[Løst]Får ikke lastet enkelte sider. Trojaner? Malware?

arnold_layne · 26. desember 2008

Jeg har problemet som nevnt i topic. Noen sider laster normalt, men mange ikke i det hele tatt (f.eks finn.no). Det gjelder både for Firefox og IE. Foreløpig har jeg kjørt full AVG scan og slettet noen tracking cookies den fant, men til ingen nytte. Jeg har googlet meg frem til at det antakelig ligger noe rusk litt dypere i OS'et siden de samme sidene ikke vil vises i begge nettleserne.

PC'en er en uke gammel, så det burde ikke være altfor vanskelig å finne det som eventuelt ikke burde være der.

Jeg har lest sticky-veiledningen, men får foreløpig ikke kjørt MBAM fordi download.com er en av sidene som ikke vil laste.

EDIT: Jeg fant nå MBAM på en annen side og er i gang med å kjøre en scan. Poster loggen så snart den er ferdig.

combofix

ComboFix 08-12-26.03 - navn 2008-12-26 23:58:33.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3066.1767 [GMT 1:00]

Kjører fra: c:\users\navn\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

Q:\Autorun.inf

S:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-26 til 2008-12-26 )))))))))))))))))))))))))))))))))

.

2008-12-26 23:37 . 2008-12-26 23:37 <DIR> d-------- c:\program files\Trend Micro

2008-12-26 22:51 . 2008-12-26 22:51 <DIR> d-------- c:\users\navn\AppData\Roaming\Uniblue

2008-12-26 22:51 . 2008-12-26 22:51 <DIR> d--h-c--- c:\users\All Users\{92E7A367-8E12-4830-AA70-29C32E331A81}

2008-12-26 22:51 . 2008-12-26 22:51 <DIR> d--h-c--- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}

2008-12-26 22:51 . 2008-12-26 22:51 <DIR> d-------- c:\program files\Uniblue

2008-12-26 21:56 . 2008-12-26 21:56 <DIR> d-------- c:\users\navn\AppData\Roaming\Kodak

2008-12-26 21:55 . 2008-12-26 21:55 <DIR> d-------- c:\program files\Kodak

2008-12-26 12:29 . 2008-12-26 12:29 <DIR> d-------- c:\program files\Send to SmugMug

2008-12-25 20:37 . 2008-12-26 20:17 <DIR> d-------- c:\users\navn\AppData\Roaming\bibble

2008-12-24 12:30 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll

2008-12-23 20:06 . 2008-12-23 20:14 <DIR> d-------- c:\users\navn\AppData\Roaming\Nikon

2008-12-23 20:06 . 2008-12-23 20:06 <DIR> d-------- c:\users\All Users\Ultima_T15

2008-12-23 20:06 . 2008-12-23 20:06 <DIR> d-------- c:\users\All Users\EnterNHelp

2008-12-23 20:06 . 2008-12-23 20:06 <DIR> d-------- c:\programdata\Ultima_T15

2008-12-23 20:06 . 2008-12-23 20:06 <DIR> d-------- c:\programdata\EnterNHelp

2008-12-23 20:06 . 2008-12-23 20:06 <DIR> d-------- c:\program files\Nikon

2008-12-23 20:06 . 2008-12-23 20:14 <DIR> d-------- c:\program files\Common Files\Nikon

2008-12-23 20:06 . 2008-12-23 20:06 0 --a------ c:\users\All Users\PKP_DLbx.DAT

2008-12-23 20:06 . 2008-12-23 20:06 0 --a------ c:\programdata\PKP_DLbx.DAT

2008-12-23 19:25 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe

2008-12-23 19:24 . 2008-12-23 19:24 <DIR> d-------- c:\program files\Common Files\Bibble Labs

2008-12-23 19:24 . 2008-12-23 19:25 <DIR> d-------- c:\program files\Bibble Labs

2008-12-23 15:11 . 2008-12-23 15:11 <DIR> d-------- c:\users\All Users\FLEXnet

2008-12-23 15:11 . 2008-12-23 15:11 <DIR> d-------- c:\programdata\FLEXnet

2008-12-23 15:11 . 2008-12-23 15:11 <DIR> d-------- c:\program files\Common Files\Macrovision Shared

2008-12-23 15:04 . 2008-12-23 16:15 <DIR> d-------- c:\users\All Users\Adobe

2008-12-23 15:04 . 2008-12-23 16:17 <DIR> d-------- c:\program files\Common Files\Adobe

2008-12-23 11:20 . 2008-12-23 11:24 <DIR> d-------- c:\users\navn\AppData\Roaming\vlc

2008-12-23 11:19 . 2008-12-23 11:19 <DIR> d-------- c:\program files\VideoLAN

2008-12-22 23:40 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll

2008-12-22 23:39 . 2008-12-22 23:39 <DIR> d-------- c:\program files\Microsoft Works

2008-12-22 23:35 . 2008-12-22 23:36 <DIR> d-------- c:\program files\Microsoft Visual Studio 8

2008-12-22 23:32 . 2008-12-22 23:32 <DIR> dr-h----- C:\MSOCache

2008-12-22 23:02 . 2008-12-22 23:02 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2008-12-22 22:59 . 2008-12-22 22:59 <DIR> d-------- c:\windows\System32\IOSUBSYS

2008-12-22 22:59 . 2008-12-23 12:57 <DIR> d-------- c:\program files\Google

2008-12-22 22:17 . 2008-12-22 22:17 <DIR> d-------- C:\swwork

2008-12-22 22:09 . 2008-12-22 22:09 <DIR> d-------- c:\program files\SopCast

2008-12-22 20:57 . 2008-12-22 21:00 <DIR> d-------- c:\users\navn\E-books

2008-12-22 20:48 . 2008-12-22 20:53 <DIR> d-------- c:\users\navn\Programmer

2008-12-22 20:35 . 2008-12-22 20:35 <DIR> d-------- c:\windows\Sun

2008-12-22 20:33 . 2008-12-22 20:33 <DIR> d-------- c:\program files\uTorrent

2008-12-22 20:32 . 2008-12-26 23:28 <DIR> d-------- c:\users\navn\AppData\Roaming\uTorrent

2008-12-22 17:45 . 2008-12-22 18:02 27,934 --a------ c:\users\All Users\nvModes.dat

2008-12-22 17:45 . 2008-12-22 18:02 27,934 --a------ c:\programdata\nvModes.dat

2008-12-22 15:58 . 2008-12-26 22:28 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-12-22 15:58 . 2008-12-22 15:58 <DIR> d-------- c:\users\All Users\avg8

2008-12-22 15:58 . 2008-12-22 15:58 <DIR> d-------- c:\programdata\avg8

2008-12-22 15:58 . 2008-12-22 15:58 <DIR> d-------- c:\program files\AVG

2008-12-22 15:58 . 2008-12-22 15:58 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-12-22 15:58 . 2008-12-22 15:58 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-12-22 15:03 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-22 15:01 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-22 15:00 . 2008-12-22 15:00 <DIR> d-------- c:\program files\MSXML 4.0

2008-12-22 14:57 . 2008-09-18 05:54 3,601,976 --a------ c:\windows\System32\ntkrnlpa.exe

2008-12-22 14:57 . 2008-09-18 05:54 3,549,752 --a------ c:\windows\System32\ntoskrnl.exe

2008-12-22 14:54 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-12-22 14:52 . 2008-12-22 14:52 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-22 14:48 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-12-22 14:48 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-12-22 14:48 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-12-22 14:48 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-12-22 14:48 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-12-22 14:48 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-12-22 14:48 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-12-22 14:47 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-12-22 14:47 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-12-22 14:45 . 2008-12-22 14:45 <DIR> d-------- c:\users\navn\Bluetooth Software

2008-12-22 14:44 . 2008-12-22 14:44 <DIR> dr------- c:\users\navn\Searches

2008-12-22 14:44 . 2008-12-22 14:44 <DIR> dr------- c:\users\navn\Contacts

2008-12-22 14:43 . 2008-12-22 14:43 10 --a------ c:\windows\System32\firstboot.lgl

2008-12-22 14:42 . 2008-12-22 14:44 <DIR> dr------- c:\users\navn\Videos

2008-12-22 14:42 . 2008-12-22 14:44 <DIR> dr------- c:\users\navn\Saved Games

2008-12-22 14:42 . 2008-11-20 21:48 <DIR> d-------- c:\users\navn\Roaming

2008-12-22 14:42 . 2008-12-22 21:31 <DIR> dr------- c:\users\navn\Pictures

2008-12-22 14:42 . 2008-12-22 20:50 <DIR> dr------- c:\users\navn\Music

2008-12-22 14:42 . 2008-12-22 14:44 <DIR> dr------- c:\users\navn\Links

2008-12-22 14:42 . 2008-12-26 23:33 <DIR> dr------- c:\users\navn\Downloads

2008-12-22 14:42 . 2008-12-26 23:57 <DIR> dr------- c:\users\navn\Documents

2008-12-22 14:42 . 2006-11-02 13:37 <DIR> d-------- c:\users\navn\AppData\Roaming\Media Center Programs

2008-12-22 14:42 . 2008-12-22 14:43 <DIR> d--h----- c:\users\navn\AppData

2008-12-22 14:42 . 2008-12-23 15:11 <DIR> d-------- c:\users\navn

2008-12-22 14:42 . 2008-12-22 14:43 <DIR> d-------- c:\program files\Windows Live Toolbar

2008-12-12 22:47 . 2008-12-12 22:47 3,751,995 --a------ c:\windows\System32\GPhotos.scr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-25 12:41 --------- d-----w c:\program files\PCDR5

2008-12-22 22:41 --------- d-----w c:\programdata\Microsoft Help

2008-12-22 22:39 --------- d-----w c:\program files\MSBuild

2008-12-22 14:06 --------- d-----w c:\program files\Windows Mail

2008-12-22 13:52 --------- d-----w c:\program files\Java

2008-12-22 13:43 100 ----a-w c:\windows\system32\drivers\Lenovo_4233_4DG.MRK

2008-12-22 13:43 --------- d-----w c:\program files\Lenovo

2008-12-22 13:43 --------- d-----w c:\program files\Common Files\Lenovo

2008-11-20 21:34 --------- d-----w c:\programdata\NVIDIA

2008-11-20 21:33 --------- d-----w c:\program files\Microsoft Office Suite Activation Assistant

2008-11-20 21:26 --------- d-----w c:\program files\Microsoft Small Business

2008-11-20 21:24 --------- d-----w c:\program files\Microsoft.NET

2008-11-20 21:24 --------- d-----w c:\program files\Microsoft SQL Server

2008-11-20 21:16 --------- d-----w c:\programdata\PC-Doctor

2008-11-20 21:11 --------- d-----w c:\program files\ThinkPad

2008-11-20 21:06 33,536 ----a-w c:\windows\system32\drivers\tvtfilter.sys

2008-11-20 21:05 30,144 ----a-w c:\windows\system32\drivers\psadd.sys

2008-11-20 21:00 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-20 20:59 --------- d-----w c:\program files\InterVideo

2008-11-20 20:59 --------- d-----w c:\program files\Common Files\Java

2008-11-20 20:59 --------- d-----w c:\program files\Common Files\InterVideo

2008-11-20 20:57 --------- d-----w c:\programdata\Lenovo

2008-11-20 20:57 --------- d-----w c:\program files\ThinkVantage

2008-11-20 20:57 --------- d-----w c:\program files\Lenovo Registration

2008-11-20 20:54 --------- d-----w c:\program files\Lenovo Group Limited

2008-11-20 20:50 --------- d-----w c:\program files\Broadcom

2008-11-20 20:48 --------- d-----w c:\programdata\Roaming

2008-11-20 20:48 --------- d-----w c:\programdata\Intel

2008-11-20 20:48 --------- d-----w c:\program files\Intel

2008-11-20 20:48 --------- d-----w c:\program files\Common Files\Intel

2008-11-20 20:48 --------- d-----w c:\program files\Cisco

2008-11-20 20:47 --------- d-----w c:\program files\CONEXANT

2008-11-20 20:45 --------- d-----w c:\program files\Common Files\InstallShield

2008-11-20 20:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-11-20 20:40 --------- d-----w c:\program files\Apoint2K

2008-11-20 20:39 --------- d-----w c:\program files\MLPS

2008-11-20 20:27 625,152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys

2008-11-20 20:27 148,480 ----a-w c:\windows\system32\drivers\nwifi.sys

2008-11-20 20:20 891,448 ----a-w c:\windows\system32\drivers\tcpip.sys

2008-11-20 20:20 72,192 ----a-w c:\windows\system32\drivers\pacer.sys

2008-11-20 20:20 223,288 ----a-w c:\windows\system32\drivers\netio.sys

2008-11-20 20:20 101,432 ----a-w c:\windows\system32\drivers\FWPKCLNT.SYS

2008-11-20 20:18 29,184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS

2008-11-20 20:18 220,160 ----a-w c:\windows\system32\drivers\bthport.sys

2008-11-20 20:17 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys

2008-11-20 20:14 529,464 ----a-w c:\windows\system32\drivers\ndis.sys

2008-11-20 20:14 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-10-13 34352]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]

"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]

"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]

"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]

"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-10-07 16384]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]

"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-08-26 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{97494E87-22A5-4213-A84A-22D471A1791F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{C4A5BC8C-566F-4631-A215-03C5C94AAA1E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3D16A16B-B1A3-4C2A-8376-EFB44999C396}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{ABA834E5-1BD1-4168-BF13-D2B7D37B0FCE}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{469AE9B1-54EB-4DE6-9AC8-B91632907240}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{6B475080-8202-4BB7-8929-793574190CE5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{D0561035-35F8-4AD5-A253-4C90B53840A9}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"{0F480D72-E4FD-4ABE-85FE-74DEBC52E95E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{7AA49F4C-2285-49A9-8D3B-EBA1ADB8EFEF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{9468735E-0A94-413B-AA6A-388E1E35DD3F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{7FE373B3-CB93-47FD-880E-F05AB9F9A7F1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A6B1DDA3-034C-4F01-B98C-3723F8BA3BC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-22 97928]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-20 13480]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-11-20 29736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-11-20 97536]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-11-20 44064]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]

R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\Drivers\vm331avs.sys [2008-11-20 974336]

S1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-25 48192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{459ebcd7-b73a-11dd-8385-001eec9aad3a}]

\shell\AutoRun\command - S:\LenovoSDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1cbf659-b741-11dd-accb-806e6f6e6963}]

\shell\AutoRun\command - Q:\LenovoQDrive.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-26 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 00:03:51

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(1392)

c:\windows\system32\btmmhook.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wlanext.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\progra~1\AVG\AVG8\avgwdsvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Lenovo\HOTKEY\FnF5svc.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\HOTKEY\TPHKSVC.exe

c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\conime.exe

c:\program files\Lenovo\PM Driver\PMHandler.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\ApntEx.exe

c:\windows\System32\rundll32.exe

c:\program files\Lenovo\LenovoCare\LPMGR.EXE

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\Lenovo\Bluetooth Software\BTStackServer.exe

c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

c:\program files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-27 0:11:49 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-26 23:11:37

Pre-Run: 110 733 307 904 byte ledig

Post-Run: 110,315,970,560 byte ledig

287 --- E O F --- 2008-12-26 11:00:21

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:41:51, on 26.12.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Lenovo\PM Driver\PMHandler.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe

C:\Windows\System32\wsqmcons.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\test.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe

O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

På forhånd takk for all hjelp!

Endret 26. desember 2008 av arnold_layne

r2d290 · 27. desember 2008

Altså venter vi på ny MBAM og combofix-logg?

arnold_layne · 27. desember 2008

Her er tre ferske logger kjørt i riktig rekkefølge:

MBAM:

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1550

Windows 6.0.6001 Service Pack 1

27.12.2008 10:59:34

mbam-log-2008-12-27 (10-59-34).txt

Skanntype: Full Skann (C:\|Q:\|S:\|)

Objekter skannet: 171732

Tid tilbakelagt: 2 hour(s), 16 minute(s), 28 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert: