Gå til innhold

Poster utskilt fra veiledertråden-2

norbat

Av norbat
i IKT-drift og sikkerhet

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
Malvado

Malvado

Skrevet
Skrevet

Fikk en liten overraskelse i dag i form av en litt for overivrig sambo som hadde fjernet et par filer gjennom Avast sin antivirus før jeg fikk sjekket om det var falske positive.

 

Har ikke opplevd noe unormalt i det siste i form av nettverksbruk eller problemer men poster en logg så dere kan ta en titt.

 

Legg merke til at det er en del filer som står som "missing" i følge loggen til Avast så var det disse samboeren knerta (delete).

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:20:25, on 23.10.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\SysWOW64\CTHELPER.EXE

C:\Program Files (x86)\RivaTuner v2.11\RivaTuner.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files" (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8145 bytes

 

 

Lenke til kommentar
Valkyria

Valkyria

Skrevet
Skrevet

Jeg har en tråd som står ubesvart. legger ut min HJT her for å se om jeg får mer hjelp her ;)

 

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40:57, on 23.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\NORMAN\Npm\bin\ELOGSVC.EXE

D:\NORMAN\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

D:\NORMAN\Npm\bin\NJEEVES.EXE

C:\WINDOWS\System32\alg.exe

D:\NORMAN\Nvc\BIN\NVCSCHED.EXE

D:\NORMAN\Nvc\bin\nvcoas.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

D:\NORMAN\Npm\bin\ZLH.EXE

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

D:\NORMAN\Nvc\BIN\NIP.EXE

C:\Programfiler\iPod\bin\iPodService.exe

D:\Programfiler\Logitech\G-series Software\LGDCore.exe

D:\NORMAN\Nvc\bin\cclaw.exe

D:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

D:\Programfiler\BF2G15Mod\BF2 LCD.exe

D:\FRAPS\FRAPS.EXE

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Octoshape Streaming Services\Fredrik\OctoshapeClient.exe

D:\Programfiler\DAEMON Tools\daemon.exe

D:\Programfiler\Steam\Steam.exe

C:\Programfiler\Electronic Arts\EADM\Core.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Fredrik\Skrivebord\HJT\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.1.16.172:3127

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Norman ZANDA] "D:\NORMAN\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Fredrik\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [EA Core] C:\Programfiler\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = D:\Adobe\Reader\reader_sl.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\NORMAN\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Norman ASA - D:\NORMAN\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - D:\NORMAN\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\NORMAN\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - D:\NORMAN\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9782 bytes

 

 

mbam:

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 2

 

23.10.2008 16:08:29

mbam-log-2008-10-23 (16-08-29).txt

 

Skanntype: Rask Skann

Objekter skannet: 49359

Tid tilbakelagt: 2 minute(s), 2 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 3

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 17

 

Minneprosesser infisert:

C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\TDSSbrsr.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Delete on reboot.

 

 

 

Combofix:

 

 

ComboFix 08-10-22.05 - Fredrik 2008-10-23 16:21:50.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1478 [GMT 2:00]

Running from: L:\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\drsmartload2.dat

C:\WINDOWS\keyboard1.dat

C:\WINDOWS\newname.dat

C:\WINDOWS\teller2.chk

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NSESVC

-------\Legacy_TDSSSERV.SYS)

-------\Service_nsesvc

-------\Service_TDSSserv.sys)

 

 

((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))

.

 

2008-10-23 16:04 . 2008-10-23 16:04 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Malwarebytes

2008-10-23 16:04 . 2008-10-23 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-23 16:04 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-23 16:04 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-23 16:03 . 2008-10-23 16:03 <DIR> dr-h----- C:\Documents and Settings\Fredrik\Siste

2008-10-23 16:01 . 2008-10-23 16:01 <DIR> d-------- C:\Programfiler\CCleaner

2008-10-23 15:22 . 2008-10-23 15:29 44,544 --a------ C:\WINDOWS\system32\av.dat

2008-10-23 15:22 . 2008-10-23 15:29 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat

2008-10-15 16:17 . 2008-10-15 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Blizzard

2008-09-29 16:07 . 2008-10-22 13:14 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-09-28 14:56 . 2008-09-28 14:56 94,208 --a------ C:\WINDOWS\ScUnin.exe

2008-09-28 14:56 . 2008-09-28 14:56 12,720 --a------ C:\WINDOWS\scunin.dat

2008-09-28 14:56 . 2008-09-28 14:56 967 --a------ C:\WINDOWS\ScUnin.pif

2008-09-28 14:46 . 2008-09-28 14:46 <DIR> d-------- C:\Programfiler\Download Manager

2008-09-28 14:46 . 2008-09-28 14:46 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\IGN_DLM

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 13:47 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Skype

2008-10-23 13:27 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\uTorrent

2008-10-23 12:30 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\skypePM

2008-10-22 18:04 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-10-15 21:02 --------- d-----w C:\Programfiler\Windows Live Safety Center

2008-09-28 23:55 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\dvdcss

2008-09-28 15:21 137,728 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-28 15:21 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-09-28 14:11 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\teamspeak2

2008-09-27 23:20 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Hamachi

2008-09-15 15:42 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-14 17:03 47 ----a-w C:\Documents and Settings\Fredrik\.bat

2008-09-02 10:48 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

2008-09-01 15:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-26 08:30 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:48 2,182,144 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:48 2,059,520 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-31 17:17 8,210 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg

2008-04-25 12:23 22,328 ----a-w C:\Documents and Settings\Fredrik\Programdata\PnkBstrK.sys

2008-03-22 13:37 1 ----a-w C:\Documents and Settings\Fredrik\SI.bin

2003-12-18 09:33 20,102 ----a-w C:\Programfiler\Readme.txt

2003-09-03 05:46 10,960 ----a-w C:\Programfiler\EULA.txt

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"Fraps"="D:\FRAPS\FRAPS.EXE" [2006-06-18 774144]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

"Octoshape Streaming Services"="C:\Programfiler\Octoshape Streaming Services\Fredrik\OctoshapeClient.exe" [2006-02-13 214648]

"DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-04 165784]

"Steam"="D:\Programfiler\Steam\Steam.exe" [2008-10-08 1410296]

"EA Core"="C:\Programfiler\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-08-06 21738792]

"igndlm.exe"="C:\Programfiler\Download Manager\DLM.exe" [2008-08-01 1103216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-02-23 2088960]

"D-Link AirPlus XtremeG"="C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"Norman ZANDA"="D:\NORMAN\Npm\bin\ZLH.EXE" [2008-06-02 273520]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 282624]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-06-01 257088]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"Launch LGDCore"="D:\Programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]

"Launch LCDMon"="D:\Programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]

"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - D:\Adobe\Reader\reader_sl.exe [2005-09-23 29696]

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2006-09-10 589824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-05-11 18:57 1015808 C:\Programfiler\SanDisk\CruzerLogin\homefus.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\StubInstaller.exe"=

"D:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\mIRC\\mirc.exe"=

"D:\\Programfiler\\Empire Interactive\\Strangelite\\Starship Troopers\\STGame.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"D:\\Programfiler\\Xfire\\Xfire.exe"=

"D:\\Programfiler\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=

"D:\\Programfiler\\THQ\\Dawn of War\\W40k.exe"=

"D:\\Programfiler\\THQ\\Dawn of War\\W40kWA.exe"=

"D:\\Programfiler\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"D:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=

"D:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=

"D:\\Programfiler\\Warcraft III\\Warcraft III.exe"=

"D:\\Programfiler\\uTorrent\\utorrent.exe"=

"D:\\Programfiler\\Foolish Entertainment\\ATC for Battlefield 2\\atcbf2.exe"=

"D:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=

"C:\\Documents and Settings\\Fredrik\\Skrivebord\\quake2 på matsd\\quake2.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Octoshape Streaming Services\\Fredrik\\OctoshapeClient.exe"=

"C:\\Programfiler\\Microsoft Games\\Halo\\halo.exe"=

"D:\\Programfiler\\Hamachi\\hamachi.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programfiler\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=

"D:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"D:\\quake2\\quake2.exe"=

"D:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"D:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"D:\\Programfiler\\Steam\\steamapps\\spacewaker3\\counter-strike\\hl.exe"=

"D:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"D:\\Programfiler\\America's Army\\System\\ArmyOps.exe"=

"D:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"D:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

"D:\\UnrealTournament\\System\\UnrealTournament.exe"=

"D:\\YnHub_1.036.152\\YnHub.exe"=

"C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"=

"D:\\UT2004\\System\\UT2004.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:UDP"= 6112:UDP:Dark Crusade

"6500:UDP"= 6500:UDP:Dark crusade

"6667:TCP"= 6667:TCP:Dark Crusade

"27900:UDP"= 27900:UDP:Dark Crusade

"27901:UDP"= 27901:UDP:Dark Crusade

"28910:TCP"= 28910:TCP:Dark Crusade

"29900:TCP"= 29900:TCP:Dark Crusade

"29901:TCP"= 29901:TCP:Dark Crusade

"29910:UDP"= 29910:UDP:Dark Crusade

"29920:TCP"= 29920:TCP:Dark Crusade

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R2 Ndiskio;Ndiskio;D:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 20448]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]

R3 nvcoas;Norman Virus Control on-access component;D:\NORMAN\Nvc\bin\nvcoas.exe [2008-04-29 183352]

R3 NVCScheduler;Norman Virus Control Scheduler;D:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]

S1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]

S3 nvcfsr;nvcfsr;D:\NORMAN\Nvc\bin\nvcfsr.sys [2007-01-09 6712]

S3 nvcoafl51;nvcoafl51;D:\NORMAN\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]

S3 nvcoaft51;nvcoaft51;D:\NORMAN\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]

S3 nvcoarc51;nvcoarc51;D:\NORMAN\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]

S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{666ac347-da32-11da-b715-806d6172696f}]

\Shell\AutoRun\command - J:\ASUSACPI.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-23 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-NVMixerTray - C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Fredrik\Programdata\Mozilla\Firefox\Profiles\huj62huc.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.diskusjon.no/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 16:25:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Programfiler\SanDisk\CruzerLogin\homefus.dll

.

------------------------ Other Running Processes ------------------------

.

D:\NORMAN\npm\bin\elogsvc.exe

D:\NORMAN\npm\bin\Zanda.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\NORMAN\npm\bin\Njeeves.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\D-Link\AIRPLU~1\AIRPLU~1.EXE

C:\PROGRA~1\ANI\ANIWZC~1\WZCSLDR2.exe

C:\PROGRA~1\Java\JRE15~1.0_1\bin\jusched.exe

C:\PROGRA~1\QUICKT~1\qttask.exe

C:\PROGRA~1\iTunes\ITUNES~1.EXE

D:\NORMAN\NVC\Bin\Nip.exe

C:\Programfiler\iPod\bin\iPodService.exe

D:\NORMAN\NVC\Bin\CClaw.exe

C:\WINDOWS\system32\rundll32.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

D:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

D:\Programfiler\BF2G15Mod\BF2 LCD.exe

C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE

C:\PROGRA~1\OCTOSH~1\Fredrik\OCTOSH~1.EXE

C:\PROGRA~1\ELECTR~1\EADM\Core.exe

C:\PROGRA~1\Skype\Phone\Skype.exe

.

**************************************************************************

.

Completion time: 2008-10-23 16:30:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-23 14:30:17

 

Pre-Run: 4 827 123 712 byte ledig

Post-Run: 4,604,424,192 byte ledig

 

240 --- E O F --- 2008-10-21 21:57:43

 

 

Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet

Nei, Antivirusprogram og antispywareprogram fungerer på forskjellige måter, og er laget for å bekjempe ulike typer trusler. Antispywareprogram kan fjerne noen virus (og omvendt), men ikke like bra.

 

Dessuten har ikke MBAM noe sanntidsscan (hvis du har gratisversjonen), så du vil ikke kunne få noe umiddelbar respons på at du har fått virus. Antivirusprogram skal prøve å hindre at viruset i det hele tatt kommer inn på pc-en.

 

 

Du bør ha antivirusprogram, antispywareprogram og brannmur for opptimal beskyttelse. Har du flere spørsmål, passer dette best i FreshPrince' "Den store sikkerhetsguiden v2".

Lenke til kommentar
2r3

2r3

Skrevet
Skrevet

Hei

 

Eg fikk meg eit lite problem med dataen min igår (sitter på skulen no så har ikkje tilgang til noke logger). Eg er ikkje sikker derfor spør eg her. Nettleserene min vil ikkje laste nokon sider, den seier bare den ikkje kan laste sida. Eg har internett på maskina for eg kan bruke Vent og spele på internett. Eg bare lurer på om det er eit virus eller om eg bare må reinstalere internettleseren min (bruker opera, men det same skjedde då eg prøvde med IE og FF) igår kjørte eg ein adaware scan og sletta noe virus, etter det kjørte eg ein avg scan. Der fant den 14 trojanere og noe andre skumle ting, sletta alt. Eg restarta dataen og det var fortsatt problem med nettleserene så eg tilbakestilte dataen 3 dager, men fortsatt same problem. Kjørte ein avg scan før eg gjekk på skulen idag. Kan/er dette eit virus eller er det enkelt bare noe feil med nettleserene mine? Vist du vil kan eg skaffe HJT, MBAM og Combofix logger når eg kommer heim.

 

Beklager for eventuelle skrivefeil har det litt travelt.

Lenke til kommentar
ShadowViper

ShadowViper

Skrevet
Skrevet (endret)

mBam

 

Klikk for å se/fjerne innholdet nedenfor
Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 2

 

30.10.2008 10:19:29

mbam-log-2008-10-30 (10-19-29).txt

 

Skanntype: Rask Skann

Objekter skannet: 41555

Tid tilbakelagt: 13 minute(s), 55 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 18

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 38

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnnoof (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f7d73c5-c7b6-4686-aa62-a5b6ebcd8b41} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7f7d73c5-c7b6-4686-aa62-a5b6ebcd8b41} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\ssqnnoOF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hludpz.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ejtivjyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iyjvitje.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jsytmrgv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vgrmtysj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lwwokbym.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mybkowwl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msqcxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aiogik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fdviwemh.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gfbrlebr.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mkjmtaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nuqxdhdv.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnljHaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnNfeCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\poengquy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ufdkkvvi.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wcfadmwu.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ebtvfmks.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\csjpvnir.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jfxvdhuy.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkhIXoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyWMEwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMdCvuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMdEXRH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXOihGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnomlIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqRIbcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqRLfgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtRhGVN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcCtsSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcYPhHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyvuuut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayaXRLe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yaywUOEv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfCtsSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\ShadowZip\Favoritter\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

 

Combofix

 

Klikk for å se/fjerne innholdet nedenfor
ComboFix 08-10-30.04 - bruker 2008-10-30 10:23:29.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.57 [GMT 1:00]

Running from: C:\Documents and Settings\ShadowZip\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\admintxt.txt

C:\WINDOWS\system32\badNnXbc.ini

C:\WINDOWS\system32\badNnXbc.ini2

C:\WINDOWS\system32\iiemcqxu.ini

C:\WINDOWS\system32\ISDeOXyb.ini

C:\WINDOWS\system32\ISDeOXyb.ini2

C:\WINDOWS\system32\ohvtyfrt.ini

C:\WINDOWS\system32\shkytyeb.ini

C:\WINDOWS\system32\srypkply.ini

C:\WINDOWS\system32\tyhsuslh.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))

.

 

2008-10-30 10:38 . 2008-10-30 10:38 <DIR> dr-h----- C:\Documents and Settings\ShadowZip\Siste

2008-10-30 10:01 . 2008-10-30 10:01 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-30 10:01 . 2008-10-30 10:01 <DIR> d-------- C:\Documents and Settings\ShadowZip\Programdata\Malwarebytes

2008-10-30 10:01 . 2008-10-30 10:01 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-30 10:01 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-30 10:01 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-29 18:36 . 2008-10-29 18:36 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-10-29 18:32 . 2008-10-29 23:51 <DIR> d-------- C:\Documents and Settings\ShadowZip\Programdata\Skype

2008-10-29 18:28 . 2008-10-29 18:28 <DIR> d-------- C:\Programfiler\Skype

2008-10-29 18:28 . 2008-10-29 18:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-10-29 17:12 . 2008-10-29 17:33 <DIR> d-------- C:\Programfiler\ElastoMania111

2008-10-29 13:58 . 2008-10-30 10:23 <DIR> d--h-c--- C:\$AVG8.VAULT$

2008-10-29 12:58 . 2008-10-29 12:58 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-29 12:58 . 2008-10-29 12:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-29 12:58 . 2008-10-29 12:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-29 12:57 . 2008-10-29 14:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-27 19:47 . 2008-10-27 19:47 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-10-27 19:21 . 2007-12-16 00:37 59,728 --a--c--- C:\msimg32.dll

2008-10-27 01:10 . 2008-10-27 01:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup

2008-10-27 01:09 . 2008-10-27 01:09 <DIR> d-------- C:\Programfiler\AVG

2008-10-27 01:09 . 2008-10-29 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\avg8

2008-10-06 17:56 . 2008-10-06 17:59 <DIR> d-------- C:\Programfiler\Fellesfiler\3DO Shared

2008-10-06 17:56 . 2008-10-06 17:59 <DIR> d-------- C:\Programfiler\3DO

2008-10-06 17:53 . 2008-10-06 17:53 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-10-06 17:47 . 2008-10-06 17:47 <DIR> d-------- C:\Documents and Settings\ShadowZip\Programdata\DAEMON Tools

2008-09-17 18:28 . 2008-09-17 18:28 <DIR> d-------- C:\Programfiler\Sony

2008-09-17 18:27 . 2008-09-17 18:27 <DIR> d-------- C:\Programfiler\Sony Setup

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 17:36 --------- d-----w C:\Documents and Settings\ShadowZip\Programdata\skypePM

2008-10-29 17:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype

2008-10-27 18:40 --------- d-----w C:\Programfiler\Windows Live

2008-10-27 18:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-10-26 21:43 --------- d-----w C:\Documents and Settings\ShadowZip\Programdata\uTorrent

2008-10-06 16:48 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-08-31 21:28 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-31 21:28 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-08-31 21:26 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2008-02-05 21:50 32 -c--a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="C:\Programfiler\Messenger\MSMSGS.EXE" [2004-10-13 1694208]

"ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2008-02-20 816368]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=cvwmfj.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 C:\Programfiler\QuickTime\QTTask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"C:\\Gamez\\Counter-Strike 1.6\\hl.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\ShadowZip\\Mine dokumenter\\Downloads\\Command and Conquer - Red Alert 2\\GAME.EXE"=

"C:\\Sierra\\Half-Life\\hl.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Documents and Settings\\ShadowZip\\Mine dokumenter\\Downloads\\DH4\\Atari\\Deer Hunter 2004\\DH2004.exe"=

"C:\\Programfiler\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 97928]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-29 76040]

R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 31287]

R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 33335]

R3 FA312;Driver for NETGEAR FA330/FA312/FA311 Fast Ethernet-kort;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]

S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{3312279E-FE6B-453B-B0FF-6A2F03BCA8F6} - C:\WINDOWS\system32\qkkgvqve.dll

BHO-{56969625-80DB-4ED8-B22C-47DA66F9A7E2} - C:\WINDOWS\system32\cbXnNdab.dll

BHO-{66244F3C-FE6B-453B-B0FF-6A2F03BCA8F6} - C:\WINDOWS\system32\qkkgvqve.dll

BHO-{DB904424-FF9A-4B0C-9713-A0798A40BAEE} - C:\WINDOWS\system32\byXOeDSI.dll

HKLM-Run-NWEReboot - (no file)

HKLM-Run-Messenger Service - service.exe

MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\bruker\Programdata\Mozilla\Firefox\Profiles\lwoz6uec.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q=

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npagent.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-30 10:32:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\WINDOWS\TEMP\65eb1515-8ee8-4a0f-9d7d-f2481280486d.tmp

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-10-30 10:45:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-30 09:44:42

 

Pre-Run: 3 955 261 440 byte ledig

Post-Run: 3,918,688,256 byte ledig

 

166 --- E O F --- 2008-05-28 21:03:50

 

HJT

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:40, on 30.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\igfxtray.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\MSMSGS.EXE

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\test.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205358005532

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: cvwmfj.dll,avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

 

--

End of file - 5414 bytes

 

 

Takk takk for svar

 

problemet mitt står her :

https://www.diskusjon.no/index.php?showtopic=1028363&hl=

Endret av ShadowViper
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...