Mr.Anki Skrevet 3. april 2008 Del Skrevet 3. april 2008 Hei. Jeg har et stk. Malware og et stk. Adware på maskinen som ikke XoftSpy får fjernet. Nanvene er: FunWebProducts - Adware Aornum - Malware Legger ved en hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:25, on 03.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TouchKit\xTouchMon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\XoftSpy\XoftSpy.exe C:\Users\Andreas\Desktop\Test.exe C:\Windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClearTKHandle] C:\Program Files\TouchKit\ClearTKHandle.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user') O4 - Global Startup: LaunchTouchMon.lnk = C:\Program Files\TouchKit\LaunchTouchMon.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 6991 bytes Mvh Mr.Anki Lenke til kommentar
norbat Skrevet 3. april 2008 Del Skrevet 3. april 2008 Se i legg til/fjern programmer om du har noe relatert til: My Web Search Aornum Post en combofix-logg: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Mr.Anki Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 Ingen tegn til de nevnte tingene i legg til/fjern programmer. combofix-logg: ComboFix 08-04-03.3 - Andreas 2008-04-03 21:27:27.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.1154 [GMT 2:00] Running from: C:\Users\Andreas\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\npf.sys C:\Windows\system32\packet.dll C:\Windows\system32\pthreadVC.dll C:\Windows\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))) . 2008-03-27 17:09 . 2008-03-27 17:09 <DIR> d-------- C:\Program Files\TouchKit 2008-03-27 17:09 . 2007-01-10 17:30 93,568 -r------- C:\Windows\System32\drivers\EGXFilter.sys 2008-03-27 17:09 . 2007-02-11 13:00 88,192 -ra------ C:\Windows\System32\drivers\xTouch.sys 2008-03-27 17:09 . 2007-02-11 13:01 82,304 -r------- C:\Windows\System32\drivers\SerTouch.sys 2008-03-27 17:09 . 2006-11-26 14:43 1,108 -r------- C:\Windows\System32\Touchkit_reg.ini 2008-03-27 17:00 . 2008-03-27 17:00 <DIR> d-------- C:\Users\All Users\AppData 2008-03-27 17:00 . 2008-03-27 17:00 <DIR> d-------- C:\ProgramData\AppData 2008-03-26 13:12 . 2008-03-26 13:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Users\All Users\Apple 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\ProgramData\Apple Computer 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\ProgramData\Apple 2008-03-20 15:57 . 2008-03-20 15:58 <DIR> d-------- C:\Program Files\QuickTime 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-15 00:48 . 2008-04-03 09:25 <DIR> d-------- C:\Users\Andreas\AppData\Roaming\AVG7 2008-03-15 00:46 . 2008-03-15 00:46 9,216 --a------ C:\Windows\System32\avgwlntf.dll 2008-03-15 00:45 . 2008-03-15 00:45 <DIR> d-------- C:\Users\All Users\Grisoft 2008-03-15 00:45 . 2008-04-01 15:16 <DIR> d-------- C:\Users\All Users\avg7 2008-03-15 00:45 . 2008-03-15 00:45 <DIR> d-------- C:\ProgramData\Grisoft 2008-03-15 00:45 . 2008-04-01 15:16 <DIR> d-------- C:\ProgramData\avg7 2008-03-14 19:46 . 2008-03-14 19:46 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-14 19:14 . 2008-03-14 19:48 <DIR> d-------- C:\Program Files\ESET 2008-03-12 11:51 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 11:51 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 19:02 --------- d-----w C:\ProgramData\OrdnettPluss 2008-04-01 10:28 192,425 ----a-w C:\Users\Andreas\AppData\Roaming\nvModes.dat 2008-03-29 23:21 --------- d-----w C:\Users\Andreas\AppData\Roaming\mIRC 2008-03-29 17:16 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-29 17:16 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-27 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 14:07 --------- d-----w C:\Users\Andreas\AppData\Roaming\Skype 2008-03-26 14:04 --------- d-----w C:\Users\Andreas\AppData\Roaming\skypePM 2008-03-17 11:00 --------- d-----w C:\Program Files\Java 2008-03-16 10:58 --------- d-----w C:\Program Files\Net Tools 2008-03-12 15:29 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 13:55 --------- d-----w C:\Program Files\Yahoo! 2008-03-10 09:42 --------- d-----w C:\Users\Andreas\AppData\Roaming\OpenOffice.org2 2008-02-29 07:00 --------- d-----w C:\ProgramData\Symantec 2008-02-28 13:10 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-26 13:41 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-26 13:41 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-26 13:37 --------- d-----w C:\ProgramData\Skype 2008-02-26 13:37 --------- d-----w C:\Program Files\Skype 2008-02-26 13:37 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-25 10:38 --------- d-----w C:\Program Files\AMIS 2008-02-24 04:52 --------- d-----w C:\Program Files\oDC 2008-02-23 20:16 --------- d-----w C:\ProgramData\DAEMON Tools Pro 2008-02-23 20:16 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-02-23 20:15 --------- d-----w C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro 2008-02-23 20:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-23 20:02 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-02-22 22:51 --------- d-----w C:\Program Files\Lavasoft 2008-02-22 15:18 --------- d-----w C:\Users\Andreas\AppData\Roaming\Leadertech 2008-02-22 15:14 --------- d-----w C:\Program Files\NovaLogic 2008-02-20 16:30 --------- d-----w C:\Users\Andreas\AppData\Roaming\Hamachi 2008-02-14 17:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-14 10:00 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 10:00 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 09:56 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 09:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 09:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 09:56 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 09:56 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 09:56 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 09:56 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 09:55 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 09:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 09:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 09:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 09:55 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 09:55 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 09:55 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 09:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 09:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 09:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 09:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 09:52 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 09:52 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 09:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 09:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-06 20:22 --------- d-----w C:\Program Files\DivX 2008-02-06 20:12 --------- d-----w C:\Program Files\CCleaner 2008-02-06 17:38 --------- d-----w C:\Program Files\SpeedFan 2008-02-05 15:07 --------- d-----w C:\ProgramData\NVIDIA 2008-02-05 13:39 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-04 11:52 --------- d-----w C:\Users\Andreas\AppData\Roaming\Mathsoft 2008-02-04 11:52 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-04 11:19 --------- d-----w C:\Program Files\Mathcad 2008-02-02 12:45 11,167,560 ----a-w C:\Users\Public\CoD4MW-1.4-1.5MP-PatchSetup.exe 2008-01-29 21:15 73,216 ----a-w C:\Windows\ST6UNST.EXE 2008-01-29 21:15 249,856 ------w C:\Windows\Setup1.exe 2008-01-20 12:59 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-01-20 12:59 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-01-18 08:42 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-01-18 08:31 22,328 ----a-w C:\Users\Andreas\AppData\Roaming\PnkBstrK.sys 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-09 20:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-08-29 19:28 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104] "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-08-27 18:05 33136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 14:19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 14:19 8478720] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 14:19 81920] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 00:52 579072] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "ClearTKHandle"="C:\Program Files\TouchKit\ClearTKHandle.exe" [2007-04-01 12:35 118784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 00:46 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 13:04 190696] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ LaunchTouchMon.lnk - C:\Program Files\TouchKit\LaunchTouchMon.exe [2008-03-27 17:09:33 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-03-15 00:46 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiSpywareOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{E6CEB5E1-CFAD-4FE2-B2D4-B1B9D6762146}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{77E952ED-E73F-457F-91E2-1718AC82A6B0}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{2C769A7B-38A1-4D28-98F7-186BB44CC263}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{AEDCDBF5-B41D-4681-9DCF-00F189C56C96}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{380B96A4-4514-4BC1-8C32-039B7B5BE37A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{266B4B39-5B9B-43BF-A659-6F278BC1FC5F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{CB7CC546-D9F0-4439-BAFA-2FEADD3958E0}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{794E8BC9-49DF-4731-AEA7-8BD1FB20B25D}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{B3595B26-EAFB-4CAA-ACEF-996030B4CDF9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{BD0143A9-293A-4C6A-8760-2692DE507474}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{06D7F0CA-3D64-4572-9755-213A93407B1B}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{363F2F45-D24A-4611-AE5E-163E306D2AA8}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{8EB7DCEA-AC32-487E-B6EA-0BFE1BFF163F}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited "UDP Query User{B9BABC52-0441-40DF-A9B9-CAB54BC07EB1}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited "TCP Query User{3DFC63FA-0288-432B-BE65-725E9B4147EE}D:\\nedlasting\\tmu-dtn\\crack\\tmunited.exe"= UDP:D:\nedlasting\tmu-dtn\crack\tmunited.exe:TmUnited "UDP Query User{3A1DDB8D-CD73-4852-A505-F2CCD0128EB5}D:\\nedlasting\\tmu-dtn\\crack\\tmunited.exe"= TCP:D:\nedlasting\tmu-dtn\crack\tmunited.exe:TmUnited "TCP Query User{7418C933-2D37-4F16-8C0B-65FE13FE1702}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E32A8C73-309B-4527-80D5-EE117CB396A3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{6085FE74-A4B7-4AF7-B767-1F0C36E4301D}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{FECE0D53-CB82-4400-9F2B-8B4112F4382B}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{A56C213E-938E-4F03-865E-6D233179B455}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{5DDC93A1-1983-4638-A750-D1CCD7D4D3A0}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "{9109F058-D910-494E-A54E-B584CCFB59FB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{E481644F-0491-4A0F-ADC7-6874CED9A70C}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood "UDP Query User{CF27548B-2EA2-411B-A26B-7A27E53EC5CE}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood "TCP Query User{2A0E1FA2-46C1-4C02-BC8E-4C38618B1A10}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{F8AC05BA-F63F-4694-BA37-4A1C874928F8}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{9A9CBE1C-4FCE-41FC-AFEC-8FEEF006F18B}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe: "UDP Query User{0B7571FA-228F-4EA8-AB76-721BB6C5D90A}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe: "TCP Query User{4A8A56EF-80FD-474F-8A23-FC477C37026D}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{A301C07F-36DB-4E57-92E1-59EBA8A53FE0}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{DE9C3E79-7422-4204-B276-A8C599D438F2}D:\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:D:\lierox v0.56 pack 1.9\lierox.exe:LieroX "UDP Query User{D40A1C7B-C564-4B3C-BB57-B7635D4D1A45}D:\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:D:\lierox v0.56 pack 1.9\lierox.exe:LieroX "TCP Query User{7A7AF514-0EF2-4ECD-AF3D-B94389095468}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{ADBA0000-C37A-45D4-9F36-765D04905D66}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{A8985AC8-FAF4-406C-89D3-6BDA32BA6B97}D:\\wormsarm\\worms armageddon.exe"= UDP:D:\wormsarm\worms armageddon.exe:Worms Armageddon "UDP Query User{0D6E52F5-99F3-45DF-BEBB-8EBA2F908E68}D:\\wormsarm\\worms armageddon.exe"= TCP:D:\wormsarm\worms armageddon.exe:Worms Armageddon "TCP Query User{58AA335D-4571-4409-8050-5379EDA15460}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{30183503-84FE-44DA-B709-A6A82350D7C8}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9EA2B16F-16EC-484D-89AF-4D1E403B4D9A}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{AB458E5B-593A-4C34-BA65-8EE27F5DA401}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{E4A4A147-CEDC-4381-B6DA-15AA15BC9B9A}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{BA4C88CF-43B8-4D00-94D1-0FC111F664DE}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{6D46F997-90BF-4835-B6F3-A1D11B0BBD9A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{ED80860C-51A6-4EB3-B974-5A41C26C04D4}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "{F2D52E06-64CF-4A9E-A6FB-63BEB64DF761}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{DEA5B7EE-DD09-402F-AB14-27A4F99E9DCE}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{0379555C-4D2A-4AD7-80C3-27222D38AC1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9355EBD1-B9A8-44AD-992D-BD7CA13B0CC0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{37924614-9FA8-4391-BD4D-771CCF97C6D2}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{FEA3237A-D281-4B7D-9E6C-FC5F4397B0F0}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{8CF25352-26DB-459F-8CD9-DE77495CC8B0}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{5318C7DD-2711-4E27-B7AF-2AC543917087}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{1D077765-204D-4EB3-8DC1-92233B9C4F31}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "UDP Query User{1C7E0BFE-3277-4DE6-8C94-41F68C1B088E}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "TCP Query User{F137FE86-BE12-4787-A1E0-488F08F82C85}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{9111A37B-2939-40F7-A210-426E11AEA4E8}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{105690E6-1A09-48D5-9DD5-FE8EF31DF12C}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server "UDP Query User{AF5FD973-2D1B-4D41-BF15-F17423A2E12D}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server "{E2528FA5-9A35-49F7-9DD7-961D4606B7A6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{81FCB046-35DF-47B7-B92C-162614183A10}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{E0755A38-11EF-418D-8F96-D04025AC6ACD}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited "UDP Query User{42096DD4-DA50-4519-A1C8-C37A8C8E04AA}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited "{9253BB6B-8137-493A-9A47-19594C05C5D9}"= UDP:D:\SPILL\Battlefield 2\BF2.exe:Battlefield 2 "{E5FCC8AC-EA6C-4E5E-807E-BCDA985C146E}"= TCP:D:\SPILL\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{592876B2-99AF-4F70-9086-C925854E709D}D:\\spill\\joint ops\\jointops.exe"= UDP:D:\spill\joint ops\jointops.exe:Jointops "UDP Query User{73E18206-522C-4FB9-8EAA-F2E845431AB2}D:\\spill\\joint ops\\jointops.exe"= TCP:D:\spill\joint ops\jointops.exe:Jointops "TCP Query User{04A3A259-7902-41BC-9C78-81BFE7B505B7}C:\\program files\\odc\\odc.exe"= UDP:C:\program files\odc\odc.exe:oDC "UDP Query User{98D5ACE9-FD6B-4B8A-A5B3-4D8FA011FBEE}C:\\program files\\odc\\odc.exe"= TCP:C:\program files\odc\odc.exe:oDC "TCP Query User{00F1430E-16EB-4DCD-8B8E-FA18705401C2}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{F288E471-34FF-4437-A004-9E65757039FE}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{4B2CFFB9-F2FD-4517-A23D-19EE461ECF10}D:\\spill\\far cry\\bin32\\farcry.exe"= UDP:D:\spill\far cry\bin32\farcry.exe:Far Cry "UDP Query User{706939BC-F527-42AD-B272-E6095FDA6B08}D:\\spill\\far cry\\bin32\\farcry.exe"= TCP:D:\spill\far cry\bin32\farcry.exe:Far Cry "TCP Query User{6B5D19B5-E21A-490E-B95E-EB3827992B37}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{9DFB351D-10A5-40E0-A61B-B3000600A852}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{3AF9BF46-E672-4B8B-8B6E-CFBDB52641EE}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{DD880BFF-2AD0-4839-8B5F-C8319F9F3AF6}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-15 18:14] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40] R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 15:37] S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStrap.sys [2007-10-30 20:05] S3 EGXFilter;EGXFilter;C:\Windows\system32\drivers\egxfilter.sys [2007-01-10 17:30] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 01:00] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19] S3 xTouch;xTouch;C:\Windows\system32\DRIVERS\xtouch.sys [2007-02-11 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98af368e-e24a-11dc-8e6f-d3e593a73710}] \shell\AutoRun\command - F:\autorun\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c028baa1-54b0-11dc-a77c-806e6f6e6963}] \shell\AutoRun\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-04-03 08:10:00 C:\Windows\Tasks\Oppdater Ordnett Pluss.job" - C:\Program Files\Kunnskapsforlaget\Ordnett Pluss\updater.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 21:31:59 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\PnkBstrA.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TouchKit\xTouchMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2008-04-03 21:35:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-03 19:35:25 Pre-Run: 6,035,673,088 byte ledig Post-Run: 6,508,433,408 byte ledig . 2008-04-02 16:10:30 --- E O F --- Lenke til kommentar
norbat Skrevet 3. april 2008 Del Skrevet 3. april 2008 Kjør en ny scan med XoftSpy, og se om det fortsatt finner malwaren. Hvis, hvor i såfall skal dette ligge? Lenke til kommentar
Mr.Anki Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 Har kjørt en runde med XoftSpy nå, og da fant den ingenting Lenke til kommentar
Gjest medlem-105082 Skrevet 3. april 2008 Del Skrevet 3. april 2008 http://www.adwarereport.com/mt/archives/000014.html http://www.spywaredaily.com/rogue_antispyware/index.html Verdt å slese litt om. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå