Ethernet Skrevet 3. april 2009 Del Skrevet 3. april 2009 (endret) Har nå kjørt ComboFix og HijackThis, noen som kan sjekke loggene mine? ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 09-04-01.01 - HP_Administrator 2009-04-03 14:38:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1266 [GMT 2:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: Ventelo Anti-Virus 7.00 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Administrator\Cookies\azujuzi.lib c:\documents and settings\HP_Administrator\Cookies\fywoxyxeze.bin c:\documents and settings\HP_Administrator\Cookies\oqywidoxij.scr c:\documents and settings\HP_Administrator\Cookies\sohuno.vbs c:\documents and settings\HP_Administrator\Desktopblackbird.jpg c:\documents and settings\HP_Administrator\DesktopEditorFKWP1.5.exe c:\documents and settings\HP_Administrator\DesktopEditorFKWP2.0.exe c:\documents and settings\HP_Administrator\Desktopfilemanagerclient.exe c:\documents and settings\HP_Administrator\Desktopfkwp1.5.exe c:\documents and settings\HP_Administrator\Desktopfkwp2.0.exe c:\documents and settings\HP_Administrator\Desktopfwebd.exe c:\documents and settings\HP_Administrator\DesktopFWebdEditor.exe c:\documents and settings\HP_Administrator\DesktopTrojan.Win32.BlackBird.exe c:\documents and settings\HP_Administrator\Desktopvirii c:\documents and settings\HP_Administrator\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe c:\documents and settings\HP_Administrator\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe c:\documents and settings\HP_Administrator\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe c:\documents and settings\HP_Administrator\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe c:\documents and settings\HP_Administrator\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\badyp.inf c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\efaci.pif c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\gyzugu.scr c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\wyzuwo.bat c:\program files\SpywareIsolator c:\windows\a.bat c:\windows\base64.tmp c:\windows\bdn.com c:\windows\BMbf8d75f3.txt c:\windows\BMbf8d75f3.xml c:\windows\cookies.ini c:\windows\FVProtect.exe c:\windows\Installer\{5615919b-eef9-4a3c-bd45-6d7d4bd81878}\zip.dll c:\windows\iTunesMusic.exe c:\windows\mssecu.exe c:\windows\pskt.ini c:\windows\system32\aurxdkhp.ini c:\windows\system32\bxyuxnop.ini c:\windows\system32\CcIRYcfe.ini c:\windows\system32\CcIRYcfe.ini2 c:\windows\system32\dqoikqyl.ini c:\windows\system32\drivers\ati3raxx.sys c:\windows\system32\GNpVvyxx.ini c:\windows\system32\GNpVvyxx.ini2 c:\windows\system32\icf.exe.exe c:\windows\system32\jvsjgxdi.ini c:\windows\system32\mcrh.tmp c:\windows\system32\nqjglmii.ini c:\windows\system32\qqxxsxod.ini c:\windows\system32\uthuxfhf.ini c:\windows\system32\wHgiknpo.ini c:\windows\system32\wHgiknpo.ini2 c:\windows\system32\wvkpwlph.ini c:\windows\system32\xjtjiyhg.ini c:\windows\system32\YbdgNXyb.ini c:\windows\system32\YbdgNXyb.ini2 c:\windows\system32\yidouayg.ini c:\windows\system32akttzn.exe c:\windows\system32anticipator.dll c:\windows\system32awtoolb.dll c:\windows\system32bdn.com c:\windows\system32bsva-egihsg52.exe c:\windows\system32dpcproxy.exe c:\windows\system32emesx.dll c:\windows\system32h@tkeysh@@k.dll c:\windows\system32hoproxy.dll c:\windows\system32hxiwlgpm.dat c:\windows\system32hxiwlgpm.exe c:\windows\system32medup012.dll c:\windows\system32medup020.dll c:\windows\system32msgp.exe c:\windows\system32msnbho.dll c:\windows\system32mssecu.exe c:\windows\system32msvchost.exe c:\windows\system32mtr2.exe c:\windows\system32mwin32.exe c:\windows\system32netode.exe c:\windows\system32newsd32.exe c:\windows\system32ps1.exe c:\windows\system32psof1.exe c:\windows\system32psoft1.exe c:\windows\system32regc64.dll c:\windows\system32regm64.dll c:\windows\system32Rundl1.exe c:\windows\system32smp c:\windows\system32smp\msrc.exe c:\windows\system32sncntr.exe c:\windows\system32ssurf022.dll c:\windows\system32ssvchost.com c:\windows\system32ssvchost.exe c:\windows\system32sysreq.exe c:\windows\system32temp#01.exe c:\windows\system32thun.dll c:\windows\system32thun32.dll c:\windows\system32taack.dat c:\windows\system32taack.exe c:\windows\system32VBIEWER.OCX c:\windows\system32vbsys2.dll c:\windows\system32vcatchpi.dll c:\windows\system32winlogonpc.exe c:\windows\system32winsystem.exe c:\windows\system32WINWGPX.EXE c:\windows\Temp\517122667.exe c:\windows\userconfig9x.dll c:\windows\wiaserviv.log c:\windows\winsystem.exe c:\windows\zip1.tmp c:\windows\zip2.tmp c:\windows\zip3.tmp c:\windows\zipped.tmp D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATI3RAXX -------\Legacy_EVENTLOGAUDIOSRV -------\Legacy_ICF -------\Legacy_TCPSR -------\Service_ati3raxx -------\Service_EventlogAudioSrv -------\Service_ICF -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))))) . 2009-04-03 14:36 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-03 14:34 . 2009-04-03 14:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-03 14:34 . 2009-04-03 14:34 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-04-03 14:34 . 2009-04-03 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-03 14:34 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-03 14:34 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-02 21:25 . 2009-04-02 21:25 21,664 --a------ c:\windows\system32\drivers\jls3f5d.sys 2009-04-02 21:22 . 2009-04-02 21:22 21,664 --a------ c:\windows\system32\drivers\ign6d20.sys 2009-04-02 21:11 . 2009-04-02 21:11 21,664 --a------ c:\windows\system32\drivers\acr3630.sys 2009-04-02 21:04 . 2009-04-02 21:04 21,664 --a------ c:\windows\system32\drivers\tsj28ff.sys 2009-04-02 17:38 . 2009-04-02 17:38 21,664 --a------ c:\windows\system32\drivers\sfp4332.sys 2009-03-29 01:29 . 2009-03-29 01:29 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-28 19:32 . 2009-03-28 19:32 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2009-03-13 10:21 . 2009-03-13 10:21 <DIR> d-------- c:\program files\AskBarDis 2009-03-12 22:58 . 2009-03-12 22:58 <DIR> d-------- c:\program files\WinPcap 2009-03-12 15:10 . 2009-03-12 15:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Windows Search 2009-03-12 12:48 . 2009-03-12 12:48 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-03-12 12:48 . 2009-03-12 12:48 <DIR> d-------- c:\program files\Microsoft 2009-03-12 12:47 . 2009-03-12 12:47 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-03-12 12:47 . 2009-03-12 12:47 <DIR> d-------- c:\program files\Windows Desktop Search 2009-03-12 12:47 . 2009-03-12 12:47 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search 2009-03-12 12:46 . 2008-03-07 19:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll 2009-03-12 12:46 . 2008-03-07 19:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll 2009-03-12 12:46 . 2008-03-07 19:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\windows\system32\zh-tw 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\windows\system32\zh-cn 2009-03-12 12:44 . 2009-03-12 12:45 <DIR> d-------- c:\windows\system32\da-dk 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\windows\system32\cs-cz 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\windows\system32\bg-bg 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\windows\system32\ar-sa 2009-03-12 12:44 . 2009-01-09 21:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat 2009-03-12 12:06 . 2009-03-12 12:06 <DIR> d-------- c:\windows\system32\MpEngineStore 2009-03-12 11:52 . 2009-03-12 12:29 <DIR> d-------- c:\windows\SxsCaPendDel 2009-03-12 11:52 . 2009-03-12 11:53 <DIR> d-------- C:\b993329fbc071381f922 2009-03-10 11:38 . 2009-03-17 13:50 145 --a-s---- c:\windows\system32\879285418.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-03 12:58 --------- d-----w c:\program files\DNA 2009-04-03 12:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\DNA 2009-03-28 23:30 --------- d-----w c:\program files\FlashGet 2009-03-27 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-20 08:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\BitTorrent 2009-03-10 08:51 --------- d-----w c:\program files\The_Pirate_Bay 2009-02-11 22:32 --------- d-----w c:\program files\Java 2009-02-07 16:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire 2009-02-06 20:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss 2009-02-06 19:01 --------- d-----w c:\program files\Super_DVD_Creator_9.8 2009-02-03 22:25 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-11-13 16:50 18,062 ----a-w c:\documents and settings\HP_Administrator\Application Data\cybozo.exe 2008-11-13 16:50 14,894 ----a-w c:\program files\Common Files\sugyc.bat 2008-11-13 16:50 11,928 ----a-w c:\documents and settings\All Users\Application Data\paryvefy.bin 2008-11-13 16:50 11,342 ----a-w c:\documents and settings\HP_Administrator\Application Data\fobyxyqace.reg 2008-11-13 16:50 10,618 ----a-w c:\documents and settings\HP_Administrator\Application Data\qerylerifu.scr 2008-11-13 16:50 10,560 ----a-w c:\documents and settings\All Users\Application Data\qepu.scr 2008-11-13 16:50 10,134 ----a-w c:\program files\Common Files\synosekyk.com . ------- Sigcheck ------- 2005-03-14 10:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2009-03-08 2079256] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-06 16:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}] 2009-03-08 14:28 2079256 --a------ c:\program files\The_Pirate_Bay\tbThe_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2009-03-08 2079256] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2009-03-08 2079256] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-21 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-04 00:25 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIXL"= pclepixl.dll "VIDC.NTN1"= NUVision.ax "VIDC.PIM2"= RALCodec.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= vdrcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2kfxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6lvxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2004-06-30 7680] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-04 325128] R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [2008-03-18 132940] R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2008-03-19 5543] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-03 2799488] S0 ati2kfxx;ati2kfxx;c:\windows\system32\Drivers\ati2kfxx.sys --> c:\windows\system32\Drivers\ati2kfxx.sys [?] S0 ati6lvxx;ati6lvxx;c:\windows\system32\Drivers\ati6lvxx.sys --> c:\windows\system32\Drivers\ati6lvxx.sys [?] S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\DRIVERS\lstone2k.sys --> c:\windows\system32\DRIVERS\lstone2k.sys [?] S3 acr3630;acr3630;c:\windows\system32\drivers\acr3630.sys [2009-04-02 21664] S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe --> c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [?] S3 ign6d20;ign6d20;c:\windows\system32\drivers\ign6d20.sys [2009-04-02 21664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-03 38496] S3 NUVision;Pinnacle LINX;c:\windows\system32\DRIVERS\NUVision.sys --> c:\windows\system32\DRIVERS\NUVision.sys [?] S3 sfp4332;sfp4332;c:\windows\system32\drivers\sfp4332.sys [2009-04-02 21664] S3 tsj28ff;tsj28ff;c:\windows\system32\drivers\tsj28ff.sys [2009-04-02 21664] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-03 468768] . Contents of the 'Scheduled Tasks' folder 2009-03-12 c:\windows\Tasks\Internett-tjenester.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 20:23] . - - - - ORPHANS REMOVED - - - - HKCU-Run-rs32net - c:\windows\System32\rs32net.exe HKLM-Run-BMbf8d75f3 - c:\windows\system32\oerxthdi.dll HKLM-Run-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe HKLM-Run-NWEReboot - (no file) Notify-__c00CB279 - c:\windows\system32\__c00CB279.dat Notify-__c00CBB67 - c:\windows\system32\__c00CBB67.dat Notify-__c00FBE58 - c:\windows\system32\__c00FBE58.dat Notify-wvUoMdEW - wvUoMdEW.dll Notify-zlnvudq - zlnvudq32.dll SafeBoot-ati3bqxx.sys SafeBoot-ati7lqxx.sys . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-03 15:00:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,91,74,6f,9f,7a, b7,4b,df,c8,28,51,af,b0,29,a3,98,5b,5b,e5,c1,c7,ee,5b,0b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1c,28,57,32,1d, 5e,14,24,71,3b,04,66,8b,46,0d,96,85,28,bc,65,75,e9,da,0c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,e9,9d,fb,81, 51,54,99,25,da,ec,7e,55,20,c9,26,7f,0b,70,9b,fb,93,a1,96,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,33,07,23,5e,5a, ab,44,90,3e,1e,9e,e0,57,5a,93,61,1e,74,52,9a,d6,92,78,f3,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,cd,6c,34,ec,a9, 65,02,1d,cd,44,cd,b9,a6,33,6c,cd,e9,97,97,d4,db,55,7b,ed,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,cc,d1,f3,13, 46,20,ec,b0,18,ed,a7,3f,8d,37,a4,66,ff,5a,77,fa,ae,8f,32,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,fe,66,ae,b4,f0, 36,a0,f8,31,77,e1,ba,b1,f8,68,02,9e,db,45,4c,b6,7f,ed,0e,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,80,2e,70,b3,e9, 97,31,98,83,6c,56,8b,a0,85,96,ab,e8,c1,93,eb,85,35,c4,f0,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,2c,c8,12,c0,90, 8f,81,e9,51,fa,6e,91,28,9e,14,cc,53,9b,e2,ed,97,78,5e,64,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,79,ac,20,f4,28, 84,bc,0c,b1,cd,45,5a,a8,c4,f8,b9,31,6d,c4,7b,aa,0d,61,fd,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b3,57,19,de,9c, c1,35,b3,e3,0e,66,d5,eb,bc,2f,6b,60,10,a5,e7,09,22,7b,47,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,be,12,0f,f9,88, 09,a0,d9,fa,ea,66,7f,d4,3b,6b,70,46,63,7e,b1,f8,ce,0d,d7,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(840) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\system32\ati2evxx.exe c:\windows\arservice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\searchindexer.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-04-03 15:04:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-03 13:04:51 Pre-Run: 17 202 151 424 bytes free Post-Run: 23,922,868,224 byte ledig 438 --- E O F --- 2009-03-13 08:59:04 HijackThis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:34:39, on 03.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- End of file - 7529 bytes MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.35 Databaseversjon: 1936 Windows 5.1.2600 Service Pack 3 03.04.2009 15:41:04 mbam-log-2009-04-03 (15-41-04).txt Skanntype: Rask Skann Objekter skannet: 75400 Tid tilbakelagt: 7 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 5 Mapper infisert: 3 Filer infisert: 11 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\data (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\data\daily.cvd (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Desktop\spywareisolator.lnk (Rogue.Spywareisolator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Takk Endret 3. april 2009 av Ethernet Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Kjørte du Malwarebytes før combofix? Hvis, post loggen. Hvis ikke, oppdater malwarebytes og kjør en rask skann. Deretter kjører du combofix på nytt og poster loggen. Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Gå til nettstedet Virustotal evt. Virscan og last opp følgende filer for sjekk. Gi tilbakemelding på om og hva som evt. ble funnet på filene: c:\windows\system32\drivers\jls3f5d.sys c:\windows\system32\drivers\sfp4332.sys c:\windows\system32\drivers\tcpip.sys c:\documents and settings\HP_Administrator\Application Data\cybozo.exe Lenke til kommentar
Ethernet Skrevet 3. april 2009 Forfatter Del Skrevet 3. april 2009 Fil 1: Prevx1 - - High Risk Rootkit , ViRobot - - Trojan.Win32.RT-Agent.21632 Fil 2: Samme som over Fil3: Ingenting Fil 4: Heller ingenting Holder på med MABM scan nå Lenke til kommentar
Ethernet Skrevet 3. april 2009 Forfatter Del Skrevet 3. april 2009 Har fått rensket nå Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Kjør combofix på nytt og post loggen. Lenke til kommentar
Ethernet Skrevet 3. april 2009 Forfatter Del Skrevet 3. april 2009 Var ikke min PC. Var for en kamerat av en vennnne Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Ok. Det gjenstår antakelig noen filer som skal fjernes, så vedkommende burde poste en ny combofix-logg slik at vi kan få tatt resten. Lenke til kommentar
Ethernet Skrevet 3. april 2009 Forfatter Del Skrevet 3. april 2009 Skal se om jeg får tatt en tur i løpet av ferien Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå