kentove91 Skrevet 14. januar 2009 Del Skrevet 14. januar 2009 (endret) Jeg tror jeg har fått virus på pcen. Klarer ikke finne ut hvor det er. Har kjørt scan med avg. den fant 5 ting som var infisert. Men pcen går enda tregt. Hva kan jeg gjøre for og fine og fjerne dette viruset? Endret 14. januar 2009 av kentove91 Lenke til kommentar
Jarmo Skrevet 14. januar 2009 Del Skrevet 14. januar 2009 Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vennligst forsøk å ha dette i tankene neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler. Husk at en god emnetittel skal beskrive eller oppsummere hvilket problem du har - ikke at du har et problem. En god emnetittel skal heller ikke kun bestå av et produktnavn. Bruk -knappen i første post for å endre emnetittelen. (Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men gjerne dette innlegget når tittelen er endret, så vil det bli fjernet..) Lenke til kommentar
Pizzaen Skrevet 14. januar 2009 Del Skrevet 14. januar 2009 Gå igjennom denne veiledningen også poster du loggene i denne tråden også er det bare og vente til noen kommer og ser på de Lenke til kommentar
kentove91 Skrevet 14. januar 2009 Forfatter Del Skrevet 14. januar 2009 Her har dere logger så det holder ComboFix 09-01-13.04 - 19020KEBA 2009-01-14 23:19:04.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.1103 [GMT 1:00] Kjører fra: c:\documents and settings\19020KEBA\Skrivebord\ComboFix.exe AV: AVG *On-access scanning disabled* (Outdated) . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-14 til 2009-01-14 ))))))))))))))))))))))))))))))))) . 2009-01-13 23:53 . 2009-01-14 00:55 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-13 22:50 . 2009-01-13 22:50 74,376 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-13 22:50 . 2009-01-13 22:50 12,424 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-01-13 22:50 . 2009-01-13 22:50 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-13 22:49 . 2009-01-13 23:21 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-13 22:49 . 2009-01-13 22:49 96,520 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-11 20:26 . 2009-01-11 20:26 <DIR> d-------- c:\windows\Peggle Nights Deluxe 2009-01-11 20:26 . 2009-01-13 21:20 <DIR> d-------- c:\programfiler\Peggle Nights Deluxe 2009-01-11 18:46 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Software 2009-01-11 18:44 . 2009-01-11 18:44 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys 2009-01-11 18:43 . 2009-01-11 18:46 <DIR> d-------- c:\programfiler\NCH Software 2009-01-11 18:42 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2009-01-11 18:42 . 2009-01-11 18:44 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\NCH Swift Sound 2009-01-11 18:41 . 2009-01-14 20:40 <DIR> d-------- c:\programfiler\NCH Swift Sound 2009-01-10 16:43 . 2009-01-14 22:35 <DIR> d-------- c:\documents and settings\All Users\Programdata\SearchIn1Step 2009-01-10 16:42 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\USARadioNow 2009-01-10 16:41 . 2009-01-11 18:13 <DIR> d-------- c:\programfiler\speedapps 2009-01-10 16:41 . 2009-01-14 23:08 <DIR> d-------- c:\programfiler\SearchIn1Step 2009-01-10 16:41 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\Free Audio CD Creator 2009-01-10 16:41 . 2009-01-10 16:41 <DIR> d-------- c:\programfiler\Conduit 2009-01-10 16:41 . 2009-01-11 18:40 <DIR> d-------- c:\programfiler\AskBarDis 2009-01-10 16:19 . 2009-01-10 16:19 <DIR> d-------- c:\documents and settings\NetworkService\Skrivebord 2009-01-04 21:30 . 2009-01-04 21:30 268 --ah----- C:\sqmdata03.sqm 2009-01-04 21:30 . 2009-01-04 21:30 244 --ah----- C:\sqmnoopt03.sqm 2008-12-30 02:25 . 2008-12-30 02:27 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\SecondLife 2008-12-29 21:29 . 2008-12-29 21:29 <DIR> d-------- C:\Westwood 2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Pro 2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools 2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2008-12-29 21:16 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Lite 2008-12-29 21:16 . 2008-12-29 21:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-29 20:11 . 2008-12-29 20:59 <DIR> d-------- c:\programfiler\Guild Wars 2008-12-22 01:26 . 2008-12-22 01:26 <DIR> d-------- c:\programfiler\Game Cam V2 2008-12-22 00:56 . 2008-12-22 00:56 <DIR> d-------- C:\Fraps 2008-12-22 00:56 . 2008-12-22 01:23 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2008-12-21 20:01 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-12-21 20:00 . 2008-12-21 20:00 317 --a------ c:\windows\game.ini 2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\programfiler\Activision 2008-12-21 19:38 . 2008-12-21 19:38 <DIR> d--hs---- c:\windows\ftpcache 2008-12-21 17:17 . 2008-12-21 17:17 <DIR> dr-h----- c:\documents and settings\19020KEBA\Programdata\SecuROM 2008-12-21 17:17 . 2008-12-21 17:17 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-21 17:12 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll 2008-12-21 17:12 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll 2008-12-21 17:12 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll 2008-12-21 17:12 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll 2008-12-21 17:12 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll 2008-12-21 17:00 . 2008-12-21 17:00 <DIR> d-------- c:\programfiler\Sierra Entertainment 2008-12-20 15:21 . 2008-12-20 15:21 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-18 09:13 . 2009-01-13 21:20 61 --a------ c:\windows\popcinfot.dat 2008-12-14 21:33 . 2008-12-20 15:13 <DIR> d-------- C:\Games . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 22:11 --------- d-----w c:\programfiler\Steam 2009-01-14 22:07 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-01-14 20:08 --------- d-----w c:\programfiler\u-he 2009-01-13 21:49 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-01-12 19:10 --------- d-----w c:\documents and settings\19020KEBA\Programdata\LimeWire 2009-01-11 17:54 --------- d-----w c:\documents and settings\19020KEBA\Programdata\uTorrent 2008-12-22 00:04 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania 2008-12-21 19:00 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-21 15:54 --------- d-----w c:\programfiler\Counter-Strike 1.6 2008-12-20 14:21 --------- d-----w c:\programfiler\Java 2008-12-16 12:59 --------- d-----w c:\programfiler\StepMania 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-01 09:52 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Unity 2008-12-01 08:50 --------- d-----w c:\programfiler\Unity 2008-11-30 22:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-11-30 15:14 --------- d-----w c:\programfiler\PowerISO 2008-11-29 17:09 --------- d-----w c:\programfiler\LimeWire 2008-11-28 22:35 21,840 ----atw c:\windows\system32\SIntfNT.dll 2008-11-28 22:35 17,212 ----atw c:\windows\system32\SIntf32.dll 2008-11-28 22:35 12,067 ----atw c:\windows\system32\SIntf16.dll 2008-11-24 09:28 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-24 07:54 --------- d-----w c:\programfiler\Bonjour 2008-11-24 07:44 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared 2008-11-23 16:09 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Hamachi 2008-11-21 18:21 --------- d-----w c:\programfiler\Left4Dead 2008-11-21 02:07 --------- d-----w c:\documents and settings\19020KEBA\Programdata\vlc 2008-11-21 00:45 --------- d-----w c:\documents and settings\19020KEBA\Programdata\dvdcss 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-01 12:47 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat 2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008090120080902\index.dat 2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248] "{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600] [HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}] [HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-30 16:18 333192 --a------ c:\programfiler\AskBarDis\bar\bin\askBar1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}] 2009-01-07 13:51 1880600 --a------ c:\programfiler\USARadioNow\tbUSAR.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}] 2008-08-20 23:03 1780248 --a------ c:\programfiler\speedapps\tbspee.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248] "{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar1.dll" [2008-10-30 333192] [HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}] [HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248] "{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600] [HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}] [HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Steam"="c:\programfiler\steam\steam.exe" [2008-10-08 1410296] "Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "PWRISOVM.EXE"="c:\programfiler\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-13 1171712] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] Microsoft Firewall Client Management.lnk - c:\programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=Startup.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-51603\Scripts\Logon\0\0] "Script"=PushPrinterConnections.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Programfiler\\Steam\\steamapps\\kenten911\\counter-strike\\hl.exe"= "c:\\Westwood\\RA2\\game.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-13 12424] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-13 96520] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-01-23 44800] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-13 282904] R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-13 74376] R4 FwcAgent;Firewall Client Agent;c:\programfiler\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832] R4 SearchIn1Step Service;SearchIn1Step Service;c:\documents and settings\All Users\Programdata\SearchIn1Step\searchin1172.exe [2009-01-14 4608] R4 SWIHPWMI;SWIHPWMI;c:\programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384] R4 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-09-17 202768] R4 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-09-17 35856] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-10-13 33024] S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-10-30 90408] S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-10-30 15016] S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-10-30 122024] S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-10-30 115368] S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-10-30 25768] S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-10-30 111784] S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-10-30 117544] S4 Ascdritame;Ascdritame; [x] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.speedapps.com/search.htm uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 10.8.1.2:8080 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\programfiler\Microsoft Firewall Client 2004\FwcWsp.dll c:\windows\Downloaded Program Files\AtxEnc.dll - O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} hxxps://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab FF - ProfilePath - c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\ FF - component: c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\programfiler\Unity\WebPlayer\loader\npUnity3D32.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 23:21:57 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1076) c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-01-14 23:26:06 ComboFix-quarantined-files.txt 2009-01-14 22:24:48 ComboFix2.txt 2008-09-30 20:28:24 Pre-Run: 13,615,697,920 byte ledig Post-Run: 14,791,352,320 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 252 --- E O F --- 2009-01-14 22:07:08 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32, on 2009-01-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programfiler\CDBurnerXP\NMSAccessU.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Documents and Settings\All Users\Programdata\SearchIn1Step\searchin1168.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\ZU57BA.EXE C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\SearchIn1Step\searchin1.exe C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\IEPR.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\19020KEBA\Skrivebord\adobe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speedapps.com/search.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.1.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar1.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar1.dll O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iEPR] C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\IEPR.exe O4 - HKCU\..\Run: [iOmem] C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\iOmem101.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...stall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C.../RemoveCtrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192283903578 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programfiler\CDBurnerXP\NMSAccessU.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: SearchIn1Step Service - Unknown owner - C:\Documents and Settings\All Users\Programdata\SearchIn1Step\searchin1168.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe -- End of file - 11198 bytes Malwarebytes' Anti-Malware 1.28 Database versjon: 1225 Windows 5.1.2600 Service Pack 3 2009-01-14 22:25:09 mbam-log-2009-01-14 (22-25-09).txt Skanntype: Rask Skann Objekter skannet: 56929 Tid tilbakelagt: 56 minute(s), 34 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
kentove91 Skrevet 15. januar 2009 Forfatter Del Skrevet 15. januar 2009 Ser dere noen feil her? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå