Poster utskilt fra veiledertråden-2

seruz · 8. desember 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59, on 2008-12-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Lol\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

D:\Games\Steam\Steam.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programfiler\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lol\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DesktopVideoPlayer.LNK = C:\Programfiler\vghd\vghd.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .pdf: C:\Programfiler\Internet Explorer\PLUGINS\nppdf32.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6154 bytes

objeCt · 8. desember 2008

Her er min rapport fra Malmwarebytes. ser det greit ut?

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1475

Windows 5.1.2600 Service Pack 3

08.12.2008 20:14:11

mbam-log-2008-12-08 (20-14-11).txt

Skanntype: Rask Skann

Objekter skannet: 41734

Tid tilbakelagt: 2 minute(s), 9 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 1

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 2

Mapper infisert: 1

Filer infisert: 2

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

C:\WINDOWS\system32\prio.dll (Spyware.OnlineGames) -> Delete on reboot.

Registernøkler infisert:

HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Filer infisert:

C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\prio.dll (Spyware.OnlineGames) -> Delete on reboot.

Her er combofix rapporten:

d:\resycled\boot.com

.

((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))

.

2008-12-08 20:09 . 2008-12-08 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-08 20:09 . 2008-12-08 20:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-12-08 20:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-08 20:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-08 19:59 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb

2008-12-08 19:55 . 2008-07-29 13:33 446,464 --a------ c:\windows\system32\nvunrm.exe

2008-12-08 19:55 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu

2008-12-08 19:24 . 2008-12-08 19:24 <DIR> d-------- c:\program files\ffdshow

2008-12-08 19:24 . 2007-11-29 12:52 60,273 --a------ c:\windows\system32\pthreadGC2.dll

2008-12-08 19:24 . 2007-12-24 13:47 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-12-08 19:24 . 2007-11-29 12:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-12-08 19:23 . 2008-12-08 19:24 <DIR> d-------- c:\program files\TVersity Codec Pack

2008-12-08 19:22 . 2008-12-08 19:22 <DIR> d-------- c:\program files\TVersity

2008-12-08 18:33 . 2008-12-08 18:54 202,040 --a------ c:\windows\system32\PnkBstrB.exe

2008-12-08 18:33 . 2008-12-08 18:54 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2008-12-08 18:32 . 2008-12-08 18:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2008-12-08 18:22 . 2008-12-08 18:22 <DIR> d-------- c:\program files\VideoLAN

2008-12-08 18:05 . 2007-07-30 19:19 1,712,984 --a------ c:\windows\system32\wuaueng.dll

2008-12-08 18:05 . 2007-07-30 19:19 549,720 --a------ c:\windows\system32\wuapi.dll

2008-12-08 18:05 . 2007-07-30 19:19 325,976 --a------ c:\windows\system32\wucltui.dll

2008-12-08 18:05 . 2007-07-30 19:19 216,408 --a------ c:\windows\system32\wuaucpl.cpl

2008-12-08 18:05 . 2007-07-30 19:19 203,096 --a------ c:\windows\system32\wuweb.dll

2008-12-08 18:05 . 2007-07-30 19:19 92,504 --a------ c:\windows\system32\cdm.dll

2008-12-08 18:05 . 2007-07-30 19:19 53,080 --a------ c:\windows\system32\wuauclt.exe

2008-12-08 18:05 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2008-12-08 18:05 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2008-12-08 18:03 . 2006-09-11 17:27 356,352 --------- c:\windows\system32\nvuide.exe

2008-12-08 18:03 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu

2008-12-08 18:02 . 2008-08-20 18:35 453,152 --a------ c:\windows\system32\nvusmb.exe

2008-12-08 18:02 . 2008-08-19 11:41 2,344 --a------ c:\windows\system32\nvsmb.nvu

2008-12-08 18:01 . 2008-12-08 18:01 <DIR> d-------- c:\program files\Common Files\InstallShield

2008-12-08 18:01 . 2008-12-08 17:39 <DIR> d-------- C:\NVIDIA

2008-12-08 18:01 . 2008-11-12 13:45 453,152 --a------ c:\windows\system32\NVUNINST.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-08 20:01 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-08 20:01 --------- d-----w c:\program files\NVIDIA Corporation

2008-12-08 19:42 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent

2008-12-08 18:28 --------- d-----w c:\documents and settings\Administrator\Application Data\Ventrilo

2008-12-08 17:52 --------- d-----w c:\program files\Windows Live

2008-12-08 17:51 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-08 17:51 --------- d-----w c:\program files\Microsoft

2008-12-08 17:49 62,633 ----a-w c:\windows\prio197uninstall.exe

2008-12-08 17:49 --------- d-----w c:\program files\uTorrent

2008-12-08 17:47 --------- d-----w c:\program files\Common Files\Windows Live

2008-12-08 17:43 315,392 ----a-w c:\windows\HideWin.exe

2008-12-08 17:43 --------- d-----w c:\program files\Realtek

2008-12-08 17:34 --------- d-----w c:\program files\Xfire

2008-12-08 17:34 --------- d-----w c:\documents and settings\Administrator\Application Data\Xfire

2008-12-08 17:33 --------- d-----w c:\program files\Ventrilo

2008-12-08 17:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-08 17:29 --------- d-----w c:\program files\AGEIA Technologies

2008-12-08 17:28 --------- d-----w c:\program files\Opera

2008-12-08 17:15 --------- d-----w c:\program files\Alwil Software

2008-11-20 20:45 42,320 ----a-w c:\windows\system32\xfcodec.dll

2008-10-13 09:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

2008-09-09 00:03 51,712 ----a-w c:\windows\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 15360]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"StartMenuFavorites"= 0 (0x0)

"Start_ShowMyComputer"= 1 (0x1)

"Start_ShowMyDocs"= 1 (0x1)

"Start_ShowMyMusic"= 0 (0x0)

"Start_ShowRun"= 1 (0x1)

"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=prio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Spill\\Call Of Duty 4\\iw3mp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/8/2008 5:15:10 PM 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [12/8/2008 5:15:10 PM 20560]

R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [12/8/2008 8:09:55 PM 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\AutorunPlayer.exe RightAutorunPro.dat

*Newly Created Service* - CATCHME

*Newly Created Service* - MBAMSWISSARMY

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SR

*Newly Created Service* - SRSERVICE

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\43uyhxff.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 20:22:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-12-08 20:23:02

ComboFix-quarantined-files.txt 2008-12-08 20:22:53

Pre-Run: 37 318 930 432 bytes free

Post-Run: 37,355,167,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

165

her er Trend Micro greia:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:26:53, on 08.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\All Users\Desktop\New Folder\halla.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: prio.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 3402 bytes

Endret 8. desember 2008 av objeCt

hernil · 8. desember 2008

Som Submit og r2d290 har nevnt flere ganger så bør dere lage en egen tråd der dere poster loggene og eventuelt "symptomene" til maskinen.

objeCt · 8. desember 2008

Som Submit og r2d290 har nevnt flere ganger så bør dere lage en egen tråd der dere poster loggene og eventuelt "symptomene" til maskinen.

Greit, men hvor skal jeg lage ny tråd det?

norbat · 8. desember 2008

Du lager ny tråd ved å klikke på Nytt Emne-knappen (øverst eller nederst i denne tråden)

Znoken · 10. desember 2008

Bare et kjapt spørsmål til de som har greie på det....Jeg kjører Vista Ultimatum 64 bit....Kan jeg bruke Combofix da eller er den kun beregnet for XP....?? Har Prøvd og installere den men får feilmelding om at man kun kan kjøre den på 32 bit....Mener jeg leste det en eller annen plass her på forumet at det var mulig og bruke den på alle Microsoft sine OS...Har søkt men finner seff ikke igjen den posten da... :ermm:

raWrz · 10. desember 2008

combofix kan bare brukes på 32 bits vista er vel ikke lenge til den støtter 64 bits vista

Znoken · 10. desember 2008

Oki..da fikk jeg avklart det....Takker for kjapt svar.... :thumbup:

14. desember 2008

ComboFix loggen

ComboFix 08-12-14.01 - Acer 2008-12-14 18:58:51.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3062.1710 [GMT 1:00]

Kjører fra: c:\users\Acer\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\msimg32.dll

c:\users\Acer\AppData\Roaming\.#

c:\windows\system32\x64

c:\windows\system32\x64\csnp2uvc.dll

c:\windows\system32\x64\rsnpvc64.dll

c:\windows\system32\x64\sncduvc.sys

c:\windows\system32\x64\snp2uvc.sys

c:\windows\system32\x64\vsnpvc64.dll

c:\windows\Temp\log.txt

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 )))))))))))))))))))))))))))))))))

.

2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\users\Acer\AppData\Roaming\Malwarebytes

2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-14 18:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-14 18:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-12 17:58 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-12 01:07 . 2008-12-12 01:07 2,560 --a------ c:\windows\_MSRSTRT.EXE

2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\users\All Users\Stardock

2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\programdata\Stardock

2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\program files\Stardock

2008-12-11 21:23 . 2008-12-11 21:23 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-11 21:23 . 2008-12-11 21:23 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-11 19:45 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-12-11 19:44 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-12-11 19:44 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-12-11 19:44 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-12-11 19:44 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-12-11 19:44 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-12-11 19:44 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-12-11 19:44 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-12-11 19:44 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-16 18:48 . 2008-11-16 18:56 <DIR> d-------- C:\My Documents

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 17:26 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-14 17:26 --------- d-----w c:\program files\Norman

2008-12-12 17:02 --------- d-----w c:\programdata\Microsoft Help

2008-12-12 17:02 --------- d-----w c:\program files\Windows Mail

2008-11-06 12:27 --------- d-----w c:\users\Gjest\AppData\Roaming\Teleca

2008-11-06 12:26 --------- d-----w c:\users\Gjest\AppData\Roaming\Sony Ericsson

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-23 17:47 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-14 19:09 --------- d-----w c:\program files\QuickTime

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-08 842248]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-11-21 c:\windows\SkyTel.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-28 739880]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-22 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5B8B6FFF-BADC-4184-80DC-D9D932B00E31}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{4CCC67E9-F22F-4CF8-B1B6-BD5033C8211B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{7A320716-14D0-46D5-B98F-F5F870BDFCEE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{02BC5A85-8759-4321-B418-681B140C9BD0}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{02CAD250-5DE5-4806-9CAF-7C12EC0562C6}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{8D71F6F9-947B-4D0D-9F42-195C923166E9}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{B40DD1E0-7F19-4660-B9F9-904206554EDA}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{887B82A5-B8CC-4454-89AE-31921DEEE956}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{7B015DE1-7A7C-409E-A62A-24788087A7AB}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{531BDA5E-A90F-4071-97A9-98A98D5B3667}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{7DB7ECDD-6C90-46E8-A8A6-F445068370E3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9A0E789C-278B-4164-9EE8-FE1CDB23D369}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4A0E6B8A-E063-443F-8748-68BEA49B04CE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{098F8A63-CC67-413C-ABA3-DE5173C746DE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{32675DC3-D81F-4288-BB20-30F906A3C1FA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 ALE_NF;Norman Firewall ALE driver;\??\c:\windows\system32\drivers\ale_nf.sys [2008-08-27 42552]

R1 NPROSEC;Norman Security driver;\??\c:\program files\Norman\Ngs\bin\nprosec.sys [2008-08-27 53816]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-08-13 17:28:52 41456]

R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-08-27 20448]

R2 NPFSvc32;Norman Personal Firewall Service;"c:\program files\Norman\npf\bin\npfsvc32.exe" [2008-09-19 597104]

R2 NPROSECSVC;Norman Security service;"c:\program files\Norman\Ngs\bin\NPROSEC.EXE" [2008-08-27 121912]

R2 NVOY;Norman's Very Own supplY of resources;"c:\program files\Norman\npm\bin\nvoy.exe" [2008-08-27 121912]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-08-14 180736]

R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38496]

R3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-08-27 322616]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-09-04 19512]

R3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-08-27 191544]

R3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" [2008-08-27 154680]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-08-13 28464]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-08-19 83336]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-08-19 15112]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-08-19 108680]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-08-19 100488]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-08-19 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME

*Newly Created Service* - MBAMSWISSARMY

*Newly Created Service* - PROCEXP90

.

- - - - TOMME PEKERE FJERNET - - - -

HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 19:04:28

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

Tidspunkt ferdig: 2008-12-14 19:09:56

ComboFix-quarantined-files.txt 2008-12-14 18:09:51

Pre-Run: 105 694 212 096 byte ledig

Post-Run: 105,958,334,464 byte ledig

178 --- E O F --- 2008-12-12 17:02:36

Hijack This loggen

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:14:05, on 14.12.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\Npm\Bin\Elogsvc.exe

C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\npf\bin\npfsvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE

C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

C:\Program Files\Norman\nse\bin\NSESVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\system32\igfxext.exe

C:\Windows\PLFSetL.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Norman\Nvc\Bin\Nip.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Norman\npf\bin\npfuser.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\eatthisshitanddie\pukingatyou.cum\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Program Files\Clue\Clue Add-in 7.0\Clue Addin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 10974 bytes

MBAM logg

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1500

Windows 6.0.6001 Service Pack 1

14.12.2008 18:53:28

mbam-log-2008-12-14 (18-53-28).txt

Skanntype: Rask Skann

Objekter skannet: 89888

Tid tilbakelagt: 8 minute(s), 49 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 7

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 3

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Filer infisert:

(Ingen mistenkelige filer funnet)

Ser alt ok ut nå? Skanner såklart med antivirus i tillegg.

norbat · 14. desember 2008

Costrato: Supporten foregår i en egen tråd du oppretter ved å klikke Nytt Emne-knappen

ssssss · 15. desember 2008

Hei! Jeg har problemet med Win32.Netsky.Q. Jeg, som er en komplett idiot, lastet ned Perfect Defender 2009. Det hjalp ikke, og nå lukker bl.a internett og itunes seg, uten min kontroll. Jeg vet ikke hva jeg skal gjøre. Har kjørt Spybot, og får opp at dette er et problem:

"HKEY_USERS\S-1-5-21-2238231668-2103357615-1305812637-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST.exe"

Tør ikke fjerne det, innmed at det står "registerverdi". Jeg har også Norman antivirus.

Hva skal jeg gjøre?

PS: Jeg forstår meg ikke på datauttrykk

norbat · 15. desember 2008

Følg veiledningen i 1.post

I korte trekk er det dette:

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste.

Punkt 2:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt)

ssssss · 15. desember 2008

Hei, og takk for svar!

Dessverre vil ikke dette funke, fordi internette lukker seg med en gang, og jeg får opp feilmelding. Men vet du om jeg kan bruke Spybot eller Norman?

Endret 15. desember 2008 av ssssss

norbat · 15. desember 2008

Last ned programmene og overfør de til den infiserte pc'n.

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør først og fremst Combofix, men om du får brukt MBAM hadde det vært fint.

Looke · 16. desember 2008

Har opplevd et problem der det kommer opp en popup med noe antivirus greier og jeg kan bare trykke ok, også kommer det fram et annet vindu som ser ut som et antivirus program, men det er spyware.

HIJACKTHIS LOG

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\Explorer.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Opera\Opera.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Simon\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: STANDARD.lnk = ?

O13 - Gopher Prefix:

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 3799 bytes

ComboFix 08-12-15.08 - Simon 2008-12-16 19:14:23.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1031 [GMT 1:00]

Kjører fra: c:\users\Simon\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\ackeidkx.ini

c:\windows\system32\axqaquob.dll

c:\windows\system32\blqfpihr.dll

c:\windows\system32\bouqaqxa.ini

c:\windows\system32\cesinemy.ini

c:\windows\system32\cvfkhocd.ini

c:\windows\system32\dcohkfvc.dll

c:\windows\system32\gedujwmd.ini

c:\windows\system32\hlaabyth.ini

c:\windows\system32\hpwywjbf.ini

c:\windows\system32\ildvtvmi.dll

c:\windows\system32\imvtvdli.ini

c:\windows\system32\itdjtywv.dll

c:\windows\system32\jrsebisw.ini

c:\windows\system32\lgkcmfyr.ini

c:\windows\system32\liquesam.ini

c:\windows\system32\maseuqil.dll

c:\windows\system32\mttanlwo.ini

c:\windows\system32\oadhxvts.ini

c:\windows\system32\opnonoPi.dll

c:\windows\system32\owlnattm.dll

c:\windows\system32\qejwtdbt.ini

c:\windows\system32\reywmilg.ini

c:\windows\system32\rhipfqlb.ini

c:\windows\system32\ryfmckgl.dll

c:\windows\system32\tbdtwjeq.dll

c:\windows\system32\TsYxayxx.ini

c:\windows\system32\TsYxayxx.ini2

c:\windows\system32\vwytjdti.ini

c:\windows\system32\wkkagsdx.ini

c:\windows\system32\wsibesrj.dll

c:\windows\system32\wtwigcav.ini

c:\windows\system32\xkdiekca.dll

c:\windows\system32\xxyaxYsT.dll

c:\windows\Tasks\jlttvbcd.job

----- BITS: Mulige infiserte sider -----

hxxp://childhe.com

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-16 til 2008-12-16 )))))))))))))))))))))))))))))))))

.

2008-12-16 19:07 . 2008-12-16 19:07 <DIR> d-------- c:\users\Simon\AppData\Roaming\Malwarebytes

2008-12-16 19:07 . 2008-12-16 19:07 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-16 19:07 . 2008-12-16 19:07 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-16 19:07 . 2008-12-16 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-16 19:07 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-16 19:07 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-16 17:30 . 2007-09-16 19:15 44,032 --a------ c:\windows\System32\cbsra.exe

2008-12-16 17:28 . 2008-12-16 18:18 589,824 --a------ c:\windows\SPInstall.etl

2008-12-16 17:27 . 2008-12-16 19:17 40,448 --a------ c:\windows\System32\jkkKaxYs.dll

2008-12-14 20:57 . 2008-12-14 21:03 <DIR> d-------- c:\program files\PokerStars

2008-12-13 19:26 . 2008-12-13 19:26 <DIR> d-------- c:\windows\System32\EventProviders

2008-12-13 09:46 . 2008-12-13 09:46 <DIR> d-------- c:\program files\K-Lite Codec Pack

2008-12-13 09:46 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll

2008-12-13 09:46 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini

2008-12-13 09:37 . 2008-12-13 09:37 <DIR> d-------- c:\program files\Xvid

2008-12-13 09:37 . 2008-12-04 21:42 815,104 --a------ c:\windows\System32\xvidcore.dll

2008-12-13 09:37 . 2008-12-04 21:46 180,224 --a------ c:\windows\System32\xvidvfw.dll

2008-12-13 09:37 . 2008-12-04 19:00 110,592 --a------ c:\windows\System32\xvid.ax

2008-12-12 15:04 . 2008-12-12 15:04 <DIR> dr-h----- c:\users\Simon\AppData\Roaming\SecuROM

2008-12-12 15:03 . 2008-12-12 15:03 <DIR> d-------- c:\windows\System32\xlive

2008-12-12 15:03 . 2008-12-12 15:03 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

2008-12-12 15:01 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll

2008-12-12 13:58 . 2008-12-12 13:58 <DIR> d-------- c:\users\All Users\Media Center Programs

2008-12-12 13:58 . 2008-12-12 13:58 <DIR> d-------- c:\programdata\Media Center Programs

2008-12-11 18:59 . 2008-12-11 18:59 <DIR> d-------- c:\users\Simon\AppData\Roaming\Locktime

2008-12-11 18:59 . 2008-12-11 18:59 <DIR> d-------- c:\users\All Users\Locktime

2008-12-11 18:59 . 2008-12-11 18:59 <DIR> d-------- c:\programdata\Locktime

2008-12-11 18:59 . 2008-12-11 18:59 <DIR> d-------- c:\program files\NetLimiter 2 Pro

2008-12-11 17:25 . 2008-12-11 17:24 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-11 17:24 . 2008-12-11 17:24 <DIR> d-------- c:\program files\Java

2008-12-11 14:55 . 2008-12-16 15:13 201,352 --a------ c:\windows\System32\PnkBstrB.exe

2008-12-11 14:55 . 2008-12-16 15:13 140,216 --a------ c:\windows\System32\drivers\PnkBstrK.sys

2008-12-11 14:55 . 2008-12-11 14:55 66,872 --a------ c:\windows\System32\PnkBstrA.exe

2008-12-11 14:21 . 2008-12-11 14:21 <DIR> d-------- c:\program files\EA GAMES

2008-12-11 14:15 . 2008-12-11 14:15 <DIR> d-------- c:\users\Simon\AppData\Roaming\DAEMON Tools Pro

2008-12-11 14:15 . 2008-12-11 14:15 <DIR> d-------- c:\users\Simon\AppData\Roaming\DAEMON Tools

2008-12-11 14:14 . 2008-12-11 14:14 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite

2008-12-11 14:14 . 2008-12-11 14:14 <DIR> d-------- c:\programdata\DAEMON Tools Lite

2008-12-11 14:14 . 2008-12-11 14:14 <DIR> d-------- c:\program files\DAEMON Tools Lite

2008-12-11 14:10 . 2008-12-11 14:19 <DIR> d-------- c:\users\Simon\AppData\Roaming\DAEMON Tools Lite

2008-12-11 14:10 . 2008-12-11 14:10 717,296 --a------ c:\windows\System32\drivers\sptd.sys

2008-12-11 13:27 . 2008-12-13 02:12 <DIR> d-------- c:\users\Simon\AppData\Roaming\Ventrilo

2008-12-11 13:26 . 2008-12-11 13:26 <DIR> d-------- c:\program files\Ventrilo

2008-12-11 13:26 . 2008-12-11 13:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-12-11 13:26 . 2008-12-11 13:26 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2008-12-10 20:35 . 2004-01-11 23:00 348,160 --a------ c:\windows\System32\msvcr71.dll

2008-12-10 19:52 . 2008-12-10 19:52 <DIR> dr------- c:\windows\System32\config\systemprofile\Music

2008-12-10 19:36 . 2008-12-10 19:36 <DIR> d-------- c:\program files\CoreCodec

2008-12-10 11:10 . 2008-12-10 11:10 <DIR> d-------- c:\program files\CCleaner

2008-12-10 02:26 . 2008-12-10 02:26 <DIR> d-------- c:\windows\System32\OEM

2008-12-10 02:26 . 2008-12-09 17:34 <DIR> d-------- c:\windows\Panther

2008-12-10 02:26 . 2008-12-10 02:26 <DIR> d--hs---- C:\Boot

2008-12-10 02:26 . 2008-01-08 23:32 443,912 -rahs---- C:\bootmgr

2008-12-10 02:26 . 2008-12-10 02:26 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-12-10 02:26 . 2007-03-16 17:40 59 -ra------ c:\windows\DELL_VERSION

2008-12-09 22:00 . 2008-12-16 19:23 <DIR> d-------- c:\users\Simon\Tracing

2008-12-09 21:55 . 2008-12-09 21:55 <DIR> d-------- c:\program files\Microsoft

2008-12-09 21:54 . 2008-12-09 21:54 <DIR> d-------- c:\windows\PCHEALTH

2008-12-09 21:47 . 2008-12-09 21:48 <DIR> d-------- c:\users\Simon\AppData\Roaming\Media Player Classic

2008-12-09 21:47 . 2008-12-09 21:47 <DIR> d-------- c:\program files\Common Files\Windows Live

2008-12-09 21:40 . 2008-12-09 21:49 <DIR> d-------- c:\users\Simon\AppData\Roaming\mIRC

2008-12-09 21:40 . 2008-12-09 21:53 <DIR> d-------- c:\users\Simon\amsn

2008-12-09 21:40 . 2008-12-16 17:29 <DIR> d-------- c:\program files\mIRC

2008-12-09 21:22 . 2008-12-09 21:54 <DIR> d-------- c:\program files\Windows Live

2008-12-09 21:22 . 2008-12-09 21:22 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller

2008-12-09 21:21 . 2008-12-09 21:45 <DIR> d-------- c:\users\All Users\WLInstaller

2008-12-09 21:21 . 2008-12-09 21:45 <DIR> d-------- c:\programdata\WLInstaller

2008-12-09 19:58 . 2008-12-09 19:58 <DIR> d-------- c:\users\Simon\AppData\Roaming\Realtime Soft

2008-12-09 19:58 . 2008-12-09 19:58 <DIR> d-------- c:\users\All Users\Realtime Soft

2008-12-09 19:58 . 2008-12-09 19:58 <DIR> d-------- c:\programdata\Realtime Soft

2008-12-09 19:58 . 2008-12-09 19:58 <DIR> d-------- c:\program files\UltraMon

2008-12-09 19:47 . 2008-12-10 19:22 <DIR> d-------- c:\users\Simon\AppData\Roaming\Winamp

2008-12-09 19:47 . 2008-12-10 11:11 <DIR> d-------- c:\program files\Winamp

2008-12-09 19:47 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-12-09 19:32 . 2008-12-16 19:19 <DIR> d-------- c:\users\Simon\AppData\Roaming\uTorrent

2008-12-09 19:32 . 2008-12-09 19:32 <DIR> d-------- c:\program files\uTorrent

2008-12-09 19:31 . 2008-12-16 19:22 <DIR> d-------- c:\program files\Steam

2008-12-09 19:31 . 2008-12-10 11:13 <DIR> d-------- c:\program files\Common Files\Steam

2008-12-09 19:27 . 2008-12-09 19:27 <DIR> d-------- c:\windows\System32\Macromed

2008-12-09 19:25 . 2008-12-09 19:25 <DIR> d-------- c:\program files\Opera

2008-12-09 19:22 . 2008-12-12 15:03 <DIR> d--hs---- c:\windows\Installer

2008-12-09 18:18 . 2008-12-09 18:18 <DIR> d-------- c:\users\All Users\NVIDIA

2008-12-09 18:18 . 2008-12-09 18:18 <DIR> d-------- c:\programdata\NVIDIA

2008-12-09 18:12 . 2008-11-12 14:54 1,108,512 --a------ c:\windows\System32\nvcpluir.dll

2008-12-09 18:12 . 2008-11-12 14:54 801,312 --a------ c:\windows\System32\nvcplui.exe

2008-12-09 18:12 . 2008-11-12 14:54 420,384 --a------ c:\windows\System32\nvcpl.cpl

2008-12-09 18:11 . 2008-12-09 18:11 <DIR> d-------- C:\NVIDIA

2008-12-09 18:11 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE

2008-12-09 18:01 . 2008-12-09 18:01 <DIR> d-------- C:\RaidTool

2008-12-09 18:01 . 2007-03-21 17:23 1,953,792 -r------- c:\windows\System32\xRaidSetup.exe

2008-12-09 18:01 . 2007-03-20 22:15 143,360 -r------- c:\windows\System32\xRaidAPI.dll

2008-12-09 18:01 . 2007-03-24 12:20 46,208 --a------ c:\windows\System32\drivers\jraid.sys

2008-12-09 18:01 . 2006-02-07 20:52 6,912 --a------ c:\windows\System32\drivers\JGOGO.sys

2008-12-09 18:00 . 2008-12-09 18:01 <DIR> d-------- c:\windows\RaidTool

2008-12-09 18:00 . 2006-08-30 13:33 319,984 -r------- c:\windows\System32\DifxApi.dll

2008-12-09 17:59 . 2008-12-09 17:59 <DIR> d-------- c:\windows\System32\Attansic

2008-12-09 17:58 . 2007-03-15 15:41 48,128 --a------ c:\windows\System32\drivers\atl01v32.sys

2008-12-09 17:56 . 2008-12-09 17:56 <DIR> d-------- c:\windows\System32\RTCOM

2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\program files\Realtek

2008-12-09 17:55 . 2008-12-11 14:21 <DIR> d--h----- c:\program files\InstallShield Installation Information

2008-12-09 17:54 . 2008-12-09 17:54 <DIR> d-------- c:\program files\Common Files\InstallShield

2008-12-09 17:52 . 2008-12-09 17:52 <DIR> d-------- c:\windows\ASUSInstAll

2008-12-09 17:46 . 2008-12-09 17:46 <DIR> d-------- c:\program files\Intel

2008-12-09 17:46 . 2008-12-09 17:46 <DIR> d-------- C:\Intel

2008-12-09 17:46 . 2008-12-09 18:01 14,066 --a------ c:\windows\Ascd_log.ini

2008-12-09 17:45 . 2008-12-09 17:45 13,742 --a------ c:\windows\Ascd_tmp.ini

2008-12-09 17:45 . 2006-10-11 12:33 10,288 --a------ c:\windows\System32\drivers\ASUSHWIO.SYS

2008-12-09 17:45 . 2006-10-18 22:44 7,680 --a------ c:\windows\System32\drivers\ASACPI.sys

2008-12-09 17:39 . 2008-12-09 17:39 <DIR> dr------- c:\users\Simon\Searches

2008-12-09 17:38 . 2008-12-09 17:39 <DIR> dr------- c:\users\Simon\Videos

2008-12-09 17:38 . 2008-12-09 17:39 <DIR> dr------- c:\users\Simon\Saved Games

2008-12-09 17:38 . 2008-12-13 01:11 <DIR> dr------- c:\users\Simon\Pictures

2008-12-09 17:38 . 2008-12-09 17:39 <DIR> dr------- c:\users\Simon\Music

2008-12-09 17:38 . 2008-12-09 17:39 <DIR> dr------- c:\users\Simon\Links

2008-12-09 17:38 . 2008-12-10 19:34 <DIR> dr------- c:\users\Simon\Downloads

2008-12-09 17:38 . 2008-12-11 14:26 <DIR> dr------- c:\users\Simon\Documents

2008-12-09 17:38 . 2008-12-09 17:38 <DIR> dr------- c:\users\Simon\Contacts

2008-12-09 17:38 . 2006-11-02 13:35 <DIR> d-------- c:\users\Simon\AppData\Roaming\Media Center Programs

2008-12-09 17:38 . 2008-12-09 17:39 <DIR> d--h----- c:\users\Simon\AppData

2008-12-09 17:38 . 2008-12-09 22:00 <DIR> d-------- c:\users\Simon

2008-12-09 17:37 . 2007-03-17 12:41 171,136 -rahs---- C:\grldr

2008-12-09 17:36 . 2008-12-09 17:36 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts

2008-12-09 17:29 . 2008-12-10 11:12 <DIR> d-------- c:\windows\Debug

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 10:30 --------- d-----w c:\program files\Windows Sidebar

2008-12-10 10:30 --------- d-----w c:\program files\Windows Photo Gallery

2008-12-10 10:30 --------- d-----w c:\program files\Windows Mail

2008-12-10 10:30 --------- d-----w c:\program files\Windows Journal

2008-12-10 10:30 --------- d-----w c:\program files\Windows Defender

2008-12-10 10:30 --------- d-----w c:\program files\Windows Collaboration

2008-12-10 10:30 --------- d-----w c:\program files\Windows Calendar

2008-12-09 16:55 319,456 ----a-w c:\windows\DIFxAPI.dll

2008-12-09 16:55 315,392 ----a-w c:\windows\HideWin.exe

2008-12-09 16:32 174 --sha-w c:\program files\desktop.ini

2008-11-12 13:54 7,611,360 ----a-w c:\windows\system32\drivers\nvlddmkm.sys

2008-11-12 13:54 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2008-12-09 1410296]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]

"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]

c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

STANDARD.lnk - c:\users\Simon\AppData\Roaming\Realtime Soft\UltraMon\Profiles\STANDARD.umprofile [2008-12-09 327]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2394058434-2306417654-4167907351-1000]

"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{70B3A06D-88CE-4940-957E-D2380E73D806}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{495ACF9A-D3D6-4DE9-B9D4-66FA6D4CF77C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{58B1042F-DA42-478E-AC34-FEF6EFA4A9BD}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{D5C78411-99F9-45F3-B28E-15E7BD9D36BB}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{0B76CCF4-C5F9-4BB5-B52F-2CA88FB4E1DE}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{472130D3-22BA-4FF2-8D4F-8EFD789BE92D}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{A2F79566-0FD4-42A0-99C7-E307E9AD6E66}"= UDP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV

"{9F74AC92-AC39-414E-B63B-72C6B1FF81B5}"= TCP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2008-12-09 48128]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-16 38496]

.

- - - - TOMME PEKERE FJERNET - - - -

BHO-{2EC7DE5A-449C-47B2-B500-31AD2FE74A68} - c:\windows\system32\xxyaxYsT.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 19:25:32

Windows 6.0.6000 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

c:\windows\TEMP\TMP0000000E97C845AA73C64D55 524288 bytes executable

skanning vellykket

skjulte filer: 1

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(3780)

c:\program files\UltraMon\RTSUltraMonHook.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\NetLimiter 2 Pro\nlsvc.exe

c:\windows\System32\PnkBstrA.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\conime.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\windows\System32\VSSVC.exe

c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe

c:\windows\System32\wermgr.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-16 19:30:29 - maskinen ble startet på nytt [simon]

ComboFix-quarantined-files.txt 2008-12-16 18:30:09

Pre-Run: 411 691 290 624 bytes free

Post-Run: 414,977,945,600 bytes free

269

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1506

Windows 6.0.6000

16.12.2008 19:39:01

mbam-log-2008-12-16 (19-39-01).txt

Skanntype: Rask Skann

Objekter skannet: 41309

Tid tilbakelagt: 1 minute(s), 57 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Windows\System32\jkkKaxYs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Takker på forhånd for hjelp

norbat · 16. desember 2008

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Åpne notisblokk, kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

DirLook::

c:\windows\TEMP\TMP0000000E97C845AA73C64D55

Endret 16. desember 2008 av norbat

Looke · 16. desember 2008

Skannet pcen med CCleaner, men det du sa under fungerte ikke, programmet kunne ikke finne den filen.

The system cannot find message text for message number 0x8 in the message file for System.

norbat · 16. desember 2008

Betyr det at combofix ikke kjørt?

Hvis det kjørte, så poster du loggen.

Hvis det ikke kjørt, så kjører du det ved å dobbeltklikke på combofix-iconet.l

Looke · 16. desember 2008

Combofix kjørte den første gangen jeg skulle kjøre det, men den erroren kom opp den gangen jeg skulle trekke den tekstfilen over Combofix ikonet.

norbat · 16. desember 2008

Ok,

da kjører du bare combofix som vanlig og poste loggen.

Poster utskilt fra veiledertråden-2

Anbefalte innlegg

Lenke til kommentar

Videoannonse

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Gjest Slettet-1ZSK0pUMX2

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer