[Løst]Hjelp,fjerne malware (med logger)

[Stian V.H]

Hei!

 

Hjelper en kompis å fjerne malware på hans PC.

 

Kan noen se over loggene som jeg legger ut,ser det greit ut?

 

Klikk for å se/fjerne innholdet nedenfor

Combofix log;

--------------------------------------------------------------

 

ComboFix 09-09-22.03 - Kim-Vegar 23.09.2009 16:04.1.1 - NTFSx86

 

Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1023.500 [GMT 2:00]

 

Kjører fra: c:\documents and settings\Kim-Vegar\Skrivebord\ComboFix.exe

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

 

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

 

.

 

 

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

 

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

 

c:\documents and settings\Kim-Vegar\Lokale innstillinger\Temporary Internet Files\fbk.sts

 

c:\documents and settings\Madeleine\Lokale innstillinger\Temporary Internet Files\fbk.sts

 

c:\windows\Installer\196116.msi

 

c:\windows\Installer\291080.msi

 

c:\windows\Installer\30c4cd.msi

 

 

 

----- BITS: Mulige infiserte sider -----

 

 

 

hxxp://onestopstation.net

 

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-23 til 2009-09-23 )))))))))))))))))))))))))))))))))

 

.

 

 

 

2009-09-23 13:06 . 2009-09-23 13:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\SUPERAntiSpyware.com

 

2009-09-23 12:55 . 2009-09-23 12:55 -------- d-----w- c:\documents and settings\Administrator\Programdata\Malwarebytes

 

2009-09-22 17:53 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

 

2009-09-22 17:53 . 2009-09-22 17:53 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

 

2009-09-22 17:53 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

 

2009-09-22 16:58 . 2009-09-22 16:58 -------- d-----w- c:\documents and settings\Madeleine\Tracing

 

2009-09-22 16:41 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

 

2009-09-22 16:41 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

 

2009-09-22 16:27 . 2009-09-22 16:27 -------- d-----w- C:\$WIN_NT$.~BT

 

2009-09-22 16:15 . 2009-09-22 16:15 -------- d-----w- c:\programfiler\Elektroniske tjenester

 

2009-09-22 14:22 . 2009-09-23 12:59 -------- d-----w- c:\programfiler\Fellesfiler\Uninstall

 

2009-09-17 12:34 . 2009-09-23 13:38 -------- d-----w- c:\documents and settings\Kim-Vegar\Tracing

 

2009-09-16 12:55 . 2009-09-16 12:55 -------- d-----w- c:\programfiler\Microsoft

 

2009-09-16 12:54 . 2009-09-16 12:54 -------- d-----w- c:\programfiler\Windows Live SkyDrive

 

2009-09-16 12:38 . 2009-09-16 12:38 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live

 

2009-09-12 11:16 . 2009-09-12 11:16 -------- d-----w- c:\programfiler\Eidos Interactive

 

2009-09-12 11:06 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll

 

2009-09-12 11:06 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe

 

2009-09-12 11:06 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll

 

2009-09-12 11:06 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll

 

2009-09-12 11:06 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv

 

2009-09-12 11:06 . 2009-09-12 11:06 4608 ----a-w- c:\windows\system32\w95inf32.dll

 

2009-09-12 11:06 . 2009-09-12 11:06 2272 ----a-w- c:\windows\system32\w95inf16.dll

 

2009-09-12 11:06 . 2009-09-12 11:06 -------- d-----w- c:\programfiler\DISNEY INTERACTIVE

 

2009-09-11 13:51 . 2009-09-11 13:51 -------- d-----w- c:\documents and settings\Kim-Vegar\Programdata\Ahead

 

2009-09-11 13:49 . 2005-02-17 11:21 2682880 ----a-w- c:\windows\UNNeroVision.exe

 

2009-09-11 13:49 . 2001-03-08 16:30 24064 ----a-w- c:\windows\system32\msxml3a.dll

 

2009-09-11 13:48 . 2009-09-11 13:48 -------- d-----w- c:\documents and settings\All Users\Programdata\Ahead

 

2009-09-11 13:48 . 2004-07-09 06:43 364544 ----a-w- c:\windows\system32\TwnLib4.dll

 

2009-09-11 13:48 . 2001-06-26 05:15 38912 ----a-w- c:\windows\system32\picn20.dll

 

2009-09-11 13:46 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

 

2009-09-11 13:46 . 2004-07-26 14:16 476320 ----a-w- c:\windows\system32\ImagXpr7.dll

 

2009-09-11 13:46 . 2004-07-26 14:16 471040 ----a-w- c:\windows\system32\ImagXRA7.dll

 

2009-09-11 13:46 . 2004-07-26 14:16 262144 ----a-w- c:\windows\system32\ImagXR7.dll

 

2009-09-11 13:46 . 2004-07-26 14:16 1568768 ----a-w- c:\windows\system32\ImagX7.dll

 

2009-09-11 13:46 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

2009-09-11 13:46 . 2009-09-11 13:46 -------- d-----w- c:\programfiler\Fellesfiler\Ahead

 

2009-09-05 16:18 . 2009-09-05 16:18 -------- d-----w- c:\programfiler\Fellesfiler\xing shared

 

2009-09-04 14:08 . 2009-09-04 14:08 -------- d-----w- c:\programfiler\Real

 

2009-09-04 14:08 . 2009-09-05 16:16 -------- d-----w- c:\programfiler\Fellesfiler\Real

 

2009-09-04 12:18 . 2009-09-04 12:18 -------- d-----w- c:\programfiler\Java

 

2009-08-30 09:19 . 2000-06-23 12:05 136704 ----a-w- c:\windows\system32\iacenc.dll

 

2009-08-30 09:19 . 2000-06-22 11:09 56320 ----a-w- c:\windows\system32\iyvu9_32.dll

 

2009-08-30 09:14 . 1998-10-29 17:45 306688 ----a-w- c:\windows\IsUninst.exe

 

2009-08-30 09:12 . 1998-01-27 10:50 304128 ----a-w- c:\windows\IsUn0414.exe

 

2009-08-30 09:12 . 2009-08-30 09:12 -------- d-----w- c:\documents and settings\Kim-Vegar\WINDOWS

 

2009-08-28 18:15 . 2009-08-28 18:15 -------- d-----w- c:\documents and settings\Kim-Vegar\Lokale innstillinger\Programdata\Rockstar Games

 

2009-08-28 18:12 . 2009-09-01 15:15 -------- d-----w- c:\windows\system32\drivers\umdf

 

2009-08-28 17:14 . 2009-08-28 17:14 -------- d-----w- c:\programfiler\MSBuild

 

2009-08-28 17:14 . 2009-08-28 18:28 264992 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat

 

2009-08-28 17:11 . 2009-08-28 18:28 -------- d-----w- c:\windows\system32\XPSViewer

 

2009-08-28 17:11 . 2009-08-28 17:11 -------- d-----w- c:\programfiler\Reference Assemblies

 

2009-08-28 17:10 . 2006-06-29 11:07 14048 ----a-w- c:\windows\system32\spmsg2.dll

 

2009-08-26 13:04 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys

 

2009-08-26 13:04 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys

 

2009-08-26 13:04 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

 

2009-08-26 13:04 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

 

2009-08-26 13:04 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll

 

2009-08-26 13:04 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

 

2009-08-26 13:04 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

 

2009-08-26 13:04 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

 

2009-08-26 12:35 . 2009-08-26 12:35 -------- d-----w- c:\programfiler\Fellesfiler\PCSuite

 

2009-08-26 12:35 . 2009-09-09 16:50 -------- d-----w- c:\programfiler\Fellesfiler\Nokia

 

2009-08-26 12:32 . 2009-09-09 16:50 -------- d-----w- c:\programfiler\Nokia

 

 

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2009-09-23 14:02 . 2009-04-01 18:35 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8

 

2009-09-23 14:00 . 2009-02-28 09:42 64176 -c--a-w- c:\documents and settings\Kim-Vegar\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

 

2009-09-23 13:37 . 2009-02-27 19:33 -------- d-----w- c:\programfiler\SUPERAntiSpyware

 

2009-09-23 13:23 . 2004-08-04 12:00 75640 ----a-w- c:\windows\system32\perfc014.dat

 

2009-09-23 13:23 . 2004-08-04 12:00 433890 ----a-w- c:\windows\system32\perfh014.dat

 

2009-09-22 16:51 . 2009-02-27 19:06 22856 -c--a-w- c:\windows\system32\emptyregdb.dat

 

2009-09-17 14:23 . 2009-03-08 12:45 -------- d-----w- c:\documents and settings\Kim-Vegar\Programdata\LimeWire

 

2009-09-16 12:56 . 2009-02-28 10:19 -------- d-----w- c:\programfiler\Windows Live

 

2009-09-12 12:42 . 2009-05-01 11:23 -------- d-----w- c:\programfiler\Fellesfiler\Teleca Shared

 

2009-09-11 13:48 . 2009-06-13 18:08 -------- d-----w- c:\programfiler\Ahead

 

2009-09-09 16:51 . 2009-02-27 19:26 -------- d--h--w- c:\programfiler\InstallShield Installation Information

 

2009-09-04 14:08 . 2009-02-28 10:49 348160 ----a-w- c:\windows\system32\msvcr71.dll

 

2009-09-04 14:08 . 2009-02-28 10:49 499712 ----a-w- c:\windows\system32\msvcp71.dll

 

2009-09-04 12:19 . 2009-03-05 09:39 411368 ----a-w- c:\windows\system32\deploytk.dll

 

2009-08-31 17:30 . 2009-03-08 12:44 -------- d-----w- c:\documents and settings\Kim-Vegar\Programdata\PC Suite

 

2009-08-30 10:51 . 2009-03-08 12:45 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Suite

 

2009-08-26 13:03 . 2009-03-08 12:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Installations

 

2009-08-20 12:28 . 2009-04-01 18:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

2009-08-20 12:28 . 2009-04-01 18:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

 

2009-08-20 12:28 . 2009-04-01 18:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

 

2009-08-12 18:55 . 2009-08-12 18:55 -------- d-----w- c:\programfiler\Microsoft Works

 

2009-08-09 19:08 . 2009-08-06 14:43 -------- d-----w- c:\programfiler\Steam

 

2009-08-09 16:44 . 2009-08-09 16:44 -------- d-----w- c:\programfiler\LimeWire

 

2009-08-08 15:04 . 2009-04-11 12:42 664 ----a-w- c:\windows\system32\d3d9caps.dat

 

2009-08-08 08:31 . 2009-03-08 12:45 -------- d-----w- c:\documents and settings\Kim-Vegar\Programdata\Nokia

 

2009-08-08 07:37 . 2009-08-08 07:37 -------- d-----w- c:\documents and settings\All Users\Programdata\Nokia

 

2009-08-07 19:45 . 2009-08-07 19:45 -------- d-----w- c:\programfiler\MSXML 6.0

 

2009-08-07 18:14 . 2009-08-07 18:14 -------- d-----w- c:\documents and settings\All Users\Programdata\nView_Profiles

 

2009-08-07 10:27 . 2009-08-06 16:45 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

 

2009-08-07 10:26 . 2009-08-06 16:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

 

2009-08-06 16:44 . 2009-08-06 16:44 -------- d--h--r- c:\documents and settings\Kim-Vegar\Programdata\SecuROM

 

2009-08-06 14:47 . 2009-08-06 14:47 616 ----a-w- c:\windows\eReg.dat

 

2009-08-06 14:42 . 2009-08-06 10:32 -------- d-----w- c:\programfiler\Windows Live Toolbar

 

2009-08-06 10:34 . 2009-08-06 10:34 -------- d-----w- c:\documents and settings\All Users\Programdata\Windows Live Toolbar

 

2009-07-31 15:13 . 2009-07-31 15:13 -------- d-----w- c:\documents and settings\Madeleine\Programdata\Sony Ericsson

 

2009-07-28 17:46 . 2009-07-28 17:46 -------- d-----w- c:\documents and settings\Kim-Vegar\Programdata\Sony Ericsson

 

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

 

2009-07-25 14:50 . 2009-07-08 11:45 -------- d-----w- c:\documents and settings\All Users\Programdata\AVG Security Toolbar

 

2009-02-27 16:34 . 2009-02-27 19:25 18734784 ----a-w- c:\programfiler\WDM_A406.exe

 

.

 

 

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

 

REGEDIT4

 

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

 

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

 

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

 

2009-07-24 07:55 1090816 ----a-w- c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

 

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

 

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

 

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

 

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

"PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

 

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-23 1998576]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]

 

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

 

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-01-06 290088]

 

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]

 

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

 

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

 

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-09-04 149280]

 

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2009-09-04 198160]

 

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

 

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

 

"Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

 

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

 

 

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

 

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

2009-09-23 13:37 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

 

2009-08-20 12:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

@="Driver"

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

 

"%windir%\\system32\\sessmgr.exe"=

 

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

 

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

 

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

 

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

 

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

 

 

 

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01.04.2009 20:35 335240]

 

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01.04.2009 20:35 108552]

 

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [17.02.2009 12:43 9968]

 

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2009 12:43 74480]

 

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08.07.2009 13:45 297752]

 

R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [17.02.2009 12:43 7408]

 

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.08.2009 15:04 136704]

 

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.08.2009 15:04 8320]

 

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [28.02.2009 10:22 32000]

 

 

 

--- Andre tjenester/drivere lastet i minnet ---

 

 

 

*NewlyCreated* - SASDIFSV

 

.

 

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

 

 

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job

 

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

 

 

2009-09-23 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

 

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]

 

.

 

.

 

------- Tilleggsskanning -------

 

.

 

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

uInternet Settings,ProxyOverride = *.local

 

uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

 

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

 

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

IE: Åpne i ny bakgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?8440266543734d8787d6fd1fffa2aeee

 

IE: Åpne i ny forgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?8440266543734d8787d6fd1fffa2aeee

 

.

 

- - - - TOMME PEKERE FJERNET - - - -

 

 

 

HKCU-Run-RGSC - c:\programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

 

HKLM-Run-P2Pcontrol - c:\programfiler\P2Pcontrol\p2control.exe

 

 

 

 

 

 

 

**************************************************************************

 

 

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2009-09-23 16:09

 

Windows 5.1.2600 Service Pack 2 NTFS

 

 

 

skanner skjulte prosesser ...

 

 

 

skanner skjulte autostart-oppføringer ...

 

 

 

skanner skjulte filer ...

 

 

 

skanning vellykket

 

skjulte filer: 0

 

 

 

**************************************************************************

 

.

 

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

 

 

[HKEY_USERS\S-1-5-21-484763869-1275210071-725345543-1004\Software\SecuROM\License information*]

 

"datasecu"=hex:37,54,ea,71,30,a5,cf,3b,7e,7a,42,27,db,44,26,85,3b,86,a1,cf,97,

 

a3,bd,2f,8c,0c,04,ac,a0,5e,aa,73,ea,86,1c,44,ea,7b,cc,86,50,1f,6b,ce,ee,60,\

 

"rkeysecu"=hex:79,d4,e2,4b,83,ed,29,f8,32,05,bc,f5,5c,62,51,6c

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

 

"Enabled"=dword:00000001

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

 

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker3"

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

 

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

Tidspunkt ferdig: 2009-09-23 16:11

 

ComboFix-quarantined-files.txt 2009-09-23 14:10

 

 

 

Pre-Run: 4 018 192 384 byte ledig

 

Post-Run: 4 720 381 952 byte ledig

 

 

 

252 --- E O F --- 2009-03-11 14:35

 

 

 

------------------------------------------------------------------------

 

 

Malwarebytes log;

 

Malwarebytes' Anti-Malware 1.41

 

Databaseversjon: 2849

 

Windows 5.1.2600 Service Pack 2

 

 

 

23.09.2009 16:18:55

 

mbam-log-2009-09-23 (16-18-55).txt

 

 

 

Skanntype: Rask Skann

 

Objekter skannet: 105458

 

Tid tilbakelagt: 3 minute(s), 36 second(s)

 

 

 

Minneprosesser infisert: 0

 

Minnemoduler infisert: 0

 

Registernøkler infisert: 0

 

Registerverdier infisert: 0

 

Registerfiler infisert: 0

 

Mapper infisert: 0

 

Filer infisert: 0

 

 

 

Minneprosesser infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Minnemoduler infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Registernøkler infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Registerverdier infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Registerfiler infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Mapper infisert:

 

(Ingen mistenkelige filer funnet)

 

 

 

Filer infisert:

 

(Ingen mistenkelige filer funnet)

 

 

------------------------------------------------------------------------

 

Hijackthis log;

 

 

Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 15:53:47, on 23.09.2009

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

 

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

 

C:\Programfiler\Bonjour\mDNSResponder.exe

 

C:\Programfiler\Java\jre6\bin\jqs.exe

 

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\WINDOWS\system32\svchost.exe

 

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

 

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

 

C:\Programfiler\iTunes\iTunesHelper.exe

 

C:\PROGRA~1\AVG\AVG8\avgtray.exe

 

C:\Programfiler\Java\jre6\bin\jusched.exe

 

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

 

C:\WINDOWS\system32\RUNDLL32.EXE

 

C:\WINDOWS\SOUNDMAN.EXE

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

 

C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe

 

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

C:\WINDOWS\system32\wbem\wmiapsrv.exe

 

C:\Programfiler\iPod\bin\iPodService.exe

 

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

 

C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe

 

C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe

 

C:\Programfiler\Windows Live\Contacts\wlcomm.exe

 

C:\Documents and Settings\Kim-Vegar\Skrivebord\haijakkdether\HiJackThis.exe

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

 

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

 

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

 

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Programfiler\AVG\AVG8\avgssie.dll

 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

 

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

 

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

 

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

 

O4 - HKLM\..\Run: [Java Load] C:\Documents and Settings\Madeleine\Programdata\_672b9f69e1e917dbb5cf92378d7f298d\down\minisvr010.exe

 

O4 - HKLM\..\Run: [P2Pcontrol] C:\Programfiler\P2Pcontrol\p2control.exe

 

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

 

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

 

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

 

O4 - HKCU\..\Run: [RGSC] C:\Programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

 

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

 

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?8440266543734d8787d6fd1fffa2aeee

 

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?8440266543734d8787d6fd1fffa2aeee

 

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

 

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235814593531

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

 

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

 

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

 

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

 

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

 

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

 

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

 

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

 

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

 

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

 

 

 

--

 

End of file - 9430 bytes

 

---------------------------------------------------------------------------

 

 

Mvh Stian.V.H

 

PS: (Vet at det er SP2 og ikke SP3 som er installert,jobber med saken,da det er noe feil med Windows update på PCen).

Endret 24. september 2009 av WheelMan
Spoilertag lagt til, tråd flyttet

[norbat]

Kan ikke se noe malware i loggene. Kjører pc'n ok?

[Stian V.H]

PC-en kjører ok,ingen mistenkelig oppførsel på den.

Var ganske mye som var infisert (mye malware).

Kjørte oppskriften med Malwarebytes,Superantispyware,Hijackthis og Combofix til slutt.

 

Takk for svar norbat!

 

Mvh Stian.V.H

Endret 26. september 2009 av Stian V.H