------- c:\windows\System32\config\systemprofile\Music

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 15:57 --------- d-----w c:\users\Lene\AppData\Roaming\LimeWire

2008-11-26 15:47 --------- d-----w c:\program files\LimeWire

2008-11-15 11:45 1,036 ----a-w c:\users\Lene\AppData\Roaming\wklnhst.dat

2008-11-13 02:01 --------- d-----w c:\programdata\Microsoft Help

2008-11-05 13:47 --------- d-----w c:\program files\Google

2008-10-28 18:30 --------- d-----w c:\program files\Incomplete

2008-10-27 06:42 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-10-27 06:42 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys

2008-10-27 06:42 10,520 ----a-w c:\windows\System32\avgrsstx.dll

2008-10-27 06:42 --------- d-----w c:\programdata\avg8

2008-10-27 05:41 147,456 ----a-w c:\users\Lene\vbzip10.dll

2008-10-27 05:37 45,568 ----a-w c:\users\Lene\index.exe

2008-10-26 20:55 --------- d-----w c:\users\Lene\AppData\Roaming\Comodo

2008-10-26 20:55 --------- d-----w c:\programdata\comodo

2008-10-26 20:55 --------- d-----w c:\program files\COMODO

2008-10-26 20:41 --------- d-----w c:\program files\AVG

2008-10-26 18:58 --------- d-----w c:\program files\Java

2008-10-26 18:48 --------- d-----w c:\program files\Common Files\eAcceleration

2008-10-24 19:17 --------- d-----w c:\program files\Euro Truck Simulator 30 Minuten Demo

2008-10-24 19:02 --------- d-----w c:\program files\Yahoo!

2008-10-24 19:02 --------- d-----w c:\program files\Windows Live Toolbar

2008-10-24 07:38 --------- d-----w c:\program files\Sweet Games

2008-10-21 13:19 --------- d---a-w c:\programdata\TEMP

2008-10-15 01:14 --------- d-----w c:\program files\Windows Mail

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-08-31 06:36 174 --sha-w c:\program files\desktop.ini

2008-07-24 15:23 2,402,832 ----a-w c:\users\Gjest\WLinstaller.exe

2008-07-24 13:36 4,898,144 ----a-w c:\users\Gjest\LimeWireWin.exe

2008-07-24 13:34 2,402,832 ----a-w c:\users\Gjest\WLinstallerCAP31W3ECAT71HVPCA2TFO3ECA1PYA1ECAMF4359.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]

"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\Lene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-05 528384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Comodo\Css\cssdll32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{64048293-F327-484A-8412-11F8111BAF31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7C8221AB-6183-4551-96DB-2E400DD0570A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E0663390-50D4-494F-908F-14F22C8DCB99}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{D4C148B6-6294-4575-936B-2C6BEE8D3A6F}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess

"{6A0DC1D7-DC2E-4464-9D3B-2535FFE8AA1A}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess

"{123289ED-3F8A-401F-82D4-69F87EC672A5}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess

"{5C84AC23-D575-436E-9E97-8FAA1D25843C}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine

"{A4B05E83-5A13-49E2-8130-7449D1890B5B}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia

"{B4D2704A-61DB-43F6-95BA-6785EAFF0ECF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect

"{4AAEA8A4-EA8D-4454-94F3-E2532C237638}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service

"{D842B27B-51FD-4185-99C9-00D8D557D6A6}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician

"{AB44F332-5C31-47C6-BA96-F214D30FB2C1}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie

"{D34341DA-1C34-4F75-B163-C9608FCA3656}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program

"{A3DE84E7-6865-4E39-BECD-C0C30B3900CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{F4D63D29-5E99-4176-9B37-A875E0EB9C0A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{FA8411F6-143E-4F04-BB11-0EB221850A7D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{2AA6FE91-7242-47BF-AE83-75D67D0C10FF}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{A749046C-2F94-444F-92AC-01045E005558}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2007-05-05 8192]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080606.003\IDSvix86.sys [2008-06-07 261680]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-05-20 11:44:46 39408]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-05-05 266343]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-27 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-10-27 69128]

S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-05-06 2427392]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2008-07-27 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2008-07-27 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2008-07-27 97088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90

.

- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKCU-Run-Acer Tour Reminder - (no file)

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.sol.no/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://home.sweetim.com

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

c:\windows\Downloaded Program Files\imikimi_cab.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 21:28:39

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(816)

c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(688)

c:\windows\system32\avgrsstx.dll

.

Tidspunkt ferdig: 2008-12-01 21:29:57

ComboFix-quarantined-files.txt 2008-12-01 20:29:54

Pre-Run: 183 799 750 656 byte ledig

Post-Run: 183,903,887,360 byte ledig

211 --- E O F --- 2008-11-27 23:35:44

Endret 2. desember 2008 av mona14

Spirre · 1. desember 2008

vel, du har hatt virus i alle fall. om alt er fjerna vet jeg ikke, da logger ikke er min sterke side.

du kan sjekke med et program som heter spybot search and destroy. det har fjerna bortimot alt av virus jeg har vært borti.

raWrz · 1. desember 2008

tror du at du kan kjøre combofix hvis du ikke har 64 bit?

raWrz · 2. desember 2008

hei

kjenner du til disse mappene?

c:\users\All Users\1138C

c:\programdata\1138C

_______________________________________________________________________

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\users\Gjest\WLinstallerCAP31W3ECAT71HVPCA2TFO3ECA1PYA1ECAMF4359.exe

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

mona14 · 2. desember 2008

Scan taken on 02 Dec 2008 17:40:42 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Sånn? :-)

raWrz · 2. desember 2008

:xmas: kan du skifte filter navn til eks. .Txt istede for .exe og la den bli en stund og slette den etter ca. en uke hvis ingen problemer kommer :xmas:

kjenner du til disse mappene?

c:\users\All Users\1138C

c:\programdata\1138C

mona14 · 2. desember 2008

Filternavn? Hallo, du snakker med en n00b her : o

Neii, tror ikke jeg kjenner til dem nei?

raWrz · 2. desember 2008

fin den fila altså c:\users\Gjest\WLinstallerCAP31W3ECAT71HVPCA2TFO3ECA1PYA1ECAMF4359.exe

skift .exe til .txt hved og høyere klikke - Gi nytt navn

mona14 · 2. desember 2008

Gone : )

raWrz · 2. desember 2008

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

Folder::
c:\users\All Users\1138C
c:\programdata\1138C

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

mona14 · 2. desember 2008

CF

ComboFix 08-12-01.01 - Lene 2008-12-02 19:15:24.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1778 [GMT 1:00]

Kjører fra: c:\users\Lene\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Lene\Desktop\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\1138C

c:\programdata\1138C\{B870CC25-1828-4CD0-873B-C4394E834338}.swf

c:\users\All Users\1138C\{B870CC25-1828-4CD0-873B-C4394E834338}.swf

c:\users\Lene\AppData\Roaming\.#

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-02 til 2008-12-02 )))))))))))))))))))))))))))))))))

.

2008-12-02 10:07 . 2008-12-02 10:07 <DIR> d-------- c:\program files\dizzler