eUnaas Skrevet 13. oktober 2009 Del Skrevet 13. oktober 2009 (endret) Under innspurten med en eksamensoppgave i dag har pcen min blitt "kapret" av ett eller annet svært ondsinnet virus, troian eller noe annet humbug. Programmer som BrowseIT og .exe åpner seg i hundretall i oppgavebehandlingen. HiJackThis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:59:25, on 13.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\wshost32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\wshost32.exe C:\WINDOWS\system32\.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: 67.215.1.50 server1.unibaq.com O1 - Hosts: 67.215.1.50 mob.i-sys.ru O1 - Hosts: 67.215.1.50 mysql.unibaq.com O1 - Hosts: 67.215.1.50 web.installloader.com O1 - Hosts: 67.215.1.50 web.installloader.biz O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [523] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [274] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [263] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [309] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [429] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [059] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [386] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [307] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [521] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [819] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [147] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [084] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [239] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [737] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [782] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [311] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [145] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [053] C:\WINDOWS\system32\umdmgr.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [] C:\WINDOWS\system32\.exe O4 - HKLM\..\Run: [wshost32] C:\WINDOWS\system32\wshost32.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKCU\..\Run: [12CFG214-K641-24SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox\bin\Dropbox.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe -- End of file - 9653 bytes Antivirus, Superantispyware osv finner ikke særlig å ta tak i. -Har noen mulighet til å hjelpe meg? Takker på forhånd. Endret 13. oktober 2009 av eunaas Lenke til kommentar
eUnaas Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 Malevarebytes Malwarebytes' Anti-Malware 1.41 Database version: 2955 Windows 5.1.2600 Service Pack 3 (Safe Mode) 14.10.2009 01:03:10 mbam-log-2009-10-14 (01-03-10).txt Scan type: Quick Scan Objects scanned: 117683 Time elapsed: 10 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 120 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n85p (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp05.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp07.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp20.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp21.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp39.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp52.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp55.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp58.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp59.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp65.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp83.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp85.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp93.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\106.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\111.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\115.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\116.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\120.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\128.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\139.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\148.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\155.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\162.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\174.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\177.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\190.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\195.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\202.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\222.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\239.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\245.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\253.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\256.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\258.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\266.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\272.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\279.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\282.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\285.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\295.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\298.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\299.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\354.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\355.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\356.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\364.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\371.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\379.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\381.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\386.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\394.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\403.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\419.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\432.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\434.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\453.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\456.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\472.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\475.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\479.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\481.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\482.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\484.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\485.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\488.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\490.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\496.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\513.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\516.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\522.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\536.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\556.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\566.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\572.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\579.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\592.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\605.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\613.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\614.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\634.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\651.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\669.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\673.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\677.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\690.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\698.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\721.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\741.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\752.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\773.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\783.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\784.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\816.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\823.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\826.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\829.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\851.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\867.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\875.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\876.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\882.exe (Trojan.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\884.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\887.exe (Trojan.Antavmu) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\892.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\893.exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\906.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\931.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\956.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\959.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\973.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\997.exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\999.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\Temporary Internet Files\Content.IE5\7Z9ATC05\pr3xy[1].exe (Worm.Autorun) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\Temporary Internet Files\Content.IE5\HRA2H4NX\so8[1].exe (Trojan.Ranky) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\Temporary Internet Files\Content.IE5\HRA2H4NX\um.1[2].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temporary Internet Files\Content.IE5\YBCN0VAE\pr3xy[1].exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe (Worm.AutoRun) -> Quarantined and deleted successfully. [ Lenke til kommentar
eUnaas Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 Malwarebytes' Anti-Malware 1.41 Database version: 2962 Windows 5.1.2600 Service Pack 3 14.10.2009 18:16:40 mbam-log-2009-10-14 (18-16-40).txt Scan type: Quick Scan Objects scanned: 117906 Time elapsed: 11 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Pushbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n85p (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temp\294.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Temporary Internet Files\Content.IE5\8PUZW1IJ\pr3xy[1].exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe (Worm.AutoRun) -> Quarantined and deleted successfully. Lenke til kommentar
Atiks Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 Ta en ny skann å se om MBAM finner noe mer. Lenke til kommentar
norbat Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 Fikk du kjørt Combofix også? Lenke til kommentar
eUnaas Skrevet 24. oktober 2009 Forfatter Del Skrevet 24. oktober 2009 Combofix ComboFix 09-10-23.01 - Administrator 23.10.2009 19:00.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.702 [GMT 2:00] Running from: c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\bcrypt.html c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859 c:\recycler\S-1-5-21-0458341864-3322336594-970004486-6038 c:\recycler\S-1-5-21-1063440008-9459187491-749149295-7703 c:\recycler\S-1-5-21-1481459955-1641436238-469407182-4811 c:\recycler\S-1-5-21-1754688213-1667493963-850070737-4340 c:\recycler\S-1-5-21-2260677488-7650580347-290000580-3585 c:\recycler\S-1-5-21-2786956447-5284399352-378576905-1124 c:\recycler\S-1-5-21-2998018917-1810382043-604253786-4651 c:\recycler\S-1-5-21-3086963534-5912886620-688810533-7543 c:\recycler\S-1-5-21-4106869197-1444103363-916139870-9054 c:\recycler\S-1-5-21-4564164597-5142881594-964239994-3473 c:\recycler\S-1-5-21-4570637255-5639142648-327707536-7699 c:\recycler\S-1-5-21-4948892044-0978154773-674719624-5437 c:\recycler\S-1-5-21-5236696651-9963356477-167238951-4649 c:\recycler\S-1-5-21-6239356695-7439564217-684842134-0170 c:\recycler\S-1-5-21-6489820099-2560015425-858317225-9699 c:\recycler\S-1-5-21-6519138697-7055356489-171450737-1222 c:\recycler\S-1-5-21-6626534797-6393651376-867060752-1398 c:\recycler\S-1-5-21-7009361206-6676467805-909572962-2696 c:\recycler\S-1-5-21-7527396451-7853765992-507731722-6614 c:\recycler\S-1-5-21-7585731291-7201589559-350292925-3435 c:\recycler\S-1-5-21-7878947491-3845284696-146345188-2071 c:\recycler\S-1-5-21-7944333633-3966272996-625777154-6220 c:\recycler\S-1-5-21-8239250034-0144949763-471485877-4135 c:\recycler\S-1-5-21-8476305330-9113236991-068871542-9220 c:\recycler\S-1-5-21-8900093018-5614790382-468079208-3150 c:\windows\system32\.exe c:\windows\system32\Drivers\pwohsb.sys c:\windows\system32\msconfig.exe . ((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 ))))))))))))))))))))))))))))))) . 2009-10-14 19:51 . 2009-10-14 19:51 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-14 09:22 . 2009-10-14 19:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-10-14 09:22 . 2009-10-14 19:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-14 05:48 . 2009-10-14 05:48 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-14 05:48 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-10-14 05:48 . 2009-10-14 05:48 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-14 05:48 . 2009-10-14 05:48 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\TuneUp Software 2009-10-14 05:45 . 2009-10-14 05:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software 2009-10-14 05:45 . 2009-10-14 19:51 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-10-13 21:54 . 2009-10-13 21:54 -------- d-----w- c:\program files\Trend Micro 2009-10-12 12:42 . 2009-10-12 12:42 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Autodesk 2009-10-12 12:39 . 2009-10-12 12:39 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Autodesk 2009-10-12 12:32 . 2009-10-12 12:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-10-12 12:29 . 2009-10-12 12:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Autodesk 2009-10-12 12:28 . 2009-10-12 12:33 -------- d-----w- c:\program files\Autodesk 2009-10-12 12:28 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2009-10-12 12:28 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2009-10-12 12:27 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2009-10-12 12:27 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-10-12 12:27 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-10-12 12:27 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-10-12 12:27 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2009-10-12 12:27 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll 2009-10-12 12:27 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-10-12 12:27 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-10-12 12:27 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-10-12 12:27 . 2009-10-12 12:27 -------- d-----w- c:\windows\Logs 2009-10-12 12:21 . 2009-10-12 12:22 -------- d-----w- C:\fa016fbaecd651e77ab3fd 2009-10-12 12:21 . 2009-10-13 20:51 -------- d-----w- c:\windows\SxsCaPendDel 2009-10-12 12:02 . 2009-10-12 12:02 -------- d-----w- C:\Autodesk 2009-10-12 09:09 . 2009-10-12 10:09 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Download Manager 2009-10-12 07:43 . 2009-10-12 07:43 -------- d-----w- c:\program files\Photodex Presenter 2009-10-12 07:43 . 2009-10-12 07:43 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Netscape 2009-10-12 07:42 . 2009-10-12 07:42 -------- d-----w- c:\program files\Photodex 2009-10-12 07:42 . 2009-10-12 07:42 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Photodex . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-20 23:59 . 2008-10-25 22:00 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\uTorrent 2009-10-20 22:25 . 2009-09-08 18:33 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox 2009-10-18 20:10 . 2009-05-10 18:44 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Spotify 2009-10-14 15:38 . 2009-08-17 07:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-13 22:10 . 2009-08-16 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 19:50 . 2008-11-19 11:17 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\CoreFTP 2009-10-13 08:19 . 2008-11-13 15:07 60336 ----a-w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-12 13:49 . 2009-09-12 13:12 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-12 12:40 . 2008-10-26 00:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet 2009-10-12 10:49 . 2008-10-25 23:12 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-17 22:43 . 2008-10-26 07:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-09-10 12:54 . 2009-08-16 19:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-16 19:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-08 07:30 . 2009-07-06 20:55 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-07 17:35 . 2009-08-16 19:01 19672 ----a-w- c:\windows\system32\drivers\hosts 2009-08-16 19:01 . 2009-07-19 17:09 290 ----a-w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\pant32.exe . ------- Sigcheck ------- [-] 2008-05-06 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll c:\windows\system32\wuauclt.exe ... is missing !! c:\windows\system32\wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox\bin\DropboxExt.3.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "Google Update"="c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-22 133104] "mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-17 288048] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-03 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-06 99840] c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Dropbox\bin\Dropbox.exe [2009-9-3 26785147] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/14/2009 7:48 AM 604488] S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [10/26/2008 12:00 AM 32000] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-10-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] 2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1454471165-1606980848-500Core.job - c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 17:57] 2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1454471165-1606980848-500UA.job - c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 17:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll FF - ProfilePath - c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Mozilla\Firefox\Profiles\uenxg1tm.default\ FF - plugin: c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\documents and settings\Administrator.EXPERIEN-1F1AC2\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-23 19:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\igfxdev.dll . Completion time: 2009-10-23 19:09 ComboFix-quarantined-files.txt 2009-10-23 17:09 Pre-Run: 27 052 380 160 bytes free Post-Run: 27 085 664 256 bytes free - - End Of File - - 51B1773C0F76EA384A1FC61FE15CF856 Lenke til kommentar
eUnaas Skrevet 24. oktober 2009 Forfatter Del Skrevet 24. oktober 2009 Klikk for å se/fjerne spoilerteksten nedenfor Malwarebytes' Anti-Malware 1.41Database version: 3023 Windows 5.1.2600 Service Pack 3 23.10.2009 19:35:12 mbam-log-2009-10-23 (19-35-12).txt Scan type: Quick Scan Objects scanned: 118623 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) [/spoler] ...det som er litt merkelig er at i blandt (som nå) så plager ikke virusinfeksjonstroianene meg noe, men andre ganger jeg starter pcen, så er livet et hælvette. Vet ikke hvorfor enkelte ganger kaprer de pcen, mens andre ganger, så virser ikke viruset seg i heletatt. Lenke til kommentar
norbat Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. MIA:: %system%\wuauclt.exe %system%\wscntfy.exe Endret 24. oktober 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå