ventura87 Skrevet 12. mars 2011 Del Skrevet 12. mars 2011 (endret) Tror muligens jeg har blitt infisert av et virus, det som skjer er at opptil flere winlogon.exe åpner seg og bruker mye cpu (spiker til 50-60%).Er litt usikker på om det er unormalt i seg selv at det er flere winlogon.exe instanser, men er ihvertall unormalt at den spiker slik. Har googlet en del, og funnet flere som har samme problemet, men finner ingen løsning på problemet. Kjører forøvrig winxp sp3 Legger ved et par bilder av prosessene som kjører, og hijackthis logg. Combofix-logg ComboFix 11-03-12.01 - RogerE 13/03/2011 0:12.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1044.18.2047.1444 [GMT 1:00] Running from: f:\documents and settings\RogerE\Mine dokumenter\Downloads\ComboFix.exe AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:\documents and settings\RogerE\Lokale innstillinger\Temporary Internet Files\udRemove.exe f:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb f:\windows\copyfstq.exe f:\windows\dropcpyr.dll f:\windows\system32\zlibwapi.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SVCHOST32 -------\Service_svchost32 . . ((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 ))))))))))))))))))))))))))))))) . . 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\documents and settings\RogerE\Programdata\Malwarebytes 2011-03-12 22:51 . 2010-12-20 17:09 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\documents and settings\All Users\Programdata\Malwarebytes 2011-03-12 22:51 . 2010-12-20 17:08 20952 ----a-w- f:\windows\system32\drivers\mbam.sys 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\programfiler\Malwarebytes' Anti-Malware 2011-03-12 20:10 . 2011-03-12 20:53 -------- d-----w- f:\documents and settings\RogerE\Programdata\Hamachi 2011-03-12 20:09 . 2011-03-12 20:10 -------- d-----w- f:\programfiler\Hamachi 2011-03-06 00:51 . 2010-07-19 18:03 59472 ----a-w- f:\windows\system32\drivers\tmactmon.sys 2011-03-06 00:51 . 2010-07-19 18:03 51792 ----a-w- f:\windows\system32\drivers\tmevtmgr.sys 2011-03-06 00:49 . 2011-03-06 04:04 -------- d-----w- f:\documents and settings\All Users\Programdata\Trend Micro 2011-03-06 00:48 . 2011-03-06 00:51 -------- d-----w- f:\programfiler\Trend Micro 2011-03-06 00:45 . 2010-07-19 18:02 163408 ----a-w- f:\windows\system32\drivers\tmcomm.sys 2011-03-06 00:45 . 2010-07-30 17:29 249424 ----a-w- f:\windows\system32\drivers\tmxpflt.sys 2011-03-06 00:45 . 2010-07-30 17:29 36432 ----a-w- f:\windows\system32\drivers\tmpreflt.sys 2011-03-06 00:45 . 2010-07-30 17:06 1331512 ----a-w- f:\windows\system32\drivers\vsapint.sys 2011-03-06 00:43 . 2011-03-06 00:43 661808 ----a-w- f:\windows\system32\UfWSC.cpl 2011-03-06 00:43 . 2011-03-06 00:43 89872 ----a-w- f:\windows\system32\drivers\tmtdi.sys 2011-03-04 23:53 . 2011-03-04 23:53 -------- d-----w- f:\programfiler\Fellesfiler\Skype 2011-03-04 23:53 . 2011-03-04 23:53 -------- d-----r- f:\programfiler\Skype 2011-03-01 15:57 . 2011-03-02 18:20 234536 ----a-w- f:\windows\system32\PnkBstrB.xtr 2011-03-01 15:57 . 2011-03-01 15:57 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\PunkBuster 2011-03-01 11:39 . 2011-03-01 11:39 -------- d-----w- f:\programfiler\GameSpy 2011-03-01 11:38 . 2011-03-02 17:58 138520 ----a-w- f:\windows\system32\drivers\PnkBstrK.sys 2011-03-01 11:38 . 2011-03-01 19:35 139152 ----a-w- f:\documents and settings\RogerE\Programdata\PnkBstrK.sys 2011-03-01 11:38 . 2011-03-01 11:38 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\GameSpy 2011-03-01 11:38 . 2011-03-02 18:20 234536 ----a-w- f:\windows\system32\PnkBstrB.exe 2011-03-01 11:38 . 2011-03-01 11:38 794408 ----a-w- f:\windows\system32\Pbsvc.exe 2011-03-01 11:38 . 2011-03-01 11:38 75064 ----a-w- f:\windows\system32\PnkBstrA.exe 2011-02-26 15:39 . 2011-02-26 15:39 -------- d-----w- f:\documents and settings\RogerE\Programdata\Free MP3 WMA OGG Converter 2011-02-26 15:39 . 2005-04-25 12:01 458752 ----a-w- f:\windows\system32\NCTAudioRecord2.dll 2011-02-26 15:39 . 2005-04-25 12:01 458752 ----a-w- f:\windows\system32\NCTAudioPlayer2.dll 2011-02-26 15:39 . 2005-02-24 10:51 348160 ----a-w- f:\windows\system32\NCTWMAFile2.dll 2011-02-26 15:39 . 2005-05-18 10:52 1212416 ----a-w- f:\windows\system32\NCTAudioInformation2.dll 2011-02-26 15:39 . 2005-05-17 11:37 1986560 ----a-w- f:\windows\system32\NCTAudioFile2.dll 2011-02-26 15:39 . 2011-02-26 15:39 -------- d-----w- f:\programfiler\Mp3 ogg converter 2011-02-21 15:41 . 2011-02-21 15:41 -------- d-----w- f:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Google 2011-02-21 15:37 . 2011-02-21 15:37 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\Temp 2011-02-21 15:36 . 2011-02-21 15:36 -------- d-----w- f:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google 2011-02-21 15:36 . 2011-02-22 15:41 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\Google 2011-02-21 15:36 . 2011-02-21 15:37 -------- d-----w- f:\programfiler\Google 2011-02-20 21:21 . 2011-02-20 21:21 -------- d-----w- f:\programfiler\Fellesfiler\Java 2011-02-16 21:42 . 2011-02-16 21:51 1409 ----a-w- f:\windows\vssetup.for 2011-02-11 19:20 . 2011-02-11 19:40 -------- d-----w- f:\programfiler\wxDev-Cpp . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-12 20:09 . 2009-09-23 09:41 25280 ----a-w- f:\windows\system32\drivers\hamachi.sys 2011-02-26 22:02 . 2009-11-03 18:38 60416 ----a-w- f:\windows\ALCFDRTM.VER 2011-02-02 20:40 . 2010-10-01 16:14 472808 ----a-w- f:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2009-11-04 20:24 73728 ----a-w- f:\windows\system32\javacpl.cpl 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax106.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax105.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax104.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax103.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax102.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax101.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2009-12-16 21:03 . 2009-12-16 21:03 728858 ----a-w- f:\programfiler\Fellesfiler\unins000.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bandwidth Monitor Pro"="f:\progra~1\BANDWI~1\Bandwidth Monitor Pro.exe" [2005-02-16 225280] "msnmsgr"="f:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "DAEMON Tools Lite"="f:\programfiler\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Skype"="f:\programfiler\Skype\Phone\Skype.exe" [2009-04-16 24264488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824] "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Lycosa"="f:\programfiler\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "Adobe Reader Speed Launcher"="f:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="f:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="f:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-10-29 249064] "UfSeAgnt.exe"="f:\programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . f:\documents and settings\RogerE\Start-meny\Programmer\Oppstart\ Dropbox.lnk - f:\documents and settings\RogerE\Programdata\Dropbox\bin\Dropbox.exe [2011-1-27 23361424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- f:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=f:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=f:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\F:^Documents and Settings^RogerE^Start-meny^Programmer^Oppstart^PS3 Media Server.lnk] path=f:\documents and settings\RogerE\Start-meny\Programmer\Oppstart\PS3 Media Server.lnk backup=f:\windows\pss\PS3 Media Server.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 20:43 640376 ----a-w- f:\programfiler\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 00:25 37232 ----a-w- f:\programfiler\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- f:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- f:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2010-04-22 17:59 1221024 ----a-w- f:\programfiler\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist] 2010-05-31 20:38 24576 ----a-w- f:\programfiler\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 08:23 1695232 ------w- f:\programfiler\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- f:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard] 2010-09-02 12:48 108496 ----a-w- f:\programfiler\PC Tools Security\BDT\FGuard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-30 19:50 1242448 ----a-w- g:\spel\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\Programfiler\\Spotify\\spotify.exe"= "g:\\Spel\\Steam\\Steam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Programfiler\\Opera\\opera.exe"= "f:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "f:\\Programfiler\\Opera 10.50 Beta\\opera.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\Programfiler\\uTorrent 1.8.5\\utorrent_1.8.5.exe"= "f:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Programfiler\\FlashFXP 4\\FlashFXP.exe"= "f:\\Programfiler\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"= "f:\\Documents and Settings\\RogerE\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "f:\\WINDOWS\\system32\\PnkBstrA.exe"= "f:\\WINDOWS\\system32\\PnkBstrB.exe"= "g:\\Spel\\Steam\\steamapps\\common\\battlefield 2\\BF2.exe"= "g:\\Spel\\Steam\\steamapps\\common\\battlefield 2\\support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "f:\\Programfiler\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1052:TCP"= 1052:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 PCTCore;PCTools KDS;f:\windows\system32\drivers\PCTCore.sys [01.10.2010 17:03 237632] R0 pctDS;PC Tools Data Store;f:\windows\system32\drivers\pctDS.sys [01.10.2010 17:04 338880] R0 pctEFA;PC Tools Extended File Attributes;f:\windows\system32\drivers\pctEFA.sys [01.10.2010 17:04 656320] R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [04.11.2009 20:26 691696] R2 Browser Defender Update Service;Browser Defender Update Service;f:\programfiler\PC Tools Security\BDT\BDTUpdateService.exe [01.10.2010 17:20 235472] R2 Cerberus FTP Server;Cerberus FTP Server;f:\programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -Service --> f:\programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -Service [?] R2 iPodDrv;iPodDrv;f:\windows\system32\drivers\iPodDrv.sys [10.03.2010 05:00 6656] R2 LBeepKE;LBeepKE;f:\windows\system32\drivers\LBeepKE.sys [30.11.2009 12:40 10384] R2 tmpreflt;tmpreflt;f:\windows\system32\drivers\tmpreflt.sys [06.03.2011 01:45 36432] R3 LycoFltr;Lycosa Keyboard;f:\windows\system32\drivers\Lycosa.sys [01.04.2010 03:02 16896] R3 tmevtmgr;tmevtmgr;f:\windows\system32\drivers\tmevtmgr.sys [06.03.2011 01:51 51792] R3 TmProxy;Trend Micro Proxy Service;f:\programfiler\Trend Micro\Internet Security\TmProxy.exe [06.03.2011 01:51 689416] S2 gupdate;Googles oppdateringstjeneste (gupdate);f:\programfiler\Google\Update\GoogleUpdate.exe [21.02.2011 16:36 136176] S3 ALSysIO;ALSysIO;\??\f:\docume~1\RogerE\LOKALE~1\Temp\ALSysIO.sys --> f:\docume~1\RogerE\LOKALE~1\Temp\ALSysIO.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [04.12.2009 20:30 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [04.12.2009 20:30 8320] S3 PS3 Media Server;PS3 Media Server;f:\programfiler\PS3 Media Server\win32\service\wrapper.exe [13.01.2010 00:24 217088] S3 sdAuxService;PC Tools Auxiliary Service;f:\programfiler\PC Tools Security\pctsAuxs.exe [01.10.2010 17:03 366840] . Contents of the 'Scheduled Tasks' folder . 2011-03-12 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job - f:\programfiler\Google\Update\GoogleUpdate.exe [2011-02-21 15:36] . 2011-03-12 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job - f:\programfiler\Google\Update\GoogleUpdate.exe [2011-02-21 15:36] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - f:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - f:\documents and settings\RogerE\Programdata\Mozilla\Firefox\Profiles\af1e2o32.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.postbanken.no/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programfiler\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: [email protected] - f:\programfiler\Java\jre6\lib\deploy\jqs\ff FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - f:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - f:\programfiler\PC Tools Security\BDT\Firefox FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} . . ------- File Associations ------- . .txt=Notepad++_file . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - f:\programfiler\Vuze_Remote\tbVuze.dll BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - f:\programfiler\Vuze_Remote\tbVuze.dll Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - f:\programfiler\Vuze_Remote\tbVuze.dll ShellIconOverlayIdentifiers-{635321BC-2A08-C524-9530-CCF4213BBB52} - f:\docume~1\RogerE\LOKALE~1\Temp\NFPIMMC.dll HKLM-Run-nwiz - f:\programfiler\NVIDIA Corporation\nView\nwiz.exe HKLM-Run-Resume copy - copyfstq.exe MSConfigStartUp-Aim - f:\programfiler\AIM\aim.exe MSConfigStartUp-LogMeIn Hamachi Ui - f:\programfiler\LogMeIn Hamachi\hamachi-2-ui.exe MSConfigStartUp-sdsetup - f:\documents and settings\RogerE\Skrivebord\sdsetup.exe AddRemove-Achtung, die Kurve! - f:\programfiler\Achtung AddRemove-NVIDIA nView Desktop Manager - f:\programfiler\NVIDIA Corporation\nView\nViewSetup.exe AddRemove-uTorrent - f:\programfiler\uTorrent 1.8.5\uTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-13 00:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f6,38,4a,04,59,b7,94,12,1c,d0,08,75,62,32,0d,0a,13,2f,de,2a,e6,6f,05, 88,38,e3,3c,f6,9e,65,ce,43,e6,55,6a,3f,da,08,39,49,17,1e,12,f2,29,07,15,06,\ "??"=hex:fd,b9,ea,da,72,9d,b6,4e,d3,8a,00,7a,69,b6,f8,64 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(716) f:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll f:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(4076) f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll f:\windows\system32\msi.dll f:\windows\system32\WPDShServiceObj.dll f:\programfiler\Nokia\Nokia PC Suite 7\PhoneBrowser.dll f:\programfiler\Nokia\Nokia PC Suite 7\NGSCM.DLL f:\programfiler\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr f:\programfiler\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . f:\windows\system32\nvsvc32.exe f:\windows\SOUNDMAN.EXE f:\windows\system32\RUNDLL32.EXE f:\programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe f:\programfiler\Java\jre6\bin\jqs.exe f:\windows\system32\PnkBstrA.exe f:\programfiler\Trend Micro\Internet Security\SfCtlCom.exe f:\programfiler\RealVNC\VNC4\WinVNC4.exe f:\programfiler\Skype\Plugin Manager\skypePM.exe f:\windows\system32\taskmgr.exe f:\programfiler\Trend Micro\BM\TMBMSRV.exe f:\programfiler\Winamp\winamp.exe f:\programfiler\Last.fm\LastFM.exe . ************************************************************************** . Completion time: 2011-03-13 00:26:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-12 23:26 . Pre-Run: 12,453,707,776 byte ledig Post-Run: 13,335,650,304 byte ledig . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(5)partition(4)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(5)partition(4)\WINDOWS="Microsoft Windows XP Professional5.4" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 20657277CCDF29AD7E3C742CE8D2E94A MBAM-logg Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 6039 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13/03/2011 00:00:42 mbam-log-2011-03-13 (00-00-42).txt Skanntype: Hurtigsøk Objekter skannet: 157511 Tid tilbakelagt: 6 minutt(er), 5 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 5 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalCopy_1.2_(Luki_Edition)_English (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert f:\WINDOWS\irunin.bmp (Malware.Trace) -> Quarantined and deleted successfully. f:\WINDOWS\irunin.dat (Malware.Trace) -> Quarantined and deleted successfully. f:\WINDOWS\irunin.ini (Malware.Trace) -> Quarantined and deleted successfully. f:\WINDOWS\irunin.lng (Malware.Trace) -> Quarantined and deleted successfully. f:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HJT-logg Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:28:24, on 12/03/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\SOUNDMAN.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\Programfiler\Razer\Lycosa\razerhid.exe F:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe F:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe F:\WINDOWS\system32\ctfmon.exe F:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe F:\Programfiler\Windows Live\Messenger\msnmsgr.exe F:\Programfiler\DAEMON Tools Lite\DTLite.exe F:\Programfiler\Skype\Phone\Skype.exe F:\Documents and Settings\RogerE\Programdata\Dropbox\bin\Dropbox.exe F:\Programfiler\PC Tools Security\BDT\BDTUpdateService.exe F:\Programfiler\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\PnkBstrA.exe F:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe F:\WINDOWS\system32\svchost.exe F:\Programfiler\RealVNC\VNC4\WinVNC4.exe F:\Programfiler\Skype\Plugin Manager\skypePM.exe F:\Documents and Settings\RogerE\Skrivebord\procexp.exe F:\WINDOWS\system32\wuauclt.exe F:\Programfiler\Trend Micro\Internet Security\TmProxy.exe F:\Programfiler\Trend Micro\BM\TMBMSRV.exe F:\Programfiler\Mozilla Firefox\firefox.exe F:\WINDOWS\system32\wuauclt.exe F:\Programfiler\Spotify\spotify.exe F:\Documents and Settings\RogerE\Mine dokumenter\Downloads\HijackThis.exe F:\WINDOWS\system32\winlogon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - F:\Programfiler\Vuze_Remote\tbVuze.dll (file missing) R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - F:\Programfiler\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - F:\Programfiler\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - F:\Programfiler\Fellesfiler\doubleTwist\IEPodcastPlugin.dll O2 - BHO: Bortvalg av informasjonskapsel for annonsering - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - F:\Programfiler\Google\Advertising Cookie Opt-out\opt_out.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - F:\Programfiler\Vuze_Remote\tbVuze.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - F:\Programfiler\Vuze_Remote\tbVuze.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - F:\Programfiler\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] F:\Programfiler\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Lycosa] "F:\Programfiler\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "F:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ufSeAgnt.exe] "F:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bandwidth Monitor Pro] "F:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "F:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programfiler\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "F:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = F:\Documents and Settings\RogerE\Programdata\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - F:\Programfiler\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Cerberus FTP Server - Cerberus, LLC - F:\Programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - F:\Programfiler\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PS3 Media Server - Unknown owner - F:\Programfiler\PS3 Media Server\win32\service\wrapper.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Programfiler\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Programfiler\PC Tools Security\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - F:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - F:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Windows Service Manager (svchost32) - Unknown owner - F:\WINDOWS\system32\DirectX\svchost.exe (file missing) O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - F:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - F:\Programfiler\Trend Micro\Internet Security\TmProxy.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\Programfiler\RealVNC\VNC4\WinVNC4.exe -- End of file - 10106 bytes Edit: La til MBAM og combofix logg. Endret 12. mars 2011 av ventura87 Lenke til kommentar
norbat Skrevet 12. mars 2011 Del Skrevet 12. mars 2011 Se veiledningen og post loggene fra MBAM og Combofix Lenke til kommentar
ventura87 Skrevet 14. mars 2011 Forfatter Del Skrevet 14. mars 2011 (endret) Om ingen får noe ut av loggene, kan noen tipse meg om andre forum hvor det kan være lurt å poste loggene i? Endret 14. mars 2011 av ventura87 Lenke til kommentar
norbat Skrevet 14. mars 2011 Del Skrevet 14. mars 2011 MBAM og CF fjernet noe smårusk. CF-logg ser grei ut. Fortsatt probl? Lenke til kommentar
ventura87 Skrevet 16. mars 2011 Forfatter Del Skrevet 16. mars 2011 Ja, jeg har fremdeles akkurat det samme problemet som før. Det kan virke som om det skjer noe sjeldnere, men er sikkert bare tilfeldig.. Kan det være at det faktisk ikke er et virus? Lenke til kommentar
ventura87 Skrevet 22. mars 2011 Forfatter Del Skrevet 22. mars 2011 Er det ingen som har anelse om hva dette dreier seg om eller hva jeg kan gjøre? Tar gjerne imot linker til andre forum det kan være lurt å poste logger på, håper på å unngå formatering.. Lenke til kommentar
norbat Skrevet 22. mars 2011 Del Skrevet 22. mars 2011 Kunne du ha lastet ned ny combofix og laget ny logg? Lenke til kommentar
ventura87 Skrevet 22. mars 2011 Forfatter Del Skrevet 22. mars 2011 (endret) Kunne du ha lastet ned ny combofix og laget ny logg? Ok, skal fikse ny.. Edit: Ny CF logg: ComboFix 11-03-22.04 - RogerE 22/03/2011 23:29:55.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1044.18.2047.1459 [GMT 1:00] Running from: f:\documents and settings\RogerE\Skrivebord\ComboFix.exe AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} . . ((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 ))))))))))))))))))))))))))))))) . . 2011-03-17 22:59 . 2011-03-17 23:00 -------- d-----w- f:\documents and settings\All Users\Programdata\WinZip 2011-03-13 01:12 . 2011-03-13 01:12 -------- d-----w- f:\programfiler\Privoxy 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\documents and settings\RogerE\Programdata\Malwarebytes 2011-03-12 22:51 . 2010-12-20 17:09 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\documents and settings\All Users\Programdata\Malwarebytes 2011-03-12 22:51 . 2010-12-20 17:08 20952 ----a-w- f:\windows\system32\drivers\mbam.sys 2011-03-12 22:51 . 2011-03-12 22:51 -------- d-----w- f:\programfiler\Malwarebytes' Anti-Malware 2011-03-12 20:10 . 2011-03-12 20:53 -------- d-----w- f:\documents and settings\RogerE\Programdata\Hamachi 2011-03-12 20:09 . 2011-03-12 20:10 -------- d-----w- f:\programfiler\Hamachi 2011-03-06 00:51 . 2010-07-19 18:03 59472 ----a-w- f:\windows\system32\drivers\tmactmon.sys 2011-03-06 00:51 . 2010-07-19 18:03 51792 ----a-w- f:\windows\system32\drivers\tmevtmgr.sys 2011-03-06 00:49 . 2011-03-06 04:04 -------- d-----w- f:\documents and settings\All Users\Programdata\Trend Micro 2011-03-06 00:48 . 2011-03-06 00:51 -------- d-----w- f:\programfiler\Trend Micro 2011-03-06 00:45 . 2010-07-19 18:02 163408 ----a-w- f:\windows\system32\drivers\tmcomm.sys 2011-03-06 00:45 . 2010-07-30 17:29 249424 ----a-w- f:\windows\system32\drivers\tmxpflt.sys 2011-03-06 00:45 . 2010-07-30 17:29 36432 ----a-w- f:\windows\system32\drivers\tmpreflt.sys 2011-03-06 00:45 . 2010-07-30 17:06 1331512 ----a-w- f:\windows\system32\drivers\vsapint.sys 2011-03-06 00:43 . 2011-03-06 00:43 661808 ----a-w- f:\windows\system32\UfWSC.cpl 2011-03-06 00:43 . 2011-03-06 00:43 89872 ----a-w- f:\windows\system32\drivers\tmtdi.sys 2011-03-04 23:53 . 2011-03-04 23:53 -------- d-----w- f:\programfiler\Fellesfiler\Skype 2011-03-04 23:53 . 2011-03-04 23:53 -------- d-----r- f:\programfiler\Skype 2011-03-01 15:57 . 2011-03-02 18:20 234536 ----a-w- f:\windows\system32\PnkBstrB.xtr 2011-03-01 15:57 . 2011-03-01 15:57 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\PunkBuster 2011-03-01 11:39 . 2011-03-01 11:39 -------- d-----w- f:\programfiler\GameSpy 2011-03-01 11:38 . 2011-03-02 17:58 138520 ----a-w- f:\windows\system32\drivers\PnkBstrK.sys 2011-03-01 11:38 . 2011-03-01 19:35 139152 ----a-w- f:\documents and settings\RogerE\Programdata\PnkBstrK.sys 2011-03-01 11:38 . 2011-03-01 11:38 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\GameSpy 2011-03-01 11:38 . 2011-03-02 18:20 234536 ----a-w- f:\windows\system32\PnkBstrB.exe 2011-03-01 11:38 . 2011-03-01 11:38 794408 ----a-w- f:\windows\system32\Pbsvc.exe 2011-03-01 11:38 . 2011-03-01 11:38 75064 ----a-w- f:\windows\system32\PnkBstrA.exe 2011-02-26 15:39 . 2011-02-26 15:39 -------- d-----w- f:\documents and settings\RogerE\Programdata\Free MP3 WMA OGG Converter 2011-02-26 15:39 . 2005-04-25 12:01 458752 ----a-w- f:\windows\system32\NCTAudioRecord2.dll 2011-02-26 15:39 . 2005-04-25 12:01 458752 ----a-w- f:\windows\system32\NCTAudioPlayer2.dll 2011-02-26 15:39 . 2005-02-24 10:51 348160 ----a-w- f:\windows\system32\NCTWMAFile2.dll 2011-02-26 15:39 . 2005-05-18 10:52 1212416 ----a-w- f:\windows\system32\NCTAudioInformation2.dll 2011-02-26 15:39 . 2005-05-17 11:37 1986560 ----a-w- f:\windows\system32\NCTAudioFile2.dll 2011-02-26 15:39 . 2011-02-26 15:39 -------- d-----w- f:\programfiler\Mp3 ogg converter 2011-02-21 15:41 . 2011-02-21 15:41 -------- d-----w- f:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Google 2011-02-21 15:37 . 2011-02-21 15:37 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\Temp 2011-02-21 15:36 . 2011-02-21 15:36 -------- d-----w- f:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google 2011-02-21 15:36 . 2011-02-22 15:41 -------- d-----w- f:\documents and settings\RogerE\Lokale innstillinger\Programdata\Google 2011-02-21 15:36 . 2011-02-21 15:37 -------- d-----w- f:\programfiler\Google . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-12 20:09 . 2009-09-23 09:41 25280 ----a-w- f:\windows\system32\drivers\hamachi.sys 2011-02-26 22:02 . 2009-11-03 18:38 60416 ----a-w- f:\windows\ALCFDRTM.VER 2011-02-16 21:51 . 2011-02-16 21:42 1409 ----a-w- f:\windows\vssetup.for 2011-02-02 20:40 . 2010-10-01 16:14 472808 ----a-w- f:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2009-11-04 20:24 73728 ----a-w- f:\windows\system32\javacpl.cpl 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax106.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax105.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax104.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax103.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax102.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2011-01-13 16:58 . 2011-01-13 16:58 331776 ----a-r- f:\documents and settings\RogerE\Programdata\Microsoft\Installer\{F20AE04A-3FDC-4A14-A90B-85DEE2812030}\sammax101.exe_F20AE04A3FDC4A14A90B85DEE2812030.exe 2009-12-16 21:03 . 2009-12-16 21:03 728858 ----a-w- f:\programfiler\Fellesfiler\unins000.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bandwidth Monitor Pro"="f:\progra~1\BANDWI~1\Bandwidth Monitor Pro.exe" [2005-02-16 225280] "msnmsgr"="f:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "DAEMON Tools Lite"="f:\programfiler\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Skype"="f:\programfiler\Skype\Phone\Skype.exe" [2009-04-16 24264488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824] "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Lycosa"="f:\programfiler\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "Adobe Reader Speed Launcher"="f:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="f:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="f:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-10-29 249064] "UfSeAgnt.exe"="f:\programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . f:\documents and settings\RogerE\Start-meny\Programmer\Oppstart\ Dropbox.lnk - f:\documents and settings\RogerE\Programdata\Dropbox\bin\Dropbox.exe [2011-1-27 23361424] Winamp.lnk - f:\programfiler\Winamp\winamp.exe [2010-7-12 1592672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- f:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=f:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=f:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\F:^Documents and Settings^RogerE^Start-meny^Programmer^Oppstart^PS3 Media Server.lnk] path=f:\documents and settings\RogerE\Start-meny\Programmer\Oppstart\PS3 Media Server.lnk backup=f:\windows\pss\PS3 Media Server.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 20:43 640376 ----a-w- f:\programfiler\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 00:25 37232 ----a-w- f:\programfiler\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- f:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- f:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2010-04-22 17:59 1221024 ----a-w- f:\programfiler\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist] 2010-05-31 20:38 24576 ----a-w- f:\programfiler\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 08:23 1695232 ------w- f:\programfiler\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- f:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard] 2010-09-02 12:48 108496 ----a-w- f:\programfiler\PC Tools Security\BDT\FGuard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-30 19:50 1242448 ----a-w- g:\spel\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\Programfiler\\Spotify\\spotify.exe"= "g:\\Spel\\Steam\\Steam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Programfiler\\Opera\\opera.exe"= "f:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "f:\\Programfiler\\Opera 10.50 Beta\\opera.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\Programfiler\\uTorrent 1.8.5\\utorrent_1.8.5.exe"= "f:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Programfiler\\FlashFXP 4\\FlashFXP.exe"= "f:\\Programfiler\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"= "f:\\Documents and Settings\\RogerE\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "f:\\WINDOWS\\system32\\PnkBstrA.exe"= "f:\\WINDOWS\\system32\\PnkBstrB.exe"= "g:\\Spel\\Steam\\steamapps\\common\\battlefield 2\\BF2.exe"= "g:\\Spel\\Steam\\steamapps\\common\\battlefield 2\\support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "f:\\Programfiler\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1052:TCP"= 1052:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 PCTCore;PCTools KDS;f:\windows\system32\drivers\PCTCore.sys [01.10.2010 17:03 237632] R0 pctDS;PC Tools Data Store;f:\windows\system32\drivers\pctDS.sys [01.10.2010 17:04 338880] R0 pctEFA;PC Tools Extended File Attributes;f:\windows\system32\drivers\pctEFA.sys [01.10.2010 17:04 656320] R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [04.11.2009 20:26 691696] R2 Browser Defender Update Service;Browser Defender Update Service;f:\programfiler\PC Tools Security\BDT\BDTUpdateService.exe [01.10.2010 17:20 235472] R2 Cerberus FTP Server;Cerberus FTP Server;f:\programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -Service --> f:\programfiler\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -Service [?] R2 iPodDrv;iPodDrv;f:\windows\system32\drivers\iPodDrv.sys [10.03.2010 05:00 6656] R2 LBeepKE;LBeepKE;f:\windows\system32\drivers\LBeepKE.sys [30.11.2009 12:40 10384] R2 tmpreflt;tmpreflt;f:\windows\system32\drivers\tmpreflt.sys [06.03.2011 01:45 36432] R3 LycoFltr;Lycosa Keyboard;f:\windows\system32\drivers\Lycosa.sys [01.04.2010 03:02 16896] S2 gupdate;Googles oppdateringstjeneste (gupdate);f:\programfiler\Google\Update\GoogleUpdate.exe [21.02.2011 16:36 136176] S3 ALSysIO;ALSysIO;\??\f:\docume~1\RogerE\LOKALE~1\Temp\ALSysIO.sys --> f:\docume~1\RogerE\LOKALE~1\Temp\ALSysIO.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [04.12.2009 20:30 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [04.12.2009 20:30 8320] S3 PS3 Media Server;PS3 Media Server;f:\programfiler\PS3 Media Server\win32\service\wrapper.exe [13.01.2010 00:24 217088] S3 sdAuxService;PC Tools Auxiliary Service;f:\programfiler\PC Tools Security\pctsAuxs.exe [01.10.2010 17:03 366840] S3 tmevtmgr;tmevtmgr;f:\windows\system32\drivers\tmevtmgr.sys [06.03.2011 01:51 51792] S3 TmProxy;Trend Micro Proxy Service;f:\programfiler\Trend Micro\Internet Security\TmProxy.exe [06.03.2011 01:51 689416] . Contents of the 'Scheduled Tasks' folder . 2011-03-22 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job - f:\programfiler\Google\Update\GoogleUpdate.exe [2011-02-21 15:36] . 2011-03-22 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job - f:\programfiler\Google\Update\GoogleUpdate.exe [2011-02-21 15:36] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Append Link Target to Existing PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - f:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - f:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - f:\documents and settings\RogerE\Programdata\Mozilla\Firefox\Profiles\af1e2o32.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.postbanken.no/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programfiler\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - f:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: [email protected] - f:\programfiler\Java\jre6\lib\deploy\jqs\ff FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - f:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - f:\programfiler\PC Tools Security\BDT\Firefox FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} . . ------- File Associations ------- . .txt=Notepad++_file . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-22 23:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-343818398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f6,38,4a,04,59,b7,94,12,1c,d0,08,75,62,32,0d,0a,13,2f,de,2a,e6,6f,05, 88,38,e3,3c,f6,9e,65,ce,43,e6,55,6a,3f,da,08,39,49,17,1e,12,f2,29,07,15,06,\ "??"=hex:fd,b9,ea,da,72,9d,b6,4e,d3,8a,00,7a,69,b6,f8,64 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(716) f:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll f:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(608) f:\documents and settings\RogerE\Programdata\Dropbox\bin\DropboxExt.14.dll f:\windows\system32\msi.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-03-22 23:37:35 ComboFix-quarantined-files.txt 2011-03-22 22:37 ComboFix2.txt 2011-03-12 23:26 . Pre-Run: 12,423,528,448 byte ledig Post-Run: 12,446,494,720 byte ledig . - - End Of File - - 66EFE43C436AA22EB3FA5D1286A755E8 Endret 22. mars 2011 av ventura87 Lenke til kommentar
ventura87 Skrevet 3. april 2011 Forfatter Del Skrevet 3. april 2011 Anyone? Har fremdeles samme problemet, prøver å unngå formatering om mulig. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå