(løst) fant disse i hijackthis , problem å slette?

[Tosha0007]

Fant disse i en hijackthis logg, etter å søkt på www.hijackthis.de/en ser eg at dei er farlege.

 

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\VEITEB~1\AppData\Local\Temp\iiFxVMgF.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\VEITEB~1\AppData\Local\Temp\wvUljJdd.dll,c

O4 - HKCU\..\Run: [bMe7ad1b21] Rundll32.exe "C:\Users\VEITEB~1\AppData\Local\Temp\ymhutlul.dll",s

 

Det skal ikkje vera noko problem å fjerne desse vell? Resten av loggen var grei, har sjekka den sjølv og sett mot andre innlegg.

Endret 12. juni 2008 av tosha0007

[snippsat]

Du kan fjerne dem.

 

Denne infeksjonen ligger det nok mer som ikke er synling i hjt.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[Tosha0007]

Desse to forsvann etter eg hadde køyrd virus og spyware søk:

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\VEITEB~1\AppData\Local\Temp\iiFxVMgF.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\VEITEB~1\AppData\Local\Temp\wvUljJdd.dll,c

 

Den siste sletta eg.

 

Her kjem HiJackThis og Combofix log

Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-06-10.5 - Veiteberg 2008-06-12 14:18:53.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.1361 [GMT 2:00]

Running from: C:\Users\Veiteberg\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))

.

 

 

2008-06-12 14:17 . 2008-06-12 14:18 <DIR> d-------- C:\327882R2FWJFW

2008-06-12 13:41 . 2008-06-12 13:41 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\Users\Veiteberg\AppData\Roaming\SUPERAntiSpyware.com

2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-06-12 12:47 . 2008-06-12 12:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-12 12:41 . 2008-06-12 12:41 <DIR> d-------- C:\Users\All Users\Avira

2008-06-12 12:41 . 2008-06-12 12:41 <DIR> d-------- C:\ProgramData\Avira

2008-06-12 12:41 . 2008-06-12 12:41 <DIR> d-------- C:\Program Files\Avira

2008-06-11 18:01 . 2008-05-30 14:11 3,850,760 --a------ C:\Windows\System32\D3DX9_38.dll

2008-06-11 18:01 . 2008-05-30 14:11 1,491,992 --a------ C:\Windows\System32\D3DCompiler_38.dll

2008-06-11 18:01 . 2008-05-30 14:19 507,400 --a------ C:\Windows\System32\XAudio2_1.dll

2008-06-11 18:01 . 2008-05-30 14:11 467,984 --a------ C:\Windows\System32\d3dx10_38.dll

2008-06-11 18:01 . 2008-05-30 14:18 238,088 --a------ C:\Windows\System32\xactengine3_1.dll

2008-06-11 18:01 . 2008-05-30 14:17 65,032 --a------ C:\Windows\System32\XAPOFX1_0.dll

2008-06-11 18:01 . 2008-05-30 14:17 25,608 --a------ C:\Windows\System32\X3DAudio1_4.dll

2008-06-11 16:40 . 2008-06-11 17:35 <DIR> d-------- C:\Program Files\UEFA EURO 2008

2008-06-08 14:00 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-08 14:00 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-06-06 21:20 . 2008-06-06 21:20 <DIR> d-------- C:\Windows\System32\URTTEMP

2008-06-06 21:18 . 2008-06-06 21:18 669,184 --a------ C:\Windows\System32\pbsvc.exe

2008-06-06 21:18 . 2008-06-06 21:18 22,328 --a------ C:\Users\Veiteberg\AppData\Roaming\PnkBstrK.sys

2008-06-03 17:49 . 2008-06-03 17:49 <DIR> d-------- C:\Users\All Users\Codemasters

2008-06-03 17:49 . 2008-06-03 17:49 <DIR> d-------- C:\ProgramData\Codemasters

2008-06-03 17:44 . 2008-06-03 17:44 <DIR> d-------- C:\Program Files\OpenAL

2008-06-03 17:44 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll

2008-06-03 17:44 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll

2008-06-03 17:44 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpA871.tmp

2008-06-03 17:44 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpA7E3.tmp

2008-06-03 17:44 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll

2008-06-03 17:44 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll

2008-06-03 17:44 . 2008-06-03 17:44 444,952 --a------ C:\Windows\System32\wrap_oal.dll

2008-06-03 17:44 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll

2008-06-03 17:44 . 2008-06-03 17:44 109,080 --a------ C:\Windows\System32\OpenAL32.dll

2008-06-03 17:44 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll

2008-05-26 12:04 . 2008-05-26 12:04 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys

2008-05-26 12:04 . 2008-05-26 12:04 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

2008-05-26 12:02 . 2007-07-27 03:07 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-05-26 12:02 . 2007-07-27 04:17 36,864 --a------ C:\Windows\System32\cdd.dll

2008-05-26 11:45 . 2008-05-26 11:45 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro

2008-05-26 11:45 . 2008-05-26 11:45 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro

2008-05-26 11:42 . 2008-05-26 11:45 <DIR> d-------- C:\Program Files\DAEMON Tools Pro

2008-05-25 22:55 . 2008-05-25 22:55 <DIR> d-------- C:\Program Files\Google

2008-05-21 23:31 . 2008-06-06 23:15 228,957,380 --a------ C:\Windows\MEMORY.DMP

2008-05-15 23:07 . 2008-05-15 23:07 <DIR> d-------- C:\Users\Veiteberg\AppData\Roaming\GetRightToGo

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-12 10:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-06-12 10:42 --------- d-----w C:\Program Files\Opera

2008-06-12 10:34 --------- d-----w C:\ProgramData\avg7

2008-06-11 15:39 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\AVG7

2008-06-11 15:02 --------- d-----w C:\Program Files\Windows Mail

2008-06-08 22:13 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\LimeWire

2008-06-07 23:32 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\uTorrent

2008-06-06 21:23 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-06 19:18 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-06-06 19:18 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-06-06 19:09 --------- d-----w C:\Program Files\Electronic Arts

2008-06-03 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-30 16:58 --------- d---a-w C:\ProgramData\TEMP

2008-05-24 21:46 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-24 21:46 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-05-08 21:09 --------- d-----w C:\Program Files\MonkeyBongo

2008-04-30 20:21 --------- d--h--w C:\Program Files\Zero G Registry

2008-04-30 20:10 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\Sports Interactive

2008-04-29 18:22 --------- d-----w C:\Program Files\Common Files\INCA Shared

2008-04-29 15:57 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-04-27 12:07 --------- d-----w C:\ProgramData\TrackMania

2008-04-27 01:48 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\dvdcss

2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 22:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-25 22:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-25 22:36 --------- d-----w C:\Program Files\PowerISO

2008-04-25 15:08 --------- d-----w C:\Program Files\PhotoFiltre

2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll

2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-04-13 01:02 --------- d-----w C:\Users\Veiteberg\AppData\Roaming\Ubisoft

2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll

2007-11-08 18:44 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"MSConfig"="C:\Windows\system32\MSCONFIG.exe" [2006-11-02 11:45 222208]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]

"DudeServer"="C:\Program Files\Dude\dude.exe" [ ]

"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 06:22 2476408]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\D - Link\BTTray.exe [2004-11-30 14:30:00 565309]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4205623839-2239377388-2034239936-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{97C09C83-8465-463B-991D-246F218E00DD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{676480C6-6BB2-4ACF-9AB3-55FAD196A6EB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{339D73F9-F8F5-417A-8481-BE0378623459}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{2D7C0F76-FC5D-4D17-A09B-CC4A54CC9B84}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BE5CE25D-8B7E-4346-9DDF-18DBB8DCCF19}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8D0D2B2E-D4F9-4FD8-B2E6-6B06776BE3FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{C7C4EE01-3A51-4B07-AD8F-3341D9A6880C}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{C91B88F2-41E1-4341-8E6E-2FAECDE05CEC}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser

"TCP Query User{BE535868-E95B-419F-928C-5F61C4BDC154}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{079BEE92-0DDC-479D-8EC4-8B1FACB04ACE}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{7F5B145D-F6C2-46B1-BF2B-CF85725B16FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{9E03953E-3C49-46E5-A46E-1F8D93E13C7A}C:\\program files\\thq\\company of heroes\\bugreport\\bugreport.exe"= UDP:C:\program files\thq\company of heroes\bugreport\bugreport.exe:BugReport

"UDP Query User{0F788570-E24B-4AA8-AD99-6B74F74B8040}C:\\program files\\thq\\company of heroes\\bugreport\\bugreport.exe"= TCP:C:\program files\thq\company of heroes\bugreport\bugreport.exe:BugReport

"TCP Query User{DF7A196E-4988-484B-8AC2-CC7EEAA7326E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{9B9379C5-D125-4002-ADB1-47CC92A7904C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{4DC570FB-60EF-4A4B-A611-FFADADD563B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{E3EF5AD3-C71D-43C9-B4F1-05A5B01E53DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{6D5091C5-F7BD-4DED-B22B-02FF9B8F8FA7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{84D45B5D-1C56-425C-AD0E-9F8A8A8644DC}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{37CA0EBC-456D-4BA3-95F8-09B28D9EDCD7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{EBFFF983-61A0-4674-92CE-78B65E496726}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{B9056C9E-4BB7-476E-82C2-BF022917A68B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{E6903BB9-C14C-405E-BCC8-496BC9A3D65F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{40938EA3-EE7C-461F-9DD7-C74ADCB7E41B}C:\\users\\veiteberg\\desktop\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:C:\users\veiteberg\desktop\ghost recon advanced warfighter 2\graw2.exe:graw2.exe

"UDP Query User{4DAF840B-202C-48A9-BE99-07DEC1B229C7}C:\\users\\veiteberg\\desktop\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:C:\users\veiteberg\desktop\ghost recon advanced warfighter 2\graw2.exe:graw2.exe

"{80E9D7FC-64B6-4337-84E1-560F4F041F22}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{EBF66EF7-4996-491A-9EDA-55F8B37F30AA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{F3DCF0A4-84C4-4248-848A-7A45E0C6585E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{CFC42C42-F805-4E71-9BF2-E4935B95CC61}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{756F1434-1738-49C5-9270-7D6929BB1E07}C:\\users\\veiteberg\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\veiteberg\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{51BC0058-A32B-49FF-85CD-0C40491921DC}C:\\users\\veiteberg\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\veiteberg\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{145DBFF5-8AA6-4300-912B-E50D479F2C39}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{E97D9D3A-FD39-4788-9B0C-E2C56A09F2B2}D:\\programfiler\\maclan\\flatout 2\\flatout2.exe"= UDP:D:\programfiler\maclan\flatout 2\flatout2.exe:FlatOut2

"UDP Query User{5295A705-E32C-4769-9759-9A69CCC37BAB}D:\\programfiler\\maclan\\flatout 2\\flatout2.exe"= TCP:D:\programfiler\maclan\flatout 2\flatout2.exe:FlatOut2

"TCP Query User{884CC6D4-6B1D-4640-A966-9B550F324B93}D:\\programfiler\\maclan\\half-life (alternativ 1)\\cstrike.exe"= UDP:D:\programfiler\maclan\half-life (alternativ 1)\cstrike.exe:CounterStrike Launcher

"UDP Query User{77CD792E-C5F4-433A-B741-D1D163B14BCC}D:\\programfiler\\maclan\\half-life (alternativ 1)\\cstrike.exe"= TCP:D:\programfiler\maclan\half-life (alternativ 1)\cstrike.exe:CounterStrike Launcher

"TCP Query User{ACE0CB3D-450D-4974-B155-036997B36458}D:\\spill\\insane\\game.exe"= UDP:D:\spill\insane\game.exe:INSANE

"UDP Query User{2E7AAA14-3614-45B7-B76F-A8FF89C94407}D:\\spill\\insane\\game.exe"= TCP:D:\spill\insane\game.exe:INSANE

"TCP Query User{5F6F0BE5-7EEB-4EF2-8712-51F50C5DABD4}D:\\programfiler\\maclan\\counter-strike source\\hl2.exe"= UDP:D:\programfiler\maclan\counter-strike source\hl2.exe:hl2

"UDP Query User{B92B1DEC-BA38-4611-8BF4-163D867B3B74}D:\\programfiler\\maclan\\counter-strike source\\hl2.exe"= TCP:D:\programfiler\maclan\counter-strike source\hl2.exe:hl2

"TCP Query User{25293D65-D429-4CD7-ABE3-18D399AA0CAD}D:\\programfiler\\maclan\\empire earth\\empire earth.exe"= UDP:D:\programfiler\maclan\empire earth\empire earth.exe:Empire Earth

"UDP Query User{5BAE5247-33A6-4FE0-95C9-DEF224FE944A}D:\\programfiler\\maclan\\empire earth\\empire earth.exe"= TCP:D:\programfiler\maclan\empire earth\empire earth.exe:Empire Earth

"TCP Query User{37203FDC-A6CD-4D42-BA38-EC32A5AB0646}D:\\programfiler\\maclan\\lierox\\lierox.exe"= UDP:D:\programfiler\maclan\lierox\lierox.exe:LieroX

"UDP Query User{38950BC5-3C8D-41F3-BC79-C33B795AFD99}D:\\programfiler\\maclan\\lierox\\lierox.exe"= TCP:D:\programfiler\maclan\lierox\lierox.exe:LieroX

"TCP Query User{3C5BCFD2-F661-4754-A4B7-EE3399A99499}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{EEB28EF5-8C4B-47DD-B5B5-0FECF0C11FEF}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser

"TCP Query User{1D4C3136-C385-44BA-88AF-DBA89ED45A68}D:\\spill\\trackmania\\trackmania nations eswc\\tmnationseswc.exe"= UDP:D:\spill\trackmania\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"UDP Query User{41EC4813-E8E5-44C6-91DE-2C6FDB02E076}D:\\spill\\trackmania\\trackmania nations eswc\\tmnationseswc.exe"= TCP:D:\spill\trackmania\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"TCP Query User{9048F6B0-FD56-424D-A63D-39C6E3E820B1}D:\\spill\\track mania sunrise\\trackmania sunrise extreme demo\\tmsunriseextremedemo.exe"= UDP:D:\spill\track mania sunrise\trackmania sunrise extreme demo\tmsunriseextremedemo.exe:TmSunriseExtremeDemo

"UDP Query User{CFD44715-793B-4807-9752-8D0BB71315AD}D:\\spill\\track mania sunrise\\trackmania sunrise extreme demo\\tmsunriseextremedemo.exe"= TCP:D:\spill\track mania sunrise\trackmania sunrise extreme demo\tmsunriseextremedemo.exe:TmSunriseExtremeDemo

"TCP Query User{82A1F14C-9955-41F2-8BE5-C46E5ED5F3E6}D:\\programfiler\\maclan\\battlfield 1942\\bf1942.exe"= UDP:D:\programfiler\maclan\battlfield 1942\bf1942.exe:BF1942

"UDP Query User{26298D5B-F93C-4302-83B2-423FB0B11A45}D:\\programfiler\\maclan\\battlfield 1942\\bf1942.exe"= TCP:D:\programfiler\maclan\battlfield 1942\bf1942.exe:BF1942

"TCP Query User{ABB0F720-658D-4F86-A92C-4F10D8F6900A}D:\\spill\\trackmania orginal demo\\trackmania original demo\\tmoriginaldemo.exe"= UDP:D:\spill\trackmania orginal demo\trackmania original demo\tmoriginaldemo.exe:TmOriginalDemo

"UDP Query User{83EBDE93-F0F2-45C6-88A7-694F2DECC77B}D:\\spill\\trackmania orginal demo\\trackmania original demo\\tmoriginaldemo.exe"= TCP:D:\spill\trackmania orginal demo\trackmania original demo\tmoriginaldemo.exe:TmOriginalDemo

"TCP Query User{30DC86B1-EB26-455E-8300-9CD97E63FC10}C:\\users\\veiteberg\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\veiteberg\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{B9903CD7-439B-4DF0-AEF7-5F1CE62381E4}C:\\users\\veiteberg\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\veiteberg\program files\utorrent\utorrent.exe:utorrent.exe

"{E77FCD6E-9EC5-4BBA-AEF6-1799B12C9FEB}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{7D4F5F32-7C24-447D-AD1C-C80ED154DB94}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{DEACA9C6-D662-4C95-9B02-6790056B6217}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

"{B4F7D44F-382D-44A3-8886-12BF08EF0E5A}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

"TCP Query User{85521F9B-5D9E-4102-86BB-C4947C0E3749}D:\\programfiler\\maclan\\swat 4\\contentexpansion\\system\\swat4x.exe"= UDP:D:\programfiler\maclan\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate

"UDP Query User{BFD94CD7-A521-4E8C-BB7A-4CE35971A84D}D:\\programfiler\\maclan\\swat 4\\contentexpansion\\system\\swat4x.exe"= TCP:D:\programfiler\maclan\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate

"TCP Query User{2F187223-4861-4DAD-BC75-0361F955EAA7}D:\\programfiler\\maclan\\warsow\\warsow.exe"= UDP:D:\programfiler\maclan\warsow\warsow.exe:Warsow

"UDP Query User{4A5A22D1-66EB-4AD3-BFD6-17DF5E64EF28}D:\\programfiler\\maclan\\warsow\\warsow.exe"= TCP:D:\programfiler\maclan\warsow\warsow.exe:Warsow

"TCP Query User{71477768-17FA-4DC8-B2E5-EB349D826292}C:\\program files\\limewire pro\\limewire\\limewire.exe"= UDP:C:\program files\limewire pro\limewire\limewire.exe:LimeWire

"UDP Query User{3D2056E0-75AB-48AE-983D-E592D1572325}C:\\program files\\limewire pro\\limewire\\limewire.exe"= TCP:C:\program files\limewire pro\limewire\limewire.exe:LimeWire

"TCP Query User{5F5B3BF0-5B83-4890-AB6C-142AE579FE68}C:\\users\\veiteberg\\desktop\\spel\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:C:\users\veiteberg\desktop\spel\ghost recon advanced warfighter 2\graw2.exe:graw2.exe

"UDP Query User{8451C556-C9FB-47EB-B301-A5804325BC5C}C:\\users\\veiteberg\\desktop\\spel\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:C:\users\veiteberg\desktop\spel\ghost recon advanced warfighter 2\graw2.exe:graw2.exe

"TCP Query User{5917E2F4-8155-4875-90F4-1E9D7657858A}D:\\spill\\trackmania forever\\tmnationsforever\\tmforever.exe"= UDP:D:\spill\trackmania forever\tmnationsforever\tmforever.exe:tmforever.exe

"UDP Query User{7B3ED0C9-238E-4220-AA99-E421DFE4D7D0}D:\\spill\\trackmania forever\\tmnationsforever\\tmforever.exe"= TCP:D:\spill\trackmania forever\tmnationsforever\tmforever.exe:tmforever.exe

"TCP Query User{B81DC0F6-AF2D-40BC-9BF0-398B7C4A035D}D:\\spill\\track mania nations forever\\tmnationsforever\\tmforever.exe"= UDP:D:\spill\track mania nations forever\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{8E247F03-398A-4A6A-83B3-3605991925FC}D:\\spill\\track mania nations forever\\tmnationsforever\\tmforever.exe"= TCP:D:\spill\track mania nations forever\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{31D0BB58-8D22-4049-8A2D-20AB7834C1AC}C:\\program files\\dude\\dudes.exe"= UDP:C:\program files\dude\dudes.exe:dudes

"UDP Query User{4D8824E6-50EF-4715-A153-0948DEC356FD}C:\\program files\\dude\\dudes.exe"= TCP:C:\program files\dude\dudes.exe:dudes

"TCP Query User{44064A66-B3E6-44AB-9003-E491CC28E940}C:\\program files\\dude\\dudes.exe"= UDP:C:\program files\dude\dudes.exe:dudes

"UDP Query User{27081D33-977B-444E-BE0F-9E155FBD29E7}C:\\program files\\dude\\dudes.exe"= TCP:C:\program files\dude\dudes.exe:dudes

"TCP Query User{3B0E8A4F-E7C2-4D02-96D0-41F5AC8D6991}C:\\users\\veiteberg\\desktop\\lan\\lanhelper\\lanhelper.exe"= UDP:C:\users\veiteberg\desktop\lan\lanhelper\lanhelper.exe:lanhelper.exe

"UDP Query User{4D362328-A2F6-4527-9C1B-87266FC0F4FF}C:\\users\\veiteberg\\desktop\\lan\\lanhelper\\lanhelper.exe"= TCP:C:\users\veiteberg\desktop\lan\lanhelper\lanhelper.exe:lanhelper.exe

"{5AB30EAF-FEEF-460A-A4D8-363511D26E49}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{8E7153E0-670E-4ECA-8C55-FBD480E2A78C}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{3BD40448-23C9-4274-8F4C-3F0740E3BFC0}"= C:\Users\Veiteberg\Desktop\Spel\C&C3\RetailExe\1.2\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{A3308097-2B83-404E-BC3C-5721B89ABE26}"= UDP:D:\Spill\Grid\GRID.exe:GRID

"{6CCB3EF6-2E3A-4937-B19C-B7E3ADAD2BD8}"= TCP:D:\Spill\Grid\GRID.exe:GRID

"{8E430AD6-56FC-4705-B550-33F6881C7249}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{42B590A8-2711-4A2C-817B-15F64ED5F680}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{CD4338A0-05AF-49F9-B3E1-592AF853203D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{55F2F286-A5F7-4E62-AB98-3B01159AE903}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\AutoRunCD.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a4889ae-9f42-11dc-83aa-001731e1dd14}]

\shell\AutoRun\command - G:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b5180e-a502-11dc-a511-001731e1dd14}]

\shell\AutoRun\command - WD_Windows_Tools\setup.exe

 

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER

*Newly Created Service* - CATCHME

*Newly Created Service* - SSMDRV

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-12 14:22:03

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-12 14:22:58

ComboFix-quarantined-files.txt 2008-06-12 12:22:42

 

Pre-Run: 30,778,105,856 byte ledig

Post-Run: 31,539,634,176 byte ledig

 

247 --- E O F --- 2008-06-11 14:31:17

HiJackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:39, on 12.06.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\D - Link\BTTray.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yasp.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\MSCONFIG.exe" /auto

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [DudeServer] C:\Program Files\Dude\dude.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\D - Link\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\D - Link\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 7324 bytes

Endret 12. juni 2008 av tosha0007

[snippsat]

Ja ser bra ut dette.

 

Folder og filer du kan slette.

C:\327882R2FWJFW

C:\Windows\System32\tmpA871.tmp

C:\Windows\System32\tmpA7E3.tmp

 

Start->kjør->combofix /u

Systemgjenopprettingsmappa nullstiltes.

 

Surf trygt.

Endret 12. juni 2008 av SNIPPSAT

[Tosha0007]

Både eg og kompisen min (hans pc) sier tusen takk

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

-Surf trygt-