ComboFix-logg, trenger hjelp :)

[Braekke]

Hei! Om noen hadde tatt seg tid til å sjekke igjennom denne ComboFix-loggen hadde jeg vært veldig takknemlig Har nemlig virus, og pc'en er blitt fryktelig

treig..

ComboFix:

 

ComboFix 09-01-17.03 - Espen 2009-01-18 12:24:20.2 - FAT32x86

Kjører fra: g:\program files\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Forrige skanning -------

.

f:\windows\Downloaded Program Files\setup.inf

f:\windows\Readme.txt

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_R_SERVER

-------\Service_r_server

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-18 til 2009-01-18 )))))))))))))))))))))))))))))))))

.

 

2009-01-18 12:18 . 2009-01-18 12:21 3,712 --a------ f:\windows\system32\drivers\kgpcpy.cfg

2009-01-18 11:26 . 2009-01-18 11:26 2,560 --a------ f:\windows\system32\drivers\mchInjDrv.sys

2009-01-17 10:23 . 2009-01-17 10:23 <DIR> d-------- f:\documents and settings\Bent\Application Data\HouseCall 6.6

2009-01-17 10:18 . 2009-01-17 10:19 <DIR> d-------- f:\documents and settings\Bent\.housecall6.6

2009-01-17 10:16 . 2009-01-17 10:28 664 --a------ f:\windows\system32\d3d9caps.dat

2009-01-13 22:57 . 2009-01-13 22:57 <DIR> d-------- f:\documents and settings\Bent\Application Data\Malwarebytes

2009-01-13 22:56 . 2009-01-13 22:56 <DIR> d-------- f:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-13 22:56 . 2009-01-04 18:38 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys

2009-01-13 22:56 . 2009-01-04 18:38 15,504 --a------ f:\windows\system32\drivers\mbam.sys

2009-01-13 01:00 . 2009-01-13 01:00 <DIR> d-------- f:\documents and settings\All Users\Application Data\SITEguard

2009-01-13 00:59 . 2009-01-13 00:59 <DIR> d-------- f:\program files\Common Files\iS3

2009-01-13 00:59 . 2009-01-13 00:59 <DIR> d-------- f:\documents and settings\All Users\Application Data\STOPzilla!

2009-01-13 00:12 . 2009-01-13 00:12 <DIR> d-------- f:\program files\Enigma Software Group

2009-01-04 11:49 . 2009-01-04 11:49 <DIR> d--hs---- F:\FOUND.050

2008-12-25 13:36 . 2008-12-25 13:36 <DIR> d-------- f:\documents and settings\All Users\Application Data\Apple

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-17 16:26 17,408 ----a-r f:\windows\system32\SZIO5.dll

2008-12-17 16:25 282,624 ----a-r f:\windows\system32\SZBase5.dll

2008-12-17 16:24 540,672 ----a-r f:\windows\system32\SZComp5.dll

2008-12-14 09:25 --------- d-----w f:\documents and settings\All Users\Application Data\Lavasoft

2008-12-13 06:40 3,593,216 ----a-w f:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w f:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w f:\windows\system32\dllcache\srv.sys

2008-12-07 16:32 --------- d-----w f:\program files\MSBuild

2008-12-07 16:28 --------- d-----w f:\program files\Reference Assemblies

2008-12-07 16:20 --------- d-----w f:\documents and settings\Bent\Application Data\Sony Setup

2008-12-05 20:10 --------- d-----w f:\documents and settings\Kirsten\Application Data\Apple Computer

2008-12-02 14:20 54,656 ----a-r f:\windows\system32\drivers\SZKG.sys

2008-12-01 19:09 --------- d-----w f:\documents and settings\All Users\Application Data\TEMP

2008-11-24 15:19 364,544 ----a-r f:\windows\system32\IS3DBA5.dll

2008-11-24 15:19 126,976 ----a-r f:\windows\system32\IS3HTUI5.dll

2008-11-24 15:18 61,440 ----a-r f:\windows\system32\IS3Hks5.dll

2008-11-24 15:18 372,736 ----a-r f:\windows\system32\IS3UI5.dll

2008-11-24 15:18 23,040 ----a-r f:\windows\system32\IS3XDat5.dll

2008-11-24 15:17 94,208 ----a-r f:\windows\system32\IS3Inet5.dll

2008-11-24 15:17 90,112 ----a-r f:\windows\system32\IS3Svc5.dll

2008-11-24 15:17 212,992 ----a-r f:\windows\system32\IS3Win325.dll

2008-11-24 15:14 708,608 ----a-r f:\windows\system32\IS3Base5.dll

2008-11-10 04:43 410,984 ----a-w f:\windows\system32\deploytk.dll

2008-10-24 11:21 455,296 ------w f:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w f:\windows\system32\gdi32.dll

2008-10-23 12:36 286,720 ------w f:\windows\system32\dllcache\gdi32.dll

2008-02-29 17:27 41,616 ----a-w f:\documents and settings\Bent\Application Data\GDIPFONTCACHEV1.DAT

2008-02-14 22:08 41,616 ----a-w f:\documents and settings\Espen\Application Data\GDIPFONTCACHEV1.DAT

2007-02-22 10:05 1,094,021 ----a-w f:\program files\dvdshrink32setup.zip

2007-02-22 10:04 899,414 ----a-w f:\program files\SetupDVDDecrypter_3.5.4.0.exe

2007-02-22 10:02 1,181,771 ----a-w f:\program files\RipIt4Me Installer.exe

2007-02-21 20:36 1,364,995 ----a-w f:\program files\CamStudio20.exe

2008-10-01 20:15 32,768 --sha-w f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100120081002\index.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="f:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 339968]

"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2006-11-11 282624]

"StatusClient"="f:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]

"TomcatStartup"="f:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

"MediaLifeService"="f:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]

"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"SpyHunter Security Suite"="f:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 f:\windows\soundman.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 f:\windows\KHALMNPR.Exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 f:\windows\system32\bthprops.cpl]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 f:\windows\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="f:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Norman ZANDA"=g:\programmer\bin\ZLH.EXE /LOAD /SPLASH

"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

 

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

R3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);f:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]

S0 szkg5;szkg;f:\windows\system32\DRIVERS\szkg.sys [2008-12-02 54656]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\System32\Drivers\avgldx86.sys [2008-10-06 97928]

S2 avg8wd;AVG Free8 WatchDog; [x]

 

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - AFD

*Deregistered* - Ati HotKey Poller

*Deregistered* - ATI Smart

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avg8wd

*Deregistered* - AvgLdx86

*Deregistered* - AvgMfx86

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - BthServ

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - MDM

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - ParVdm

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - Secdrv

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - sfdrv01

*Deregistered* - sfhlp02

*Deregistered* - sfsync03

*Deregistered* - sfvfs02

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - szkg5

*Deregistered* - szserver

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - Wdf01000

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WS2IFSL

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

*Deregistered* - aawservice

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6258c1c-4e55-11dc-aff0-001617700d1f}]

\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-09 f:\windows\Tasks\1-Click Maintenance.job

- f:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []

 

2008-12-25 f:\windows\Tasks\AppleSoftwareUpdate.job

- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-01-12 f:\windows\Tasks\XoftSpySE.job

- g:\program files\XoftSpySE\XoftSpy.exe [2009-01-07 16:47]

 

2009-01-18 f:\windows\Tasks\XoftSpySE 2.job

- g:\program files\XoftSpySE\XoftSpy.exe [2009-01-07 16:47]

.

- - - - TOMME PEKERE FJERNET - - - -

 

Toolbar-SITEguard - (no file)

HKLM-Run-HPLJ Config - f:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p IP_192.168.0.1

HKLM-Run-WinampAgent - g:\programmer\Winamp\winampa.exe

HKLM-Run-AVG8_TRAY - g:\progra~1\AVGANT~1\avgtray.exe

HKU-Default-Run-Nokia.PCSync - d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = about:blank

mStart Page = hxxp://www.msn.com

IE: E&ksporter til Microsoft Excel - g:\progra~1\Office10\EXCEL.EXE/3000

LSP: f:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

 

O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

f:\windows\Downloaded Program Files\MSIWDev.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-18 12:25:58

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(688)

f:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(772)

f:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

.

Tidspunkt ferdig: 2009-01-18 12:27:10

ComboFix-quarantined-files.txt 2009-01-18 11:27:10

 

Pre-Run: 3 669 803 008 bytes free

Post-Run: 3,667,877,888 bytes free

 

279 --- E O F --- 2009-01-14 15:05:21

 

 

Takk på forhånd : )

Endret 18. januar 2009 av Braekke

[norbat]

Har du kjørt Malwarebytes - og fant den noe?

Hvilket program er det som melder/finner virus - og hvor skal dette ligge på systemet?

[Braekke]

Har du kjørt Malwarebytes - og fant den noe?

Hvilket program er det som melder/finner virus - og hvor skal dette ligge på systemet?

 

Edit: ...

Endret 18. januar 2009 av Braekke