Gå til innhold

Irriterende virus som popper opp.

Rockna

Av Rockna
i IKT-drift og sikkerhet

Anbefalte innlegg

Rockna

Rockna

Skrevet
Skrevet

Hei.

 

Har tydeligvis fått et virus av noe slag, det popper opp så vinduer som feks denne:

 

post-92782-1265046169_thumb.jpg

 

Her er DDS loggen min:

 

 

DDS (Ver_09-12-01.01) - NTFSX64

Run by Tom at 18:37:50,05 on 01.02.2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2163 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Voddler\service\voddler.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Tom\AppData\Roaming\WinServ\Win.exe

C:\Users\Tom\AppData\Roaming\Microsoft\winscv.exe

C:\Program Files (x86)\Voddler\service\VNetManager.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\SysWOW64\explorer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Public\Games\World of Warcraft\WoW.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Tom\AppData\Local\Temp\winsys.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Tom\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

uRun: [xqkxSqu] c:\users\tom\appdata\local\temp\activex.exe

uRun: [winscv.exe] c:\users\tom\appdata\roaming\microsoft\winscv.exe

uRun: [cujS85T3l] \windows.exe

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [winsys32] c:\users\tom\appdata\local\temp\activex.exe

uRun: [HKCU] c:\users\tom\appdata\roaming\win32\server.exe

uRun: [Windews] c:\users\tom\appdata\roaming\hydra\Important.exe

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [VoddlerNet Manager] c:\program files (x86)\voddler\service\VNetManager.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ed5qqf9w.default\

FF - component: c:\program files (x86)\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

 

============= SERVICES / DRIVERS ===============

 

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]

R2 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-1-26 1235664]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr6164.sys [2009-6-2 438784]

 

=============== Created Last 30 ================

 

2010-02-01 17:18:06 0 d-sh--r- c:\users\tom\appdata\roaming\Hydra

2010-02-01 17:09:18 0 d-----w- c:\users\tom\appdata\roaming\Malwarebytes

2010-02-01 17:09:12 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-01 17:09:12 0 d-----w- c:\programdata\Malwarebytes

2010-02-01 17:09:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-02-01 14:50:56 3288 ------w- C:\bootsqm.dat

2010-01-31 10:41:53 0 d-----w- c:\users\tom\appdata\roaming\WinServ

2010-01-30 17:05:00 0 d-----w- c:\program files (x86)\SystemRequirementsLab

2010-01-28 19:03:36 0 d-----w- c:\program files (x86)\Canon

2010-01-28 19:03:35 0 d-----w- c:\program files\Canon

2010-01-28 18:58:50 258560 ----a-w- c:\windows\system32\CNMLM93.DLL

2010-01-28 18:58:49 92672 ----a-w- c:\windows\system32\CNC610I.DLL

2010-01-28 18:58:49 246272 ----a-w- c:\windows\system32\CNC610L.DLL

2010-01-28 18:58:49 229888 ----a-w- c:\windows\system32\CNC610O.DLL

2010-01-28 18:58:49 1439744 ----a-w- c:\windows\system32\CNC610C.DLL

2010-01-28 18:58:37 0 d--h--w- c:\program files\CanonBJ

2010-01-28 18:54:44 0 d--h--w- c:\programdata\CanonBJ

2010-01-28 15:58:29 496640 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-01-28 15:26:58 0 d-----w- c:\programdata\Voddler

2010-01-28 15:26:56 0 d-----w- C:\Voddler

2010-01-28 15:26:45 0 d-----w- c:\program files (x86)\Voddler

2010-01-27 12:45:59 2870272 ----a-w- c:\windows\explorer.exe

2010-01-27 12:45:58 2614272 ----a-w- c:\windows\syswow64\explorer.exe

2010-01-27 12:45:57 389632 ----a-w- c:\windows\system32\winlogon.exe

2010-01-27 12:45:53 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys

2010-01-27 12:45:53 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2010-01-26 12:32:22 0 d-----w- c:\users\tom\appdata\roaming\winsys32

2010-01-22 12:05:49 5961728 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-22 12:05:49 10976768 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-22 12:05:48 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-22 12:05:48 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-22 12:05:48 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-22 12:05:48 1224704 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-22 12:05:48 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 18:25:45 0 d-----w- c:\programdata\Blizzard Entertainment

2010-01-18 14:36:20 0 d-----w- c:\programdata\Blizzard

2010-01-18 14:12:58 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment

2010-01-14 15:19:54 0 d-----w- c:\program files (x86)\Activision

2010-01-13 15:34:25 0 d-----w- c:\programdata\PopCap Games

2010-01-13 14:13:56 70656 ----a-w- c:\windows\syswow64\fontsub.dll

2010-01-13 14:13:56 148480 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 14:13:56 108544 ----a-w- c:\windows\syswow64\t2embed.dll

2010-01-13 14:13:56 100864 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 16:21:40 0 d-----w- c:\program files\DivX

2010-01-12 16:21:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\DivX

2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-01-12 14:00:17 0 d-----w- c:\windows\pss

2010-01-07 16:06:36 0 d-----w- c:\program files (x86)\AnalogX

2010-01-06 20:25:50 0 d-----w- c:\users\tom\appdata\roaming\mIRC

2010-01-06 20:25:50 0 d-----w- c:\program files (x86)\mIRC

2010-01-06 18:21:53 0 d-----w- c:\users\tom\appdata\roaming\MozillaControl

2010-01-06 18:21:40 0 d-----w- c:\program files (x86)\Mozilla ActiveX Control v1.7.12

2010-01-06 18:20:59 0 d-----w- c:\program files (x86)\Graboid

2010-01-05 17:26:17 288 ----a-w- c:\windows\ODBC.INI

2010-01-05 17:26:17 1644 ----a-w- c:\windows\ODBCINST.INI

2010-01-05 17:26:06 0 d-----w- c:\program files (x86)\Mutify

2010-01-05 17:25:15 286720 ------w- c:\windows\Setup1.exe

2010-01-05 17:25:12 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-05 17:25:11 1706 ----a-w- c:\windows\ST6UNST.000

 

==================== Find3M ====================

 

2010-02-01 17:36:34 1702 ---ha-w- c:\users\tom\appdata\roaming\logs.dat

2010-02-01 17:21:55 73930 ----a-w- c:\windows\system32\perfc014.dat

2010-02-01 17:21:55 447984 ----a-w- c:\windows\system32\perfh014.dat

2010-01-14 10:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe

2009-11-30 17:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll

2009-11-30 17:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

2009-11-19 15:37:59 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll

2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll

2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll

2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll

2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll

2009-11-09 19:55:14 36156 ----a-w- c:\windows\system32\perfd014.dat

2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat

2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\system32\perfi014.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat

2009-11-06 09:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll

2009-11-06 09:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 18:40:00,32 ===============

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Rockna

Rockna

Skrevet
  • Forfatter
Skrevet

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

01.02.2010 19:23:59

mbam-log-2010-02-01 (19-23-59).txt

 

Scan type: Quick Scan

Objects scanned: 98026

Time elapsed: 4 minute(s), 22 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Users\Tom\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\Tom\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Tom\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Tom\AppData\Roaming\win32\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

__________________________________________________________________________________________

__________

 

 

 

DDS (Ver_09-12-01.01) - NTFSX64

Run by Tom at 19:24:38,16 on 01.02.2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2146 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Voddler\service\voddler.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Tom\AppData\Roaming\WinServ\Win.exe

C:\Users\Tom\AppData\Roaming\Microsoft\winscv.exe

C:\Program Files (x86)\Voddler\service\VNetManager.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\SysWOW64\explorer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\Tom\AppData\Local\Temp\winsys.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Public\Games\World of Warcraft\WoW.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Tom\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll

uRun: [xqkxSqu] c:\users\tom\appdata\local\temp\activex.exe

uRun: [winscv.exe] c:\users\tom\appdata\roaming\microsoft\winscv.exe

uRun: [cujS85T3l] \windows.exe

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [winsys32] c:\users\tom\appdata\local\temp\activex.exe

uRun: [Windews] c:\users\tom\appdata\roaming\hydra\Important.exe

uRun: [HKCU] c:\users\tom\appdata\roaming\win32\server.exe

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [VoddlerNet Manager] c:\program files (x86)\voddler\service\VNetManager.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ed5qqf9w.default\

FF - component: c:\program files (x86)\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

 

============= SERVICES / DRIVERS ===============

 

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]

R2 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-1-26 1235664]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr6164.sys [2009-6-2 438784]

 

=============== Created Last 30 ================

 

2010-02-01 18:24:33 247 ----a-w- c:\users\tom\appdata\roaming\logs.dat

2010-02-01 17:18:06 0 d-sh--r- c:\users\tom\appdata\roaming\Hydra

2010-02-01 17:09:18 0 d-----w- c:\users\tom\appdata\roaming\Malwarebytes

2010-02-01 17:09:12 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-01 17:09:12 0 d-----w- c:\programdata\Malwarebytes

2010-02-01 17:09:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-02-01 14:50:56 3288 ------w- C:\bootsqm.dat

2010-01-31 10:41:53 0 d-----w- c:\users\tom\appdata\roaming\WinServ

2010-01-30 17:05:00 0 d-----w- c:\program files (x86)\SystemRequirementsLab

2010-01-28 19:03:36 0 d-----w- c:\program files (x86)\Canon

2010-01-28 19:03:35 0 d-----w- c:\program files\Canon

2010-01-28 18:58:50 258560 ----a-w- c:\windows\system32\CNMLM93.DLL

2010-01-28 18:58:49 92672 ----a-w- c:\windows\system32\CNC610I.DLL

2010-01-28 18:58:49 246272 ----a-w- c:\windows\system32\CNC610L.DLL

2010-01-28 18:58:49 229888 ----a-w- c:\windows\system32\CNC610O.DLL

2010-01-28 18:58:49 1439744 ----a-w- c:\windows\system32\CNC610C.DLL

2010-01-28 18:58:37 0 d--h--w- c:\program files\CanonBJ

2010-01-28 18:54:44 0 d--h--w- c:\programdata\CanonBJ

2010-01-28 15:58:29 496640 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-01-28 15:26:58 0 d-----w- c:\programdata\Voddler

2010-01-28 15:26:56 0 d-----w- C:\Voddler

2010-01-28 15:26:45 0 d-----w- c:\program files (x86)\Voddler

2010-01-27 12:45:59 2870272 ----a-w- c:\windows\explorer.exe

2010-01-27 12:45:58 2614272 ----a-w- c:\windows\syswow64\explorer.exe

2010-01-27 12:45:57 389632 ----a-w- c:\windows\system32\winlogon.exe

2010-01-27 12:45:53 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys

2010-01-27 12:45:53 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2010-01-26 12:32:22 0 d-----w- c:\users\tom\appdata\roaming\winsys32

2010-01-22 12:05:49 5961728 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-22 12:05:49 10976768 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-22 12:05:48 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-22 12:05:48 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-22 12:05:48 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-22 12:05:48 1224704 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-22 12:05:48 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 18:25:45 0 d-----w- c:\programdata\Blizzard Entertainment

2010-01-18 14:36:20 0 d-----w- c:\programdata\Blizzard

2010-01-18 14:12:58 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment

2010-01-14 15:19:54 0 d-----w- c:\program files (x86)\Activision

2010-01-13 15:34:25 0 d-----w- c:\programdata\PopCap Games

2010-01-13 14:13:56 70656 ----a-w- c:\windows\syswow64\fontsub.dll

2010-01-13 14:13:56 148480 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 14:13:56 108544 ----a-w- c:\windows\syswow64\t2embed.dll

2010-01-13 14:13:56 100864 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 16:21:40 0 d-----w- c:\program files\DivX

2010-01-12 16:21:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\DivX

2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-01-12 14:00:17 0 d-----w- c:\windows\pss

2010-01-07 16:06:36 0 d-----w- c:\program files (x86)\AnalogX

2010-01-06 20:25:50 0 d-----w- c:\users\tom\appdata\roaming\mIRC

2010-01-06 20:25:50 0 d-----w- c:\program files (x86)\mIRC

2010-01-06 18:21:53 0 d-----w- c:\users\tom\appdata\roaming\MozillaControl

2010-01-06 18:21:40 0 d-----w- c:\program files (x86)\Mozilla ActiveX Control v1.7.12

2010-01-06 18:20:59 0 d-----w- c:\program files (x86)\Graboid

2010-01-05 17:26:17 288 ----a-w- c:\windows\ODBC.INI

2010-01-05 17:26:17 1644 ----a-w- c:\windows\ODBCINST.INI

2010-01-05 17:26:06 0 d-----w- c:\program files (x86)\Mutify

2010-01-05 17:25:15 286720 ------w- c:\windows\Setup1.exe

2010-01-05 17:25:12 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-05 17:25:11 1706 ----a-w- c:\windows\ST6UNST.000

 

==================== Find3M ====================

 

2010-02-01 17:21:55 73930 ----a-w- c:\windows\system32\perfc014.dat

2010-02-01 17:21:55 447984 ----a-w- c:\windows\system32\perfh014.dat

2010-01-14 10:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe

2009-11-30 17:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll

2009-11-30 17:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

2009-11-19 15:37:59 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll

2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll

2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll

2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll

2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll

2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll

2009-11-09 19:55:14 36156 ----a-w- c:\windows\system32\perfd014.dat

2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat

2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\system32\perfi014.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat

2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat

2009-11-06 09:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll

2009-11-06 09:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 19:24:56,45 ===============

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Sørg for at du kan se skjulte filer og mapper, samt skjulte operativsystemfiler.

 

Start MBAM igjen, velg Flere Verktøy->Kjør verktøy (FileAssassin).

 

Finn og velg følgende fil: C:\Users\Tom\AppData\Local\Temp\winsys.exe

 

Last deretter ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...