GLN Skrevet 26. april 2009 Del Skrevet 26. april 2009 Norton oppdaget et trojan virus som må fjernes manuelt, hvordan? Logger legges ved: MBAM: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1716 Windows 5.1.2600 Service Pack 3 26.04.2009 21:19:44 mbam-log-2009-04-26 (21-19-44).txt Skanntype: Rask Skann Objekter skannet: 64542 Tid tilbakelagt: 14 minute(s), 26 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix: ComboFix 09-04-25.A3 - Dranc 26.04.2009 21:23.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.460 [GMT 2:00] Kjører fra: e:\documents and settings\Dranc.DRANCI\Skrivebord\ComboFix.exe AV: Norton 360 *On-access scanning enabled* (Updated) FW: Norton 360 *disabled* * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-26 til 2009-4-26 ))))))))))))))))))))))))))))))))) . 2009-04-17 22:04 . 2008-02-28 12:26 1414440 ----a-w e:\windows2\system32\ShellManager310E2D762.dll 2009-04-17 22:04 . 2008-02-28 12:01 774144 ----a-w e:\windows2\system32\NEROINSTAEC43759.DB 2009-04-17 22:03 . 2009-04-17 22:03 0 ----a-w e:\windows2\Irremote.ini 2009-04-16 15:06 . 2009-02-06 10:10 227840 -c----w e:\windows2\system32\dllcache\wmiprvse.exe 2009-04-16 15:06 . 2009-03-06 14:24 284160 -c----w e:\windows2\system32\dllcache\pdh.dll 2009-04-16 15:06 . 2009-02-09 11:27 111104 -c----w e:\windows2\system32\dllcache\services.exe 2009-04-16 15:06 . 2009-02-09 10:56 401408 -c----w e:\windows2\system32\dllcache\rpcss.dll 2009-04-16 15:06 . 2009-02-09 10:56 473600 -c----w e:\windows2\system32\dllcache\fastprox.dll 2009-04-16 15:06 . 2009-02-09 10:56 729088 -c----w e:\windows2\system32\dllcache\lsasrv.dll 2009-04-16 15:06 . 2009-02-09 10:56 710656 -c----w e:\windows2\system32\dllcache\ntdll.dll 2009-04-16 15:06 . 2009-02-09 10:56 680448 -c----w e:\windows2\system32\dllcache\advapi32.dll 2009-04-16 15:06 . 2009-02-09 10:56 453120 -c----w e:\windows2\system32\dllcache\wmiprvsd.dll 2009-04-16 15:06 . 2009-03-27 06:58 1203922 -c----w e:\windows2\system32\dllcache\sysmain.sdb 2009-04-16 15:06 . 2008-04-21 21:16 217088 -c----w e:\windows2\system32\dllcache\wordpad.exe 2009-04-11 18:29 . 2008-10-16 12:06 208744 ----a-w e:\windows2\system32\muweb.dll 2009-04-11 18:29 . 2008-10-16 12:06 27496 ----a-w e:\windows2\system32\mucltui.dll.mui 2009-04-11 18:29 . 2008-10-16 12:06 268648 ----a-w e:\windows2\system32\mucltui.dll 2009-04-03 16:26 . 2009-04-03 16:26 -------- d-----w e:\programfiler\Microsoft Silverlight 2009-03-31 16:38 . 2009-03-31 16:38 -------- d-----w e:\windows2\system32\nb-no 2009-03-31 16:38 . 2009-03-31 16:38 -------- d-----w e:\windows2\l2schemas 2009-03-31 16:38 . 2009-03-31 16:38 -------- d-----w e:\windows2\system32\no 2009-03-31 16:38 . 2009-03-31 16:38 -------- d-----w e:\windows2\system32\bits 2009-03-31 16:35 . 2009-03-31 16:38 -------- d-----w e:\windows2\ServicePackFiles 2009-03-31 16:30 . 2009-03-31 16:30 -------- d-----w e:\windows2\EHome 2009-03-30 19:00 . 2009-02-18 12:44 212711 ----a-w e:\windows2\system32\nvapps.nvb . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-26 19:21 . 2007-04-14 01:51 -------- d-----w e:\programfiler\Fellesfiler\Symantec Shared 2009-04-20 21:26 . 2004-08-04 12:00 387434 ----a-w e:\windows2\system32\perfh014.dat 2009-04-20 21:26 . 2004-08-04 12:00 61310 ----a-w e:\windows2\system32\perfc014.dat 2009-04-20 21:13 . 2007-06-28 10:39 -------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Symantec 2009-04-19 20:32 . 2007-06-26 11:16 19888 ----a-w e:\documents and settings\Dranc.DRANCI\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-18 22:38 . 2007-12-25 20:34 -------- d-----w e:\programfiler\DC++ 2009-04-17 22:18 . 2007-07-02 13:35 -------- d-----w e:\programfiler\Creative 2009-04-17 22:16 . 2007-07-02 17:04 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Creative 2009-04-17 22:10 . 2008-01-04 16:28 -------- d-----w e:\programfiler\Polar 2009-04-17 22:09 . 2007-04-14 01:43 -------- d--h--w e:\programfiler\InstallShield Installation Information 2009-04-17 22:04 . 2008-03-13 22:36 -------- d-----w e:\programfiler\Fellesfiler\Nero 2009-04-17 22:00 . 2007-04-19 14:39 -------- d-----w e:\programfiler\Logitech 2009-04-17 22:00 . 2008-01-01 21:45 -------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Logishrd 2009-04-17 21:58 . 2007-04-19 14:41 -------- d-----w e:\programfiler\Fellesfiler\Logitech 2009-04-17 21:56 . 2007-04-25 15:40 -------- d-----w e:\programfiler\Sony Ericsson 2009-04-17 21:50 . 2007-07-27 14:22 -------- d-----w e:\programfiler\Corel 2009-04-17 21:50 . 2007-07-27 21:14 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Corel 2009-04-17 21:48 . 2007-07-02 13:47 -------- d-----w e:\programfiler\Audible 2009-04-16 20:21 . 2008-08-24 10:38 -------- d-----w e:\programfiler\Windows Live Safety Center 2009-04-03 14:00 . 2009-03-10 15:59 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Spotify 2009-04-03 13:30 . 2007-04-14 02:16 -------- d-----w e:\programfiler\MSN Messenger 2009-03-31 16:40 . 2007-06-20 21:10 76493 ----a-w e:\windows2\pchealth\helpctr\OfflineCache\index.dat 2009-03-21 22:37 . 2007-08-25 21:02 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Photodex 2009-03-21 22:26 . 2007-04-16 17:32 1628 ----a-w E:\photodex-presenter-install.log 2009-03-21 22:26 . 2009-03-21 22:26 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Netscape 2009-03-15 18:45 . 2009-03-14 17:50 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Move Networks 2009-03-10 15:59 . 2009-03-10 15:59 -------- d-----w e:\programfiler\Spotify 2009-03-09 22:20 . 2009-03-09 22:20 -------- d-----w e:\programfiler\iTunes 2009-03-09 22:20 . 2009-03-09 22:20 -------- d-----w e:\programfiler\iPod 2009-03-09 22:20 . 2007-10-25 10:45 -------- d-----w e:\programfiler\Fellesfiler\Apple 2009-03-09 22:19 . 2009-03-09 22:19 -------- d-----w e:\programfiler\Bonjour 2009-03-09 22:18 . 2007-06-12 13:18 -------- d-----w e:\programfiler\QuickTime 2009-03-09 16:19 . 2007-06-28 10:40 -------- d-----w e:\programfiler\Norton 360 2009-03-06 14:24 . 2004-08-04 12:00 284160 ----a-w e:\windows2\system32\pdh.dll 2009-03-01 04:00 . 2007-04-14 01:51 -------- d-----w e:\programfiler\Symantec 2009-03-01 04:00 . 2009-02-28 23:48 806 ----a-w e:\windows2\system32\drivers\SYMEVENT.INF 2009-03-01 04:00 . 2009-02-28 23:48 60808 ----a-w e:\windows2\system32\S32EVNT1.DLL 2009-03-01 04:00 . 2009-02-28 23:48 124464 ----a-w e:\windows2\system32\drivers\SYMEVENT.SYS 2009-03-01 04:00 . 2009-02-28 23:48 10635 ----a-w e:\windows2\system32\drivers\SYMEVENT.CAT 2009-02-27 09:56 . 2007-04-16 13:11 -------- d-s---w e:\programfiler\Xfire 2009-02-26 22:59 . 2009-02-26 22:59 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\dyyno-vlc 2009-02-26 22:59 . 2009-02-26 22:59 -------- d-----w e:\programfiler\Dyyno 2009-02-26 22:29 . 2007-06-22 06:14 -------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Xfire 2009-02-20 08:12 . 2004-08-04 12:00 665600 ----a-w e:\windows2\system32\wininet.dll 2009-02-20 08:12 . 2004-08-04 12:00 81920 ----a-w e:\windows2\system32\ieencode.dll 2009-02-16 21:17 . 2007-06-21 18:09 453152 ----a-w e:\windows2\system32\NVUNINST.EXE 2009-02-11 00:13 . 2009-02-11 00:13 42320 ----a-w e:\windows2\system32\xfcodec.dll 2009-02-10 17:11 . 2004-08-04 00:58 2067840 ----a-w e:\windows2\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2004-08-04 12:00 1846784 ----a-w e:\windows2\system32\win32k.sys 2009-02-09 11:27 . 2004-08-04 12:00 2190848 ----a-w e:\windows2\system32\ntoskrnl.exe 2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w e:\windows2\system32\services.exe 2009-02-09 10:56 . 2004-08-04 12:00 729088 ----a-w e:\windows2\system32\lsasrv.dll 2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w e:\windows2\system32\rpcss.dll 2009-02-09 10:56 . 2004-08-04 12:00 710656 ----a-w e:\windows2\system32\ntdll.dll 2009-02-09 10:56 . 2004-08-04 12:00 680448 ----a-w e:\windows2\system32\advapi32.dll 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w e:\windows2\system32\sc.exe 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w e:\windows2\system32\secur32.dll 2009-02-03 15:11 . 2009-02-03 15:11 1356 ----a-w E:\avenger.txt 2008-09-19 18:35 . 2008-09-19 18:26 357768 ----a-w e:\documents and settings\Dranc.DRANCI\SymXPep2.dll 2008-05-09 19:56 . 2008-05-09 19:56 136 ----a-w e:\documents and settings\Dranc.DRANCI\Lokale innstillinger\Programdata\fusioncache.dat 2007-10-16 16:35 . 2007-10-16 16:29 153498660 ----a-w e:\documents and settings\Dranc.DRANCI\WoW-2.2.3.7359-to-0.3.0.7382-enGB-patch.exe 2007-05-07 13:03 . 2007-04-17 10:11 18936 ----a-w e:\documents and settings\Dranc\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2007-04-25 15:49 . 2007-04-25 15:49 129 ----a-w e:\documents and settings\Dranc\Lokale innstillinger\Programdata\fusioncache.dat 2007-04-14 10:52 . 2007-04-14 10:52 65 ----a-w e:\programfiler\Fellesfiler\appop.log 2008-12-31 11:32 . 2007-07-27 14:25 88 --sh--r e:\windows2\system32\D0B165EC96.sys 2008-12-31 11:32 . 2007-07-27 14:25 3766 --sha-w e:\windows2\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows2\system32\ctfmon.exe" [2008-04-14 15360] "NVIDIA nTune"="e:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows2\system32\NvCpl.dll" [2009-02-18 13680640] "SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "PWRISOVM.EXE"="e:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "Adobe Photo Downloader"="e:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440] "Symantec PIF AlertEng"="e:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ccApp"="e:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816] "QuickTime Task"="e:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2009-01-06 290088] "NvMediaCenter"="e:\windows2\system32\NvMcTray.dll" [2009-02-18 86016] "nwiz"="nwiz.exe" - e:\windows2\system32\nwiz.exe [2009-02-18 1657376] "SoundMan"="SOUNDMAN.EXE" - e:\windows2\SOUNDMAN.EXE [2005-08-17 90112] "BluetoothAuthenticationAgent"="bthprops.cpl" - e:\windows2\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows2\system32\CTFMON.EXE" [2008-04-14 15360] e:\documents and settings\Dranc\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Xfire.lnk - e:\programfiler\Xfire\xfire.exe [2009-2-11 3008336] e:\documents and settings\All Users.WINDOWS2\Start-meny\Programmer\Oppstart\ ColorVisionStartup.lnk - e:\programfiler\ColorVision\Utility\ColorVisionStartup.exe [2006-1-31 385024] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Programfiler\\Xfire\\xfire.exe"= "e:\\Programfiler\\Valve\\Steam\\SteamApps\\gleini\\counter-strike source\\hl2.exe"= "e:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "e:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "e:\\Programfiler\\iTunes\\iTunes.exe"= "e:\\Programfiler\\Spotify\\spotify.exe"= "e:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "e:\\Programfiler\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13524:TCP"= 13524:TCP:BitComet 13524 TCP "13524:UDP"= 13524:UDP:BitComet 13524 UDP R3 PID_0920;Logitech QuickCam Express(PID_0920); [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);e:\windows2\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;e:\windows2\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;e:\windows2\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);e:\windows2\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);e:\windows2\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;e:\windows2\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);e:\windows2\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 USBAAPL;Apple Mobile USB Driver;e:\windows2\system32\Drivers\usbaapl.sys [2008-11-07 32000] S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;e:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-18 e:\windows2\Tasks\AppleSoftwareUpdate.job - e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-NBKeyScan - d:\nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - e:\programfiler\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - e:\programfiler\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - e:\programfiler\BitComet\BitComet.exe/AddAllLink.htm IE: E&ksporter til Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB FF - ProfilePath - e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\plugins\npDyyno.dll FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\plugins\npPxPlay.dll FF - plugin: e:\programfiler\Dyyno\Dyyno Player\npvlc.dll FF - plugin: e:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - e:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-26 21:25 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3652) e:\progra~1\WINDOW~2\wmpband.dll e:\windows2\system32\WPDShServiceObj.dll e:\windows2\system32\PortableDeviceTypes.dll e:\windows2\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-04-26 21:27 ComboFix-quarantined-files.txt 2009-04-26 19:26 ComboFix2.txt 2009-02-02 19:28 Pre-Run: 29 513 293 824 byte ledig Post-Run: 29 606 793 216 byte ledig 222 --- E O F --- 2009-04-16 20:55 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:46, on 26.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: E:\WINDOWS2\System32\smss.exe E:\WINDOWS2\system32\winlogon.exe E:\WINDOWS2\system32\services.exe E:\WINDOWS2\system32\lsass.exe E:\WINDOWS2\system32\svchost.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe E:\WINDOWS2\Explorer.EXE E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe E:\WINDOWS2\system32\spoolsv.exe E:\WINDOWS2\SOUNDMAN.EXE E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe E:\Programfiler\PowerISO\PWRISOVM.EXE E:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe E:\WINDOWS2\system32\rundll32.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programfiler\Bonjour\mDNSResponder.exe E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe E:\Programfiler\iTunes\iTunesHelper.exe E:\WINDOWS2\system32\nvsvc32.exe E:\WINDOWS2\system32\RUNDLL32.EXE E:\Programfiler\Photodex\ProShowGold\ScsiAccess.exe E:\WINDOWS2\system32\ctfmon.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Canon\CAL\CALMAIN.exe E:\Programfiler\iPod\bin\iPodService.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\wbem\wmiapsrv.exe E:\WINDOWS2\system32\wuauclt.exe E:\Programfiler\Norton 360\ScanStub.exe E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS2\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [symantec PIF AlertEng] "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ColorVisionStartup.lnk = E:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS2\system32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - E:\Programfiler\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Symantec Core LC - Unknown owner - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - E:\Programfiler\Fellesfiler\Symantec Shared\Support Controls\ssrc.exe -- End of file - 9411 bytes Lenke til kommentar
raWrz Skrevet 26. april 2009 Del Skrevet 26. april 2009 oppdater Mbam og ta et nytt søk. hvis mbam finer noe legger du til ny combofix logg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå