Hjelp til å skjekke logger!

[TaZ]

Combofix

 

 

ComboFix 09-01-19.05 - roger 2009-01-20 9:59:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1023.638 [GMT 1:00]

Kjører fra: c:\documents and settings\roger\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\afvjbrrc.ini

c:\windows\system32\hbseyauo.ini

c:\windows\system32\HNprAJlm.ini

c:\windows\system32\HNprAJlm.ini2

c:\windows\system32\nutjshux.ini

c:\windows\system32\yfmohkvt.ini

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-20 til 2009-01-20 )))))))))))))))))))))))))))))))))

.

 

2009-01-20 09:47 . 2009-01-20 09:47 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-01-20 09:47 . 2009-01-20 09:47 <DIR> d-------- c:\documents and settings\roger\Programdata\Malwarebytes

2009-01-20 09:47 . 2009-01-20 09:47 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-01-20 09:47 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-20 09:47 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-14 17:44 . 2001-08-18 06:36 8,704 --a------ c:\windows\system32\kbdjpn.dll

2009-01-14 17:44 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll

2009-01-14 17:44 . 2001-08-18 06:36 8,192 --a------ c:\windows\system32\kbdkor.dll

2009-01-14 17:44 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd106.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll

2009-01-14 17:44 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll

2009-01-14 17:44 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll

2009-01-14 17:44 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-20 08:40 --------- d-----w c:\documents and settings\roger\Programdata\uTorrent

2009-01-20 05:04 --------- d-----w c:\programfiler\PokerRoom.com

2009-01-19 13:50 --------- d-----w c:\documents and settings\roger\Programdata\dvdcss

2008-12-27 20:01 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink

2008-12-25 16:51 28,024 ----a-w c:\windows\system32\drivers\INFCACHE.1

2008-12-11 16:57 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-09 20:24 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-12-09 20:19 --------- d-----w c:\programfiler\Google

2008-12-09 20:18 --------- d-----w c:\programfiler\DAEMON Tools Toolbar

2008-12-07 19:58 --------- d-----w c:\documents and settings\roger\Programdata\ImgBurn

2008-12-07 11:21 --------- d-----w c:\programfiler\ImgBurn

2008-12-07 11:16 --------- dc----w c:\documents and settings\All Users\Programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-06 22:07 --------- d-----w c:\programfiler\DAEMON Tools Lite

2008-12-06 22:02 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-12-06 22:02 --------- d-----w c:\documents and settings\roger\Programdata\DAEMON Tools

2008-11-13 13:41 73,728 ----a-w c:\windows\ALCFDRTM.EXE

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-01 7118848]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-04 1261336]

"LVCOMS"="c:\programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"LogitechGalleryRepair"="c:\programfiler\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]

"LogitechImageStudioTray"="c:\programfiler\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

"nwiz"="nwiz.exe" [2005-07-01 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-03-22 c:\windows\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-22 c:\windows\ALCWZRD.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP53"= SP5X_32.DLL

"VIDC.SP54"= SP5X_32.DLL

"VIDC.SP55"= SP5X_32.DLL

"VIDC.SP56"= SP5X_32.DLL

"VIDC.SP57"= SP5X_32.DLL

"VIDC.SP58"= SP5X_32.DLL

"VIDC.SP59"= SP5X_32.DLL

"vidc.dvsd"= pdvcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-30 97928]

R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-05 875288]

R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 231704]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-30 76040]

S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2008-07-20 220079]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-04-15 32000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c67819f0-0a64-11dd-80d4-0012f02eef9c}]

\Shell\AutoRun\command - f:\programs\nu2menu\nu2menu.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

BHO-{2F83CDC9-2CE1-4D92-A1F4-12EE58A6A050} - c:\windows\system32\mlJArpNH.dll

Notify-WgaLogon - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.sol.no/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = localhost

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-20 10:02:09

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\nvsvc32.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-01-20 10:04:56 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-01-20 09:04:28

 

Pre-Run: 27 960 119 296 byte ledig

Post-Run: 28,600,832,000 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

156 --- E O F --- 2009-01-15 06:02:42

 

 

 

 

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1668

Windows 5.1.2600 Service Pack 2

 

20.01.2009 09:55:28

mbam-log-2009-01-20 (09-55-28).txt

 

Skanntype: Rask Skann

Objekter skannet: 45297

Tid tilbakelagt: 7 minute(s), 22 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 11

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b1cfb77-cad1-4121-874e-407f6d3f4bf2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7b1cfb77-cad1-4121-874e-407f6d3f4bf2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9950772d-af73-4aea-80b6-c251ec40ea30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlbtlb (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9950772d-af73-4aea-80b6-c251ec40ea30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cb513c8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\ugmljr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnLBTLB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

 

[norbat]

Ser greit ut.

 

Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

 

Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows ( gå til windows update og oppdater til SP3 ).

 

Surt trygt.

[TaZ]

Takker