Er jeg blitt infisert?

Sewero · 11. juni 2008

Da mener jeg at jeg fått noe grums igjen, å sitte på nett nå er helt sirup.

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:22:17, on 11.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\winudmr.exe

C:\WINDOWS\system32\svho.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe

O4 - HKLM\..\Run: [system Service Manager Device] svho.exe

O4 - HKLM\..\RunServices: [system Service Manager Device] svho.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211802700858

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--

End of file - 5547 bytes

Combofix:

ComboFix 08-06-10.1 - Rancerz 2008-06-11 6:29:41.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1591 [GMT 2:00]

Running from: C:\Documents and Settings\Rancerz\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))

.

2008-06-10 21:10 . 2008-06-10 21:10 29,334 -r-hs---- C:\WINDOWS\winudmr.exe

2008-06-06 06:16 . 2007-04-03 13:59 100,360 -ra------ C:\WINDOWS\system32\drivers\s616mgmt.sys

2008-06-06 06:16 . 2007-04-03 13:59 99,080 -ra------ C:\WINDOWS\system32\drivers\s616unic.sys

2008-06-06 06:16 . 2007-04-03 13:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys

2008-06-06 06:16 . 2007-04-03 13:59 23,176 -ra------ C:\WINDOWS\system32\drivers\s616nd5.sys

2008-06-06 06:16 . 2007-04-03 13:59 11,016 -ra------ C:\WINDOWS\system32\drivers\s616cr.sys

2008-06-05 16:42 . 2007-04-03 13:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys

2008-06-05 16:42 . 2007-04-03 13:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys

2008-06-05 16:42 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys

2008-06-05 16:42 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys

2008-06-05 16:40 . 2007-04-03 13:59 83,208 -ra------ C:\WINDOWS\system32\drivers\s616bus.sys

2008-06-05 16:40 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616whnt.sys

2008-06-05 16:40 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616wh.sys

2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-06-05 11:22 . 2008-06-05 11:23 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared

2008-06-05 11:20 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-06-05 11:20 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-03 20:08 . 2008-06-09 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited

2008-06-03 18:57 . 2008-06-03 18:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-03 18:53 . 2008-06-03 18:53 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\DAEMON Tools

2008-06-03 18:53 . 2008-06-03 18:53 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-03 17:05 . 2008-06-03 17:05 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\Teleca

2008-06-03 17:05 . 2008-06-03 17:05 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\Sony Ericsson

2008-06-03 17:05 . 2008-06-03 17:05 <DIR> d-------- C:\Documents and Settings\Henrik

2008-06-02 06:27 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys

2008-06-02 06:27 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys

2008-06-02 06:27 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys

2008-06-02 06:27 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys

2008-06-02 06:27 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys

2008-06-02 06:27 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys

2008-06-02 06:27 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys

2008-06-02 06:26 . 2008-06-06 06:17 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\Teleca

2008-06-02 06:26 . 2008-06-02 06:26 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\Sony Ericsson

2008-06-02 06:23 . 2008-06-05 11:21 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-06-02 06:20 . 2008-06-02 06:20 <DIR> d-------- C:\Program Files\Disc2Phone

2008-06-02 06:12 . 2008-06-02 06:13 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-06-02 04:41 . 2008-06-02 04:41 <DIR> d-------- C:\Program Files\TuneXP

2008-06-02 04:41 . 2008-06-02 04:41 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-06-02 04:31 . 2008-06-02 04:44 <DIR> d-------- C:\Program Files\Yahoo!

2008-06-02 04:31 . 2008-06-02 04:31 <DIR> d-------- C:\Program Files\CCleaner

2008-06-02 00:54 . 2008-06-02 00:54 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-02 00:50 . 2008-06-02 00:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-01 23:46 . 2008-06-01 23:46 <DIR> d-------- C:\Program Files\Alwil Software

2008-06-01 00:43 . 2008-06-01 00:43 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-31 22:22 . 2008-05-31 22:22 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-05-31 22:22 . 2008-05-31 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-05-31 15:00 . 2008-05-31 15:04 1,188 --a------ C:\WINDOWS\ImpTableL.bin

2008-05-31 14:35 . 2008-06-11 06:11 <DIR> d-------- C:\Program Files\Steam

2008-05-30 20:20 . 2004-10-08 13:54 1,206,272 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2008-05-30 20:20 . 2004-10-08 13:58 585,824 -ra------ C:\WINDOWS\system32\drivers\lvcm.sys

2008-05-30 20:20 . 2004-10-08 14:00 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll

2008-05-30 20:20 . 2004-10-08 13:56 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll

2008-05-30 20:20 . 2004-10-08 13:55 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll

2008-05-30 20:20 . 2004-10-08 13:52 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll

2008-05-30 20:20 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-05-30 20:20 . 2008-04-13 20:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-05-30 20:20 . 2004-10-08 13:57 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2008-05-30 20:20 . 2004-10-08 12:52 6,812 -ra------ C:\WINDOWS\system32\lvcoinst.ini

2008-05-30 20:10 . 2008-05-30 20:10 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-05-30 20:10 . 2004-10-08 12:23 282,624 --a------ C:\WINDOWS\system32\camcpl.cpl

2008-05-30 20:10 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2008-05-30 20:09 . 2008-05-30 20:09 <DIR> d-------- C:\Program Files\Logitech

2008-05-30 06:07 . 2008-04-14 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-29 21:42 . 2008-05-29 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData

2008-05-29 21:36 . 2008-05-31 22:25 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-05-29 21:36 . 2008-05-29 21:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-05-29 07:15 . 2008-06-02 06:40 <DIR> d-------- C:\Program Files\Unlocker

2008-05-28 22:35 . 2008-05-29 22:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-05-28 06:01 . 2008-05-28 06:01 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-27 09:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-27 09:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-27 09:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-27 06:51 . 2008-05-31 20:13 362 --a------ C:\WINDOWS\system\cmicnfg.ini

2008-05-27 06:46 . 2008-05-27 06:47 <DIR> d-------- C:\Program Files\EVEREST Ultimate Edition

2008-05-27 06:18 . 2006-08-25 05:47 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-05-27 06:18 . 2006-08-25 05:47 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-05-27 06:18 . 2006-08-25 05:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-05-27 06:18 . 2006-08-25 05:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\WINDOWS\Sun

2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\SystemRequirementsLab

2008-05-26 19:51 . 2008-05-26 19:51 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-05-26 19:17 . 2008-05-26 19:17 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\vlc

2008-05-26 19:16 . 2008-05-26 19:16 <DIR> d-------- C:\Program Files\VideoLAN

2008-05-26 18:42 . 2008-06-10 21:40 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\LimeWire

2008-05-26 18:40 . 2008-05-26 18:40 <DIR> d-------- C:\Program Files\Java

2008-05-26 18:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-26 18:39 . 2008-05-26 18:43 <DIR> d-------- C:\Program Files\LimeWire

2008-05-26 18:39 . 2008-05-26 18:39 <DIR> d-------- C:\Program Files\Common Files\Java

2008-05-26 18:36 . 2008-05-26 18:36 <DIR> d-------- C:\Documents and Settings\Rancerz\Contacts

2008-05-26 18:34 . 2008-05-26 18:34 172 --ah----- C:\sqmnoopt01.sqm

2008-05-26 18:34 . 2008-05-26 18:34 172 --ah----- C:\sqmdata01.sqm

2008-05-26 18:33 . 2008-05-26 18:33 268 --ah----- C:\sqmdata00.sqm

2008-05-26 18:33 . 2008-05-26 18:33 244 --ah----- C:\sqmnoopt00.sqm

2008-05-26 18:26 . 2008-06-05 11:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-26 18:25 . 2008-05-26 18:26 <DIR> d-------- C:\Program Files\Windows Live

2008-05-26 18:25 . 2008-05-26 18:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-26 18:25 . 2008-05-26 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\MSN6

2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

2008-05-26 16:09 . 2008-05-26 16:09 <DIR> d-------- C:\Program Files\uTorrent

2008-05-26 16:09 . 2008-06-10 22:11 <DIR> d-------- C:\Documents and Settings\Rancerz\Application Data\uTorrent

2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\WINDOWS\system32\en

2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-26 12:58 . 2008-04-14 02:11 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-30 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-30 18:02 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-27 04:43 --------- d-----w C:\Program Files\Winamp

2008-05-26 15:02 128,512 ----a-w C:\WINDOWS\system32\msiexec.exe

2008-05-26 11:15 --------- d-----w C:\Program Files\ATI Technologies

2008-05-26 11:09 --------- d-----w C:\Program Files\Marvell

2008-05-26 11:02 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 03:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys

2008-04-13 18:43 12,800 ------w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys

2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys

2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys

2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys

2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys

2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06 196608]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-31 14:35 1271032]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38 35328]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]

"Windows Controls Center"="winudmr.exe" [2008-06-10 21:10 29334 C:\WINDOWS\winudmr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360]

C:\Documents and Settings\Rancerz\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Steam\\steamapps\\hax2themax\\counter-strike\\hl.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"D:\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TestDriveUnlimited.exe"=

"C:\\WINDOWS\\system32\\svho.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 18:56]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 06:30:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-11 6:31:27

ComboFix-quarantined-files.txt 2008-06-11 04:31:24

Pre-Run: 129,710,981,120 bytes free

Post-Run: 129,710,739,456 bytes free

276 --- E O F --- 2008-06-03 20:36:48

norbat · 11. juni 2008

Det kan virke som om MSN-ormen er aktiv på din pc?, så før vi gjør noe annet, kan du kjøre en full scan med gratisversjonene til SAS.

Post deretter en ny combofix-logg sammen med loggen fra SAS (preferences->statistics/logs)

Sewero · 11. juni 2008

Var på msn jeg fikk viruset ja, var i forkledning som ett bilde.

Sewero · 11. juni 2008

125 tracking cookies kom ut ifra den scannen.

Sewero · 11. juni 2008

Hjalp ikke noe det der, prøvd å skanne flere ganger, blir bare fler og fler cookies selv om jeg sletter dem..

Nå klikker pc-en innimellom og Hjelp meg !

snippsat · 11. juni 2008

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe

O4 - HKLM\..\Run: [system Service Manager Device] svho.exe

O4 - HKLM\..\RunServices: [system Service Manager Device] svho.exe

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

File::

C:\WINDOWS\winudmr.exe

C:\WINDOWS\system32\svho.exe

Restart og ny hjt-logg

cookies selv om jeg sletter dem..

Dette er normalt alle sider du er inne på legger stort sett igjen cookies.

Si når du kommer til hw.no så trenger du ikke logge på hver gang.

Da har hw.no lagd igjen en cookie som ordner det.

Endret 11. juni 2008 av SNIPPSAT

Sewero · 13. juni 2008

Min nyeste logg.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:12:37, on 13.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\uTorrent\uTorrent.exe