Gå til innhold

Se over logger

Bulf

Av Bulf
i IKT-drift og sikkerhet

Anbefalte innlegg

Bulf

Bulf

Skrevet
Skrevet (endret)

Bruttern har drivd å lasta ned masse dritt på datan til muttern.... Regner med at det er en del her, så kan noen se over loggene fra mbam og combofix?

MBAM

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4210

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

17.06.2010 23:45:39

mbam-log-2010-06-17 (23-45-39).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 142317

Tid tilbakelagt: 10 minutt(er), 51 sekund(er)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 11

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 4

Filer infisert 2

 

Minneprosesser infisert:

C:\Programfiler\Registry Helper\RegistryHelperService.exe (Rogue.RegistryHelper) -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\registry helper service (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KwinzySrch Service (Adware.Zwangi) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KWINZYSRCH_SERVICE (Adware.Zwangi) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

C:\Programfiler\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

C:\Programfiler\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully.

C:\Programfiler\KwinzySrch\KwinzySrch_deleted_ (Adware.Zwangi) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\KwinzySrch (Adware.Zwangi) -> Quarantined and deleted successfully.

 

Filer infisert

C:\Programfiler\Registry Helper\RegistryHelperService.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

C:\Programfiler\Registry Helper\Thumbs.db (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

 

 

 

Combofix:

 

 

ComboFix 10-06-17.02 - Gunhild Kvam 18.06.2010 0:19.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1022.382 [GMT 2:00]

Kjører fra: c:\documents and settings\Gunhild Kvam\Skrivebord\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Programdata\Toolbar4

c:\documents and settings\Gunhild Kvam\Programdata\inst.exe

c:\windows\21029.exe

c:\windows\system32\win.com

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-05-17 til 2010-06-17 )))))))))))))))))))))))))))))))))

.

 

2010-11-19 14:38 . 2010-11-19 14:38 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Ahead

2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Malwarebytes

2010-06-17 21:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-06-17 21:17 . 2010-06-17 21:17 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-06-17 21:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-16 18:05 . 2010-06-16 18:05 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Canneverbe Limited

2010-06-16 18:05 . 2010-06-16 18:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Canneverbe Limited

2010-06-16 18:04 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-06-16 18:04 . 2010-06-16 18:04 -------- d-----w- c:\programfiler\CDBurnerXP

2010-06-16 15:10 . 2010-06-16 15:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-16 15:05 . 2010-06-16 15:05 -------- d-----w- c:\programfiler\LSoft Technologies

2010-06-16 14:31 . 2010-06-16 14:31 -------- d-----w- c:\programfiler\TrendyFlash Intro Builder

2010-06-16 14:21 . 2010-06-16 14:21 -------- d-----w- c:\programfiler\TrendyFlash Site Builder

2010-06-13 14:59 . 2010-06-13 14:59 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\Avira

2010-06-13 14:55 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-06-13 14:55 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-13 14:55 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-06-13 14:55 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-06-13 14:54 . 2010-06-13 14:54 -------- d-----w- c:\programfiler\Avira

2010-06-13 14:54 . 2010-06-13 14:54 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira

2010-06-12 18:49 . 2010-06-14 16:45 -------- d-----w- c:\programfiler\Yahoo SiteBuilder

2010-06-12 18:22 . 2010-06-12 18:24 23147 ----a-w- c:\windows\hpqins15.dat

2010-06-12 18:19 . 2010-06-12 18:19 -------- d-----w- c:\programfiler\CoffeeCup Software

2010-06-11 17:25 . 2003-08-29 21:52 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-06-11 17:25 . 2003-08-29 21:51 156160 ----a-w- c:\windows\system32\unrar3.dll

2010-06-11 17:25 . 2010-06-11 17:25 -------- d-----w- c:\programfiler\TUGZip

2010-06-11 17:22 . 2010-06-11 17:23 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\jZip

2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- c:\programfiler\jZip

2010-06-11 17:13 . 2010-06-17 21:12 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\HPAppData

2010-06-11 16:58 . 2010-06-11 16:58 -------- d-----w- c:\documents and settings\All Users\Programdata\WEBREG

2010-06-11 16:58 . 2010-06-11 16:58 -------- d-----w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\HP

2010-06-11 16:49 . 2010-06-11 16:54 -------- d-----w- c:\programfiler\HP

2010-06-11 16:48 . 2010-06-11 16:58 169111 ----a-w- c:\windows\hphins33.dat

2010-06-11 16:48 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-17 22:33 . 2009-03-26 09:23 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\uTorrent

2010-06-17 21:01 . 2009-03-26 09:23 -------- d-----w- c:\programfiler\uTorrent

2010-06-16 15:05 . 2005-12-02 07:54 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2010-06-12 20:29 . 2006-07-04 21:51 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\OpenOffice.org2

2010-06-11 17:10 . 2008-06-21 16:33 -------- d-----w- c:\programfiler\Windows Live

2010-06-11 16:58 . 2010-06-11 16:57 -------- d-----w- c:\documents and settings\Gunhild Kvam\Programdata\HP

2010-06-11 16:58 . 2006-07-03 22:55 87040 ----a-w- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2010-06-11 16:57 . 2010-06-11 16:51 -------- d-----w- c:\documents and settings\All Users\Programdata\HP

2010-06-11 16:54 . 2010-06-11 16:54 -------- d-----w- c:\programfiler\Fellesfiler\HP

2010-06-11 16:53 . 2010-06-11 16:53 -------- d-----w- c:\documents and settings\All Users\Programdata\HP Product Assistant

2010-06-11 16:51 . 2010-06-11 16:51 -------- d-----w- c:\programfiler\Fellesfiler\Hewlett-Packard

2010-06-11 16:21 . 2009-11-24 18:34 -------- d-----w- c:\programfiler\Mozilla Firefox 3.6 Beta 3

2010-06-03 17:25 . 2009-09-15 13:20 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLds.DAT

2010-06-03 17:25 . 2006-10-22 15:09 20 ---h--w- c:\documents and settings\All Users\Programdata\PKP_DLec.DAT

2010-04-22 11:32 . 2010-04-22 11:32 -------- d-----w- c:\programfiler\ImgBurn

2010-04-19 14:09 . 2010-04-19 14:08 12380708 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\rp\RealPlayerSPGold.exe

2010-04-19 14:08 . 2010-04-19 14:08 8405312 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

2010-04-19 14:06 . 2010-04-19 14:06 149000 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\chr_helper\LaunchHelper.exe

2010-04-19 14:06 . 2010-04-19 14:06 10309448 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\chr\ChromeInstaller.exe

2010-04-19 14:04 . 2010-04-19 14:04 79368 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\vista.exe

2010-04-19 14:04 . 2010-04-19 14:04 52288 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\gtapi.dll

2010-04-19 14:04 . 2010-04-19 14:04 64000 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll

2010-04-19 14:04 . 2010-04-19 14:04 50688 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll

2010-04-19 14:04 . 2010-04-19 14:04 49152 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll

2010-04-19 14:04 . 2010-04-19 14:04 118784 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\RUP\inst_config\compat.dll

2010-04-17 00:17 . 2010-04-17 00:17 306544 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-16 13:09 . 2010-04-16 13:09 439816 ----a-w- c:\documents and settings\Gunhild Kvam\Programdata\Real\Update\setup3.10\setup.exe

2010-04-16 13:05 . 2010-04-16 13:05 49 ----a-w- c:\windows\drprofile.dat

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\ReaderUpdater.exe

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Programdata\Adobe\Reader\9.3\ARM\28687\AcrobatUpdater.exe

2005-12-03 03:03 . 2005-12-03 03:03 153099 ----a-w- c:\programfiler\SetupGraph-4.3.exe

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\programfiler\uTorrent\uTorrent.exe" [2010-06-14 324912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-16 10:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"Steam"="c:\programfiler\Steam\Steam.exe" -silent

"UltimateVirus!471"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

"UltimateVirus!367"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

"UltimateVirus!"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" /background

"Creative Detector"=c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe /R

"GM4IE"=c:\programfiler\GM4IE\gm4ie.exe

"Google Update"="c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

"OM_Monitor"=c:\programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

"Minimizer-XP"=c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\minixp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe"

"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

"PPort11reminder"="c:\programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"InternetDownload_upgrade"="c:\programfiler\NBget\InternetDownload\InternetDownload.exe" /upgrade

"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

"BrMfcWnd"=c:\programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3"=c:\programfiler\Brother\ControlCenter3\brctrcen.exe /autorun

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe"

"Snarvei til egenskapsside for High Definition Audio"=HDAShCut.exe

"SMSERIAL"=sm56hlpr.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"OM_Monitor"=c:\programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe

"OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

"PaperPort PTD"="c:\programfiler\ScanSoft\PaperPort\pptd40nt.exe"

"IndexSearch"="c:\programfiler\ScanSoft\PaperPort\IndexSearch.exe"

"InstantOn"="c:\powercinema linux\ion_install.exe" /c

"Alcmtr"=ALCMTR.EXE

"RTHDCPL"=RTHDCPL.EXE

"SSBkgdUpdate"="c:\programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SynTPEnh"=c:\programfiler\Synaptics\SynTP\SynTPEnh.exe

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\CLI.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Ventrilo\\Ventrilo.exe"=

"c:\\Programfiler\\Steam\\Steam.exe"=

"c:\\Programfiler\\Steam\\steamapps\\lundinho92\\counter-strike source\\hl2.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 DiMaint;Eicon Maintenance Driver;c:\windows\system32\drivers\disdn\dimaint.sys [04.07.2006 01:24 91305]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.06.2010 17:10 691696]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.12.2008 10:37 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.12.2008 10:37 108552]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.2007 18:08 81688]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [13.06.2010 16:55 135336]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16.08.2009 12:46 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.12.2008 10:36 297752]

R2 DiCapi;Eicon CAPI 2.0-driver;c:\windows\system32\drivers\disdn\capi20.sys [04.07.2006 01:24 164923]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 01:12 1044808]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 08:24 10064]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 LasMan;Local Connection Manager;c:\windows\System32\svchost.exe -k netsvcs [20.06.2008 18:22 14336]

S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe --> c:\program files\NetMeeting\comp.exe [?]

S3 DiWan;Eicon-driver for alle DIVA PnP-kort;c:\windows\system32\drivers\disdn\Diwan.sys [04.07.2006 01:24 952007]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\GUNHIL~1\LOKALE~1\Temp\ewdmaudn.sys --> c:\docume~1\GUNHIL~1\LOKALE~1\Temp\ewdmaudn.sys [?]

S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [30.05.2007 17:34 39424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

LasMan

UxTuneUp

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678422516-1975078584-2202250191-1006Core.job

- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2005-12-17 16:34]

 

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678422516-1975078584-2202250191-1006UA.job

- c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2005-12-17 16:34]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.qword.com/?s=1

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: Download by NBget Internet Download - c:\programfiler\NBget\InternetDownload\adddownload.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: qword.com

FF - ProfilePath - c:\documents and settings\Gunhild Kvam\Programdata\Mozilla\Firefox\Profiles\sbs2gr6l.default\

FF - plugin: c:\documents and settings\Gunhild Kvam\Lokale innstillinger\Programdata\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - TOMME PEKERE FJERNET - - - -

 

AddRemove-MagicDisc 2.7.106 - c:\progra~1\MAGICD~1\UNWISE.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-18 00:29

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FD51F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf75baf28

\Driver\ACPI -> ACPI.sys @ 0xf7412cb8

\Driver\atapi -> atapi.sys @ 0xf72f7b40

\Driver\iaStor -> iaStor.sys @ 0xf73477b0

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e368e

ParseProcedure -> ntoskrnl.exe @ 0x805786b1

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e368e

ParseProcedure -> ntoskrnl.exe @ 0x805786b1

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-678422516-1975078584-2202250191-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:95,a2,54,2d,4b,5d,ab,2e,ba,71,61,49,d9,6b,7c,ff,0d,cd,1c,ff,08,bd,f9,

6f,17,96,b5,50,97,5a,6e,c8,b2,3b,b8,ae,db,ed,f1,b1,d5,2f,d8,76,55,d7,16,10,\

"??"=hex:64,5a,3b,3d,73,91,a8,ff,5a,99,99,54,22,27,7c,43

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0113220f-d06b-4da4-a630-63c6b38119df}]

@Denied: (Full) (Everyone)

"Model"=dword:00000006

"Therad"=dword:00000018

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):0d,61,65,fd,91,04,d0,71,18,08,0c,5f,74,38,e6,50,51,df,5c,77,52,

da,bc,02,9e,69,2e,81,65,4a,0e,13,b5,33,35,3a,75,af,9b,e5,00,00,00,00,00,00,\

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(216)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(560)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\programfiler\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\programfiler\Avira\AntiVir Desktop\avguard.exe

c:\programfiler\Avira\AntiVir Desktop\avshadow.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programfiler\NetLimiter 2 Monitor\nlsvc.exe

c:\programfiler\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\UStorSrv.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

c:\programfiler\NetLimiter 2 Monitor\NLClient.exe

c:\programfiler\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\wscntfy.exe

c:\programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

c:\programfiler\HP\Digital Imaging\bin\hpqbam08.exe

c:\programfiler\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-06-18 00:36:46 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-06-17 22:36

 

Pre-Run: 44 937 068 544 byte ledig

Post-Run: 45 007 224 832 byte ledig

 

- - End Of File - - D53D38A01ABE982E1F8565D35745434D

 

 

Endret av Bulf
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
snippsat

snippsat

Skrevet
Skrevet (endret)

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

60876047vu9.gif

 

Driver::

ewdmaudn

 

 

UltimateVirus er vel et tullevirus,derfor fjerner jeg den ikke.

Ønsker du og fjerne den,men får det ikke til kan jeg ta det.

Endret av SNIPPSAT
Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

60876047vu9.gif

 

File::

c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

c:\documents and settings\Gunhild Kvam\Skrivebord\nedlastning\theultimatevirusv120\UltimateVirus!.exe

 

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"UltimateVirus!471"=-

"UltimateVirus!367"=-

"UltimateVirus!"=-

 

Driver::

ewdmaudn

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...