Wiralna Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 (endret) Hallo der. Sitter nå og erger meg over at dette viruset har klart å snike seg inn... Men siden jeg ikke er den beste på antivirus og lignende, spør jeg her... HJELP MEG! HJT-logg ligger under: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34:09, on 14.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Programmer\DAEMON tools\daemon.exe C:\Programfiler\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\V0330Mon.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Microsoft Office 2007 Norsk\Office12\GrooveMonitor.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE E:\Programmer\Bitcomet\BitComet.exe C:\Programfiler\Electronic Arts\EADM\Core.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\DOCUME~1\ALLUSE~1\PROGRA~1\53597736\53597736.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Java\jre6\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\gjølstad\Skrivebord\Antivirus greier\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programmer\Bitcomet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programmer\Grisoft\avgssie.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2007 Norsk\Office12\GrooveShellExtensions.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programmer\DAEMON tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WheelMouse] C:\Programfiler\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programfiler\Fellesfiler\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007 Norsk\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [53597736] C:\DOCUME~1\ALLUSE~1\PROGRA~1\53597736\53597736.exe O4 - HKCU\..\Run: [bitComet] "E:\Programmer\Bitcomet\BitComet.exe" /tray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gjølstad\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EA Core] "C:\Programfiler\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} (Fronter OES2 release 22) - https://fronter.com/fredrikstadgs/links/fronter_oes2.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15107/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office 2007 Norsk\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: UPnPService - Magix AG - C:\Programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9909 bytes Hva må gjøres og hva må fjernes? På forhånd, takk. Endret 18. oktober 2009 av Wiralna Lenke til kommentar
norbat Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 Kjør en rask skann med MBAM (se veiledningen) Post loggen den lager her i din egen tråd. Lenke til kommentar
Wiralna Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 Nå har det dumme viruset blokkert hele MBAM... Jeg fikk startet en scan, gikk litt vekk fra PCen. Når jeg kom tilbake var PCen restartet og jeg får ikke startet MBAM noe mer. Flere løsninger? Lenke til kommentar
norbat Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 Last ned SDfix, legg det på skrivebordet. Dobbeltklikk på SDFix.exe Programmet vil pakkes ut og opprette ei mappe rett under C:, SDFix Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa (C:\SDFix) og dobbeltklikk på fila RunThis.bat, følg instruksjonen (vanligvis er det ved å trykke Y-tasten for å starte rensingen) Når programmet er ferdig vil det bli laget en logg som du kan poste. Forsøk deretter å kjøre MBAM. Lenke til kommentar
Wiralna Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 Uheldigvis tillater ikke malwaren å pakke ut programmet... Stopper hele prosessen etter 60%. Jeg har startet en scan med SAS for å se om jeg finner noe. Finnes det flere løsninger i det heletatt? Lenke til kommentar
norbat Skrevet 14. oktober 2009 Del Skrevet 14. oktober 2009 Det er nok er rootkit som hindrer kjøringen. At du får kjørt SAS kan hjelpe. Gi tilbakemelding på hvordan det går (post loggen den lager). Hvis det fortsatt er probl. så prøver vi noen andre måter Lenke til kommentar
Wiralna Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 PCen restartet igjen, men denne gangen rakk jeg å hoppe inn på sikkerhetsmodus. Programmene er nå venner med meg igjen! :!: Skal prøve på å kjøre programmet du ba meg laste ned sist Lenke til kommentar
Wiralna Skrevet 14. oktober 2009 Forfatter Del Skrevet 14. oktober 2009 Nå har jeg altså kjørt SDfix, MBAM og Combofix. Og her kommer loggene! SDfix: SDFix: Version 1.240 Run by gjølstad on 14.10.2009 at 23:39 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\gjølstad\Lokale innstillinger\Temp\ubi124.tmp.exe - Deleted C:\DOCUME~1\GJLSTA~1\LOKALE~1\Temp\tmp45.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 23:45:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys01060d11902] "001fe465be70"=hex:f9,08,2b,a3,6a,96,47,75,6d,7a,0a,e7,e5,87,6e,46 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:92ca9018 "s2"=dword:89d05db3 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\Programmer\DAEMON tools\" "h0"=dword:00000000 "khjeh"=hex:01,43,29,96,f9,dc,13,57,2d,d9,5b,39,d2,ca,76,c9,e3,b4,a5,11,ec,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,bd,13,60,28,da,f9,99,f6,85,55,47,44,6b,a4,66,56,c3,.. "khjeh"=hex:34,60,57,b8,77,8f,34,bd,0d,09,a1,00,34,bc,93,8a,85,bc,21,9a,9a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:8b,06,b0,ac,be,33,18,0c,66,69,48,79,eb,00,15,ac,d3,d2,77,09,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41] "khjeh"=hex:e9,b9,78,29,80,49,99,2f,b8,c6,b4,4f,e9,79,2c,45,ad,74,90,e4,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42] "khjeh"=hex:81,48,cc,b7,b6,08,71,5e,ad,9f,81,85,fd,91,41,fb,82,b6,c6,0c,4b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43] "khjeh"=hex:1b,5d,41,97,a4,bd,36,ee,11,b8,67,9a,7a,1a,d0,4c,23,c4,9f,e8,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\Programmer\DAEMON tools\" "h0"=dword:00000000 "khjeh"=hex:01,43,29,96,f9,dc,13,57,2d,d9,5b,39,d2,ca,76,c9,e3,b4,a5,11,ec,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,bd,13,60,28,da,f9,99,f6,85,55,47,44,6b,a4,66,56,c3,.. "khjeh"=hex:34,60,57,b8,77,8f,34,bd,0d,09,a1,00,34,bc,93,8a,85,bc,21,9a,9a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:8b,06,b0,ac,be,33,18,0c,66,69,48,79,eb,00,15,ac,d3,d2,77,09,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41] "khjeh"=hex:e9,b9,78,29,80,49,99,2f,b8,c6,b4,4f,e9,79,2c,45,ad,74,90,e4,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42] "khjeh"=hex:81,48,cc,b7,b6,08,71,5e,ad,9f,81,85,fd,91,41,fb,82,b6,c6,0c,4b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43] "khjeh"=hex:b4,61,c7,35,20,9d,3c,48,e7,9f,48,7a,ee,07,00,63,a2,91,f1,25,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys01060d11902] "001fe465be70"=hex:f9,08,2b,a3,6a,96,47,75,6d,7a,0a,e7,e5,87,6e,46 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\Programmer\DAEMON tools\" "h0"=dword:00000000 "khjeh"=hex:01,43,29,96,f9,dc,13,57,2d,d9,5b,39,d2,ca,76,c9,e3,b4,a5,11,ec,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,bd,13,60,28,da,f9,99,f6,85,55,47,44,6b,a4,66,56,c3,.. "khjeh"=hex:34,60,57,b8,77,8f,34,bd,0d,09,a1,00,34,bc,93,8a,85,bc,21,9a,9a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:8b,06,b0,ac,be,33,18,0c,66,69,48,79,eb,00,15,ac,d3,d2,77,09,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41] "khjeh"=hex:e9,b9,78,29,80,49,99,2f,b8,c6,b4,4f,e9,79,2c,45,ad,74,90,e4,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42] "khjeh"=hex:81,48,cc,b7,b6,08,71,5e,ad,9f,81,85,fd,91,41,fb,82,b6,c6,0c,4b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43] "khjeh"=hex:1b,5d,41,97,a4,bd,36,ee,11,b8,67,9a,7a,1a,d0,4c,23,c4,9f,e8,a1,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "E:\\Programmer\\Bitcomet\\BitComet.exe"="E:\\Programmer\\Bitcomet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "E:\\Spill\\Counter Strike 1.6\\hl.exe"="E:\\Spill\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher" "E:\\Spill\\EA GAMES\\Battlefield 2\\BF2.exe"="E:\\Spill\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "E:\\Spill\\EA GAMES\\BF2142.exe"="E:\\Spill\\EA GAMES\\BF2142.exe:*:Enabled:Battlefield 2" "C:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\ascent.exe"="C:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\ascent.exe:*:Enabled:ascent" "C:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\logonserver.exe"="C:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\logonserver.exe:*:Enabled:logonserver" "E:\\Spill\\EA GAMES\\Battlefield 1942\\BF1942.exe"="E:\\Spill\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "E:\\Spill\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="E:\\Spill\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader" "E:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\age2_x1.exe"="E:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "E:\\Spill\\Blizzard Entertainment\\Warcraft III\\war3.exe"="E:\\Spill\\Blizzard Entertainment\\Warcraft III\\war3.exe:*:Enabled:Warcraft III" "E:\\Programmer\\Grisoft\\AVG7\\avginet.exe"="E:\\Programmer\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "E:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"="E:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "E:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"="E:\\Programmer\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\\Spill\\Microsoft Games\\Halo\\halo.exe"="E:\\Spill\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\empires2.exe"="E:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\empires2.exe:*:Enabled:Age of Empires II" "C:\\Documents and Settings\\gjølstad\\Skrivebord\\WoW-2.4.3.8568-to-3.0.2.8916-enGB-downloader.exe"="C:\\Documents and Settings\\gjølstad\\Skrivebord\\WoW-2.4.3.8568-to-3.0.2.8916-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\BackgroundDownloader.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\World of Warcraft Public Test\\Wow.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\World of Warcraft Public Test\\Wow.exe:*:Enabled:World of Warcraft Public Test" "E:\\Spill\\Activision\\CoD4\\iw3mp.exe"="E:\\Spill\\Activision\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " "E:\\Spill\\Activision\\CoDWaW\\CoDWaW.exe"="E:\\Spill\\Activision\\CoDWaW\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "E:\\Spill\\Activision\\CoDWaW\\CoDWaWmp.exe"="E:\\Spill\\Activision\\CoDWaW\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\\Documents and Settings\\gjølstad\\Lokale innstillinger\\Temp\\Blizzard Launcher Temporary - 64e51230\\Launcher.exe"="C:\\Documents and Settings\\gjølstad\\Lokale innstillinger\\Temp\\Blizzard Launcher Temporary - 64e51230\\Launcher.exe:*:Enabled:Blizzard Launcher" "I:\\Spill\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.6.game"="I:\\Spill\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.6.game:*:Enabled:Command & Conquer™ Red Alert™ 3" "C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"="C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager" "C:\\Documents and Settings\\gjølstad\\Lokale innstillinger\\Temp\\Blizzard Launcher Temporary - c71e25a8\\Launcher.exe"="C:\\Documents and Settings\\gjølstad\\Lokale innstillinger\\Temp\\Blizzard Launcher Temporary - c71e25a8\\Launcher.exe:*:Enabled:Blizzard Launcher" "I:\\Spill\\Splinter Cell\\SCDA-Offline\\System\\SplinterCell4.exe"="I:\\Spill\\Splinter Cell\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4" "I:\\Spill\\Splinter Cell\\SCDA-Online\\System\\SCDA_online.exe"="I:\\Spill\\Splinter Cell\\SCDA-Online\\System\\SCDA_online.exe:*:Enabled:SCDA_online" "I:\\Spill\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.7.game"="I:\\Spill\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.7.game:*:Enabled:Command & Conquer™ Red Alert™ 3" "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "I:\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"="I:\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\Launcher.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\\Programfiler\\Curse\\CurseClient.exe"="C:\\Programfiler\\Curse\\CurseClient.exe:*:Enabled:Curse Client" "E:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Game.exe"="E:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas" "E:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Launcher.exe"="E:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater" "C:\\Programfiler\\Spotify\\spotify.exe"="C:\\Programfiler\\Spotify\\spotify.exe:*:Enabled:Spotify" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "K:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="K:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "K:\\World of Warcraft\\Launcher.exe"="K:\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="E:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 19 Sep 2009 221,220 ..SHR --- "C:\RECYCLER\S-1-5-21-2168057342-4808506458-701632020-9041\rundll32.exe" Tue 26 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 12 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 17 Sep 2007 356,352 A..H. --- "C:\Documents and Settings\All Users\Programdata\NVIDIA\nvudisp.exe" Mon 17 Sep 2007 116,880 A..H. --- "C:\Documents and Settings\All Users\Programdata\NVIDIA\setup.exe" Mon 23 Feb 2009 2,421 ...HR --- "C:\Documents and Settings\gj›lstad\Programdata\SecuROM\UserData\securom_v7_01.bak" Thu 17 Oct 2002 8,200 A..H. --- "C:\Documents and Settings\All Users\Programdata\Microsoft\OFFICE\DATA\OPA12.BAK" Mon 27 Jul 2009 2,465,604 ...H. --- "C:\Documents and Settings\gj›lstad\Programdata\Sun\Java\jre1.6.0_15\BIT130.tmp" Sat 1 Aug 2009 659,712 ...H. --- "C:\Documents and Settings\gj›lstad\Programdata\Sun\Java\jre1.6.0_15\BIT131.tmp" Finished! MBAM: Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2962 Windows 5.1.2600 Service Pack 3 14.10.2009 23:57:41 mbam-log-2009-10-14 (23-57-41).txt Skanntype: Rask Skann Objekter skannet: 109452 Tid tilbakelagt: 4 minute(s), 42 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 6 Registerverdier infisert: 4 Registerfiler infisert: 0 Mapper infisert: 3 Filer infisert: 7 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ae2a9a0-dc33-4c27-b521-5b6c68c1c53d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{183807b8-bc07-48a2-8dad-abc96fa6c7a8} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\53597736 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20878429 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\63573024 (Rogue.Multiple) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\All Users\Programdata\20878429 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\53597736 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\63573024 (Rogue.Multiple) -> Delete on reboot. Filer infisert: C:\RECYCLER\S-1-5-21-2168057342-4808506458-701632020-9041\rundll32.exe (Worm.Autorun.B) -> Delete on reboot. C:\RECYCLER\S-1-5-21-484763869-162531612-725345543-1003\Dc201.pif (Trojan.Dropper) -> Delete on reboot. C:\Documents and Settings\All Users\Programdata\20878429\20878429.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\53597736\53597736.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\63573024\63573024.exe (Rogue.Multiple) -> Delete on reboot. C:\Documents and Settings\gjølstad\Skrivebord\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\gjølstad\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. Og til slutt, Combofix: ComboFix 09-10-14.01 - gjølstad 15.10.2009 0:09.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2047.1463 [GMT 2:00] Kjører fra: c:\documents and settings\gjølstad\Skrivebord\Antivirus greier\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 091014-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-2168057342-4808506458-701632020-9041 c:\recycler\S-1-5-21-4022914180-8574743482-802418654-0009 c:\windows\system32\ddygxvgq.ini c:\windows\system32\fvxmwfxl.ini c:\windows\system32\tmp.reg E:\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-14 til 2009-10-14 ))))))))))))))))))))))))))))))))) . 2009-10-14 21:38 . 2009-10-14 21:38 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll 2009-10-14 21:36 . 2009-10-14 21:36 -------- d-----w- c:\windows\ERUNT 2009-10-14 21:26 . 2009-10-14 21:48 -------- d-----w- C:\SDFix 2009-10-14 20:54 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-14 20:54 . 2009-10-14 20:54 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-10-14 20:54 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-25 19:04 . 2009-09-25 19:06 -------- d-----w- c:\programfiler\Easton Shaft Selector 2009 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-10 01:01 . 2007-05-25 17:25 -------- d--h--w- c:\documents and settings\All Users\Programdata\Microsoft Help 2009-09-04 22:33 . 2007-06-22 18:03 -------- d-----w- c:\programfiler\Winamp 2009-09-02 18:54 . 2009-09-02 18:54 -------- d-----w- c:\documents and settings\All Users\Programdata\Blizzard Entertainment 2009-08-17 16:10 . 2007-05-23 15:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2007-05-23 15:11 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2007-05-23 15:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2008-04-07 15:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2008-04-07 15:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2007-05-23 15:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2007-05-23 15:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2007-05-23 15:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2007-05-23 15:11 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-05 09:01 . 2006-03-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-06-13 19:21 . 2009-06-13 19:21 24555730 ----a-w- c:\programfiler\Guitar Pro.zip 2007-10-12 17:54 . 2007-10-12 17:54 70768312 ----a-w- c:\programfiler\163.71_forceware_winxp_32bit_international_whql.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="e:\programmer\Bitcomet\BitComet.exe" [2007-06-19 5977152] "Google Update"="c:\documents and settings\gjølstad\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-10-09 133104] "EA Core"="c:\programfiler\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "DAEMON Tools"="e:\programmer\DAEMON tools\daemon.exe" [2006-11-12 157592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "WheelMouse"="c:\programfiler\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608] "OSSelectorReinstall"="c:\programfiler\Fellesfiler\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "GrooveMonitor"="e:\microsoft office 2007 norsk\Office12\GrooveMonitor.exe" [2008-10-25 31072] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\gjølstad\Skrivebord\Antivirus greier\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-30 16269312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "e:\\Programmer\\Bitcomet\\BitComet.exe"= "e:\\Spill\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\ascent.exe"= "c:\\Documents and Settings\\gjølstad\\Skrivebord\\Ubrukte skrivebordssnarveier\\WoWPrivat\\ascent1036\\logonserver.exe"= "e:\\Spill\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "e:\\Spill\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"= "e:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\age2_x1.exe"= "e:\\Spill\\Blizzard Entertainment\\Warcraft III\\war3.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Spill\\Age of empires 2 and the conqueros\\Age of empires 2 and the conqueros\\empires2.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\BackgroundDownloader.exe"= "e:\\Spill\\Activision\\CoD4\\iw3mp.exe"= "e:\\Spill\\Activision\\CoDWaW\\CoDWaW.exe"= "e:\\Spill\\Activision\\CoDWaW\\CoDWaWmp.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\Launcher.exe"= "c:\\Programfiler\\Curse\\CurseClient.exe"= "e:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Game.exe"= "e:\\Spill\\Ubisoft\\Binaries\\R6Vegas_Launcher.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"= "e:\\Spill\\Blizzard Entertainment\\World of Warcraft\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26425:TCP"= 26425:TCP:BitComet 26425 TCP "26425:UDP"= 26425:UDP:BitComet 26425 UDP "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881 "6112:TCP"= 6112:TCP:Blizzard Downloader: 6112 "6999:TCP"= 6999:TCP:Blizzard Downloader: 6999 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07.04.2008 17:04 114768] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 14:53 5632] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [27.02.2007 13:39 51440] R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [26.02.2008 18:20 110304] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07.04.2008 17:04 20560] R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [08.04.2009 15:46 157696] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [09.05.2006 18:27 13824] S3 dump_wmimmc;dump_wmimmc;\??\e:\spill\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> e:\spill\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?] S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [16.02.2006 18:51 4096] S3 UPnPService;UPnPService;c:\programfiler\Fellesfiler\MAGIX Shared\UPnPService\UPnPService.exe [26.02.2008 18:19 544768] S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [10.06.2006 11:41 8078] S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-13 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-10-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.wow-europe.com/en IE: E&ksporter til Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000 DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxps://fronter.com/fredrikstadgs/links/fronter_oes2.cab FF - ProfilePath - c:\documents and settings\gjølstad\Programdata\Mozilla\Firefox\Profiles\p062c24p.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wow-europe.com/en FF - plugin: c:\programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe AddRemove-MS3_is1 - i:\spill\City Interactive\Marine Sharpshooter 3\unins000.exe AddRemove-N.A.W - e:\spill\EA GAMES\Battlefield 2\mods\naw\Uninstall\MP1\N.A.W AddRemove-Nations at War5.0 - e:\spill\EA GAMES\Battlefield 2\mods\naw\Uninstall\MOD\N.A.W AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - c:\programfiler\Electronic Arts\Need for Speed Carbon\EAUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-15 00:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-484763869-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:24,fd,c6,45,76,b3,14,d7,27,61,53,74,54,30,28,1a,a2,fb,59,a9,4a,bc,40, e0,4d,37,3b,17,1b,f9,36,2e,b7,97,48,3b,22,b8,29,97,9d,5f,8d,36,64,6d,92,fa,\ "??"=hex:87,86,a9,0d,e5,06,9b,23,24,08,98,64,f9,fb,a2,d8 [HKEY_USERS\S-1-5-21-484763869-162531612-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:43,99,79,b3,58,17,2b,8d,c2,14,99,57,17,96,35,df,35,d4,ac,fb,28, 0d,c5,cc,ac,cc,45,2f,60,6b,08,44,a9,99,d4,e8,8e,14,18,1f,b6,da,bc,f5,34,b8,\ "rkeysecu"=hex:d3,ea,4f,8f,2f,22,05,9a,cf,3d,fc,18,6e,60,dc,e4 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(852) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-10-14 0:13 ComboFix-quarantined-files.txt 2009-10-14 22:13 ComboFix2.txt 2007-11-13 18:53 Pre-Run: 9 931 116 544 byte ledig Post-Run: 10 370 088 960 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 190 --- E O F --- 2009-09-10 01:03 Hvordan ser det ut? :!: Forresten... Ved næremere ettertanke tar jeg kvelden nå. Sjekker innom på skolen i morgen for å se svaret ditt Lenke til kommentar
norbat Skrevet 15. oktober 2009 Del Skrevet 15. oktober 2009 (endret) Dette ser bra ut. Ingen malware å se i combofix-loggen Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Ut over dette er det viktig å holde programmene sine oppdatert. Bruk gjerne online-sjekken til Secunia Endret 15. oktober 2009 av norbat Lenke til kommentar
Wiralna Skrevet 15. oktober 2009 Forfatter Del Skrevet 15. oktober 2009 Ja, det var gode nyheter Jeg får takke for hjelpen, men jeg kommer nok til å be om hjelp flere ganger Et siste spørsmål. Hvilke antivirusprogrammer og brannmurer anbefaler du? Prøvde Online Armor for en stund siden, men da gikk oppstarten av PC'en MYE tregere. Hadde nesten fem minutter ventetid før PC'en kunne brukes til noe som helst Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå