Trainman Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 (endret) Var så dum å installere et program lastet ned fra piratebay. Da fikk jeg en mengde gruff på maskinen og det var alt fra trojanere til smitfrauds og virtumundoinfeksjoner. Har kjørt Combofix, SAS, AdAware, og Spybot S&D. flere ganger, men vil gjerne ha en expertuttalelse. Har ikke tid til å finne ut hvordan man pakker mye tekst i Vis/skjul, så her er loggen i fullskala: ComboFix 08-06-20.4 - Erling 2008-06-24 15:56:12.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1129 [GMT 2:00] Running from: D:\Nedlastinger\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))) . 2008-06-24 00:54 . 2008-06-24 00:54 <DIR> d-------- C:\Program Files\InterMute 2008-06-23 23:05 . 2008-06-23 23:42 <DIR> d--h-c--- C:\$AVG8.VAULT$ 2008-06-23 23:02 . 2008-06-24 08:08 <DIR> d-------- C:\Windows\System32\drivers\Avg 2008-06-23 23:02 . 2008-06-23 23:02 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-06-23 23:01 . 2008-06-23 23:01 <DIR> d-------- C:\Program Files\AVG 2008-06-23 23:01 . 2008-06-23 23:01 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-06-23 22:52 . 2008-06-23 22:56 354 ---hs---- C:\Windows\System32\cmnwsgcc.ini 2008-06-23 22:21 . 2008-06-24 00:47 <DIR> d-------- C:\Users\LogMeInRemoteUser 2008-06-23 22:20 . 2008-06-23 22:20 185 --a------ C:\Windows\wininit.ini 2008-06-23 21:41 . 2008-06-23 21:41 0 --a------ C:\Windows\LogMeIn_uninstall_reboot 2008-06-23 21:37 . 2008-06-23 23:42 <DIR> d-------- C:\Program Files\Sacor 2008-06-23 21:32 . 2008-06-23 21:32 321,536 --------- C:\Windows\System32\fccbYSIB.dll_old 2008-06-23 21:28 . 2008-06-23 21:28 <DIR> d----c--- C:\temp\itmp4 2008-06-23 21:21 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000002.regtrans-ms 2008-06-23 21:21 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000001.regtrans-ms 2008-06-23 21:21 . 2008-06-23 21:21 262,144 --a------ C:\Users\LOGMEI~2 2008-06-23 21:21 . 2008-06-23 21:21 65,536 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TM.blf 2008-06-23 21:21 . 2008-06-23 21:21 5,120 --ah----- C:\Users\LOGMEI~2.LOG1 2008-06-23 21:21 . 2008-06-23 21:21 0 --ah----- C:\Users\LOGMEI~2.LOG2 2008-06-23 21:20 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000002.regtrans-ms 2008-06-23 21:20 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000001.regtrans-ms 2008-06-23 21:20 . 2008-06-23 21:21 65,536 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TM.blf 2008-06-23 21:20 . 2008-06-23 21:21 8,192 --a------ C:\Users\LOGMEI~1 2008-06-23 21:20 . 2008-06-23 21:21 5,120 --ah----- C:\Users\LOGMEI~1.LOG1 2008-06-23 21:20 . 2008-06-23 21:20 0 --ah----- C:\Users\LOGMEI~1.LOG2 2008-06-23 21:07 . 2008-06-23 21:10 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-06-23 21:07 . 2008-06-23 21:10 <DIR> d-------- C:\ProgramData\Lavasoft 2008-06-18 21:48 . 2008-06-18 21:48 <DIR> d-------- C:\Users\Erling\dwhelper 2008-06-17 18:33 . 2008-06-17 18:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-06-17 18:17 . 2008-06-17 18:17 <DIR> d-------- C:\Users\Erling\AppData\Roaming\Media Player Classic 2008-06-16 21:08 . 2008-06-16 23:17 <DIR> d-------- C:\Users\Erling\.housecall6.6 2008-06-14 09:55 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-14 09:55 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-14 09:55 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-14 09:55 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-06 21:09 . 2008-06-06 21:09 <DIR> d-------- C:\Users\All Users\UltiDev 2008-06-06 21:09 . 2008-06-06 21:09 <DIR> d-------- C:\ProgramData\UltiDev 2008-06-06 21:09 . 2008-06-17 19:02 <DIR> d-------- C:\Program Files\UltiDev 2008-06-06 21:05 . 2008-06-06 21:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-06-05 23:59 . 2008-06-05 23:59 <DIR> d-------- C:\Windows\nvidia icons 2008-06-04 21:06 . 2008-06-04 21:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-02 23:16 . 2008-06-02 23:16 <DIR> d-------- C:\Users\All Users\LogMeIn 2008-06-02 23:16 . 2008-06-02 23:16 <DIR> d-------- C:\ProgramData\LogMeIn 2008-06-02 23:16 . 2008-05-28 12:32 87,352 --a------ C:\Windows\System32\LMIinit.dll 2008-06-02 23:16 . 2008-05-28 12:33 83,288 --a------ C:\Windows\System32\LMIRfsClientNP.dll 2008-06-02 23:16 . 2008-03-07 13:39 45,848 --a------ C:\Windows\System32\drivers\LMIRfsDriver.sys 2008-06-02 23:16 . 2008-05-28 12:33 24,608 --a------ C:\Windows\System32\LMIport.dll 2008-06-02 23:16 . 2008-06-02 23:16 1,024 --a--c--- C:\.rnd 2008-06-01 20:52 . 2008-06-01 20:52 <DIR> d-------- C:\Users\Erling\AppData\Roaming\AccurateRip 2008-06-01 00:27 . 2008-06-01 00:27 <DIR> d-------- C:\Program Files\CDBurnerXP 2008-06-01 00:11 . 2008-06-08 18:49 <DIR> d-------- C:\Users\Erling\AppData\Roaming\CDBurnerXP_Soft 2008-05-28 21:33 . 2008-05-28 21:33 <DIR> d-------- C:\Program Files\Sun 2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\Windows\System32\lmimirr.dll 2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\Windows\System32\lmimirr2.dll 2008-05-28 06:03 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 06:03 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-05-25 23:08 . 2008-06-23 20:34 <DIR> d-------- C:\Users\Erling\AppData\Roaming\dvdcss . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-23 21:01 --------- d-----w C:\ProgramData\Avg8 2008-06-23 19:53 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-06-23 19:22 --------- d-----w C:\Users\Erling\AppData\Roaming\uTorrent 2008-06-23 19:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-23 10:54 --------- d-----w C:\Program Files\Launch Manager 2008-06-22 18:37 106,366 ----a-w C:\Users\Erling\AppData\Roaming\nvModes.dat 2008-06-19 19:33 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-06-11 12:08 --------- d-----w C:\Program Files\Windows Mail 2008-06-06 19:06 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-01 16:37 --------- d-----w C:\Users\Erling\AppData\Roaming\FrostWire 2008-05-31 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 15:27 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-23 20:33 --------- d-----w C:\ProgramData\Forge of Games 2008-05-23 19:57 --------- d-----w C:\Users\Erling\AppData\Roaming\Astro Gemini Software 2008-05-23 19:55 --------- d-----w C:\Program Files\3D-ScreenSaver-Download 2008-05-22 20:30 --------- d-----w C:\ProgramData\Elaborate Bytes 2008-05-21 11:00 --------- d-----w C:\Program Files\NCH Software 2008-05-21 10:58 --------- d-----w C:\ProgramData\NCH Software 2008-05-21 10:41 --------- d-----w C:\ProgramData\NCH Swift Sound 2008-05-21 10:40 27,136 ----a-w C:\Windows\system32\drivers\nchssvad.sys 2008-05-21 10:40 --------- d-----w C:\Users\Erling\AppData\Roaming\NCH Swift Sound 2008-05-21 10:19 --------- d-----w C:\Program Files\Pinnacle 2008-05-20 19:40 --------- d-----w C:\Users\Erling\AppData\Roaming\CyberLink 2008-05-20 19:40 --------- d-----w C:\ProgramData\CyberLink 2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-08 20:58 --------- d-----w C:\Users\Erling\AppData\Roaming\Azureus 2008-05-08 12:02 9,728 ----a-w C:\Windows\System32\BsMonUI.dll 2008-05-08 12:02 57,430 ----a-w C:\Windows\System32\btfunc.dll 2008-05-08 12:02 405,589 ----a-w C:\Windows\System32\BsUI.dll 2008-05-08 12:02 278,647 ----a-w C:\Windows\System32\outlookAddin.dll 2008-05-08 12:02 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll 2008-05-08 12:01 622,693 ----a-w C:\Windows\System32\BSShell.dll 2008-05-08 12:01 540,758 ----a-w C:\Windows\System32\Bscdlg.dll 2008-05-08 12:01 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll 2008-05-08 12:01 114,788 ----a-w C:\Windows\System32\BsProfileFunc.dll 2008-05-08 12:01 114,774 ----a-w C:\Windows\System32\versit.dll 2008-05-08 12:00 94,314 ----a-w C:\Windows\System32\BsHelpCSps.dll 2008-05-08 12:00 516,211 ----a-w C:\Windows\System32\BlueSoleilCSps.dll 2008-05-08 12:00 143,450 ----a-w C:\Windows\System32\BsCommon.dll 2008-05-08 11:59 98,403 ----a-w C:\Windows\System32\Bs2Res.dll 2008-05-08 11:59 28,766 ----a-w C:\Windows\System32\PlayerCtrl.dll 2008-05-08 11:59 221,268 ----a-w C:\Windows\System32\BsSDK.dll 2008-05-08 11:58 28,760 ----a-w C:\Windows\System32\BsTrace.dll 2008-05-08 11:58 28,672 ----a-w C:\Windows\System32\BsMobileCSps.dll 2008-05-08 11:58 118,880 ----a-w C:\Windows\System32\BsMobileSDK.dll 2008-05-07 18:58 --------- d-----w C:\Users\Erling\AppData\Roaming\DeepBurner 2008-05-07 14:44 --------- d-----w C:\ProgramData\NtiDvdCopy 2008-05-07 07:55 767,488 ----a-w C:\Windows\system32\drivers\athr.sys 2008-05-06 07:23 --------- d-----w C:\Users\Erling\AppData\Roaming\ImgBurn 2008-05-05 16:52 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-04 22:18 --------- d-----w C:\Users\Erling\AppData\Roaming\vlc 2008-05-03 19:51 --------- d-----w C:\ProgramData\Google Updater 2008-05-03 19:50 --------- d-----w C:\Program Files\Google 2008-05-02 12:23 --------- d-----w C:\Program Files\AMG 2008-05-01 21:57 --------- d-----w C:\Users\Erling\AppData\Roaming\SUPERAntiSpyware.com 2008-05-01 21:57 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-05-01 21:35 118 ----a-w C:\Users\Erling\AppData\Roaming\wklnhst.dat 2008-05-01 14:11 --------- d-----w C:\Users\Erling\AppData\Roaming\PeerNetworking 2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\nvuninst.exe 2008-04-29 19:25 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-04-29 19:25 --------- d-----w C:\Users\Erling\AppData\Roaming\DAEMON Tools 2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS 2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys 2008-04-28 09:23 --------- d-----w C:\ProgramData\Atheros 2008-04-28 09:23 --------- d-----w C:\Program Files\Atheros 2008-04-28 09:04 --------- d-----w C:\Users\Erling\AppData\Roaming\InstallShield 2008-04-28 09:04 --------- d-----w C:\Program Files\Intel 2008-04-27 17:28 --------- d-----w C:\ProgramData\WindowsSearch 2008-04-27 06:54 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-26 13:30 --------- d-----w C:\Program Files\GPLGS 2008-04-26 13:29 --------- d-----w C:\Program Files\Acro Software 2008-04-26 12:27 --------- d-----w C:\ProgramData\Azureus 2008-04-26 11:52 174 --sha-w C:\Program Files\desktop.ini 2008-04-26 11:46 --------- d-----w C:\ProgramData\Avanquest Bluetooth SDK 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Journal 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Defender 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Calendar 2008-04-26 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-26 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-26 09:49 --------- d-----w C:\ProgramData\Sony Ericsson 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 11:59 --------- d-----w C:\Program Files\Common Files\Java 2008-04-25 09:53 988,216 ----a-w C:\Windows\System32\winload.exe 2008-04-25 09:53 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-04-25 09:53 615,992 ----a-w C:\Windows\System32\ci.dll 2008-04-25 09:53 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-04-25 09:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-04-25 09:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-04-25 09:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-04-25 09:53 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-04-25 09:53 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-04-25 09:53 19,000 ----a-w C:\Windows\System32\kd1394.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-23_22.55.22.97 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-23 20:51:28 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-23 22:34:46 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-23 22:34:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-23 22:34:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-23 20:51:48 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-23 22:37:19 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-06-23 20:51:48 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-24 13:58:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-24 13:58:21 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-23 20:52:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-24 06:08:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-23 20:52:54 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-24 06:08:19 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-23 20:52:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-24 06:08:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-23 21:01:54 26,184 ----a-w C:\Windows\System32\drivers\avgmfx86.sys - 2008-06-23 19:29:42 119,736 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-23 20:58:40 119,736 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-23 19:29:42 95,104 ----a-w C:\Windows\System32\perfc014.dat + 2008-06-23 20:58:40 95,104 ----a-w C:\Windows\System32\perfc014.dat - 2008-06-23 19:29:42 636,790 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-23 20:58:40 636,790 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-23 19:29:42 501,692 ----a-w C:\Windows\System32\perfh014.dat + 2008-06-23 20:58:40 501,692 ----a-w C:\Windows\System32\perfh014.dat - 2008-06-23 19:26:18 8,094 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2495253727-173547519-3524149522-1000_UserData.bin + 2008-06-23 22:37:09 8,636 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2495253727-173547519-3524149522-1000_UserData.bin - 2008-06-23 19:26:18 79,866 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-23 22:37:09 80,214 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-23 19:26:16 44,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-23 22:37:07 45,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "BtTray"="D:\Programfiler\Bluesoleil\BtTray.exe" [2008-05-12 17:47 227840] "USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2007-02-20 13:09 81920] "VirtualCloneDrive"="D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712] "AVG8_TRAY"="D:\PROGRA~1\AVG8~1\avgtray.exe" [2008-06-23 23:01 1177368] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 00:31:52 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SAS\SASSEH.DLL [2008-05-30 10:01 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SAS\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SAS\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0814524f] C:\Windows\system32\ccgswnmc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed] D:\PROGRA~2\AUSLOG~1\boostspeed.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] D:\Programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] --a------ 2007-07-05 12:35 94208 C:\Windows\PLFSetL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\Windows\mrofinu1000106.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel] C:\Acer\APanel\APanel.cmd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-03-25 04:28 144784 D:\Programfiler\Java Developer\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a--c--- 2008-06-23 20:47 1506544 D:\Programfiler\SAS\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] --a------ 2006-10-16 13:50 202312 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2495253727-173547519-3524149522-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{4112C55B-3062-4884-88C5-6BB34EA5E12A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C07C6118-9BAA-46AA-AF8B-ABE77CA91BEB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{88C3F199-A9F1-447E-BDAF-FD2396F13A38}D:\\programfiler\\azureus\\azureus.exe"= UDP:D:\programfiler\azureus\azureus.exe:Azureus "UDP Query User{C0E80CC7-EE2C-4F9C-B41F-DF8D521E4352}D:\\programfiler\\azureus\\azureus.exe"= TCP:D:\programfiler\azureus\azureus.exe:Azureus "TCP Query User{B6172A19-0EA2-4D5D-9C76-AEC42C7F3DB4}D:\\programfiler\\azureus\\azureus.exe"= UDP:D:\programfiler\azureus\azureus.exe:Azureus "UDP Query User{0DEB2912-8062-4C06-91DF-E338BAB67B2E}D:\\programfiler\\azureus\\azureus.exe"= TCP:D:\programfiler\azureus\azureus.exe:Azureus "{EAAB8D61-13E2-4CC6-ABC5-7BFFE9962514}"= UDP:D:\Programfiler\FrostWire\FrostWire.exe:LimeWire "{86E84455-FB49-4244-A7C4-8B29974634CF}"= TCP:D:\Programfiler\FrostWire\FrostWire.exe:LimeWire "TCP Query User{51E255E4-42C6-4275-AB1F-35EE55003EEB}D:\\programfiler\\tmnationsforever\\tmforever.exe"= UDP:D:\programfiler\tmnationsforever\tmforever.exe:TmForever "UDP Query User{AE1B285C-AF97-4270-943F-8CC49F477867}D:\\programfiler\\tmnationsforever\\tmforever.exe"= TCP:D:\programfiler\tmnationsforever\tmforever.exe:TmForever "{6385282F-D4A6-4B9B-BDB0-3D27F9B19223}"= UDP:D:\Programfiler\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9AFA8CDF-A5E8-49BC-81D7-0CE94C34DB2B}"= TCP:D:\Programfiler\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{4770F37D-7C50-48EB-BBE2-BD593EEC98EC}"= UDP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS "{08720743-5B52-4BF6-BB6A-346FBC121FAB}"= TCP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS "{67397F77-57F1-466D-B8CD-8D6DB772FD79}"= UDP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS "{20F68296-062B-4B3E-A752-6045D60813CA}"= TCP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS "{4E2E2F3E-C280-4D88-8CE9-D34B7F60F9F5}"= UDP:86:BroadCam Web Server "TCP Query User{3517C702-9CF7-41E7-9B7F-C0B587DCDD77}D:\\programfiler\\eclipse\\eclipse.exe"= UDP:D:\programfiler\eclipse\eclipse.exe:eclipse "UDP Query User{20F1A1B7-5ABA-4269-A95A-F4B7845DC4D3}D:\\programfiler\\eclipse\\eclipse.exe"= TCP:D:\programfiler\eclipse\eclipse.exe:eclipse "TCP Query User{BC8E6DD2-BCD4-456D-8C41-135AC086240A}D:\\programfiler\\mozilla firefox\\firefox.exe"= UDP:D:\programfiler\mozilla firefox\firefox.exe:Firefox "UDP Query User{B8575E7B-38C3-47B0-B322-D0ED2749DA4D}D:\\programfiler\\mozilla firefox\\firefox.exe"= TCP:D:\programfiler\mozilla firefox\firefox.exe:Firefox "{73429FF8-7448-4846-9582-3FC61328D906}"= D:\Programfiler\AVG 8\avgupd.exe:avgupd.exe R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys [2008-01-21 19:28] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-23 23:01] R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG8~1\avgwdsvc.exe [2008-06-23 23:01] R2 BlueSoleilCS;BlueSoleilCS;D:\Programfiler\Bluesoleil\BlueSoleilCS.exe [2008-05-12 17:47] R2 BsMobileCS;BsMobileCS;D:\Programfiler\Bluesoleil\BsMobileCS.exe [2008-05-08 13:58] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20] R2 SBSDWSCService;SBSD Security Center Service;D:\Programfiler\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 BsHelpCS;BsHelpCS;D:\Programfiler\Bluesoleil\BsHelpCS.exe [2008-05-08 13:59] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26] R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys [2008-01-21 19:28] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 09:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-24 15:58:24 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\BsMobileSDK.dll -> C:\Windows\system32\BsLangInDepRes.dll . Completion time: 2008-06-24 15:59:19 ComboFix-quarantined-files.txt 2008-06-24 13:59:15 ComboFix2.txt 2008-06-23 20:56:15 Pre-Run: 19,263,127,552 byte ledig Post-Run: 19,143,299,072 byte ledig 336 --- E O F --- 2008-06-18 19:39:22 HijackThis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:15:25, on 24.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe D:\Programfiler\Bluesoleil\BtTray.exe C:\Program Files\Apoint2K\ApMsgFwd.exe D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe D:\Programfiler\AVG 8\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe D:\Programfiler\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG 8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java Developer\bin\ssv.dll O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [btTray] "D:\Programfiler\Bluesoleil\BtTray.exe" O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG8~1\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send by Bluetooth - D:\Programfiler\Bluesoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Send via &Message... - D:\Programfiler\Bluesoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java Developer\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java Developer\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG 8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SAS\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Ad Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG8~1\avgwdsvc.exe O23 - Service: BlueSoleilCS - Unknown owner - D:\Programfiler\Bluesoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - D:\Programfiler\Bluesoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - D:\Programfiler\Bluesoleil\BsMobileCS.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programfiler\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6241 bytes På forhånd takk for hjelpen. Endret 25. juni 2008 av Trainman Lenke til kommentar
r2d290 Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 (endret) peters91 forklarer fint hvordan du setter teksten i spoiler her: https://www.diskusjon.no/index.php?session=...t&p=8024350 edit: post også SUPERAntiSpyware-loggen. Den finner du ved å starte programmet, velge prefrences -> statesticks and logs Endret 24. juni 2008 av r2d290 Lenke til kommentar
Trainman Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 peters91 forklarer fint hvordan du setter teksten i spoiler her: https://www.diskusjon.no/index.php?session=...t&p=8024350 edit: post også SUPERAntiSpyware-loggen. Den finner du ved å starte programmet, velge prefrences -> statesticks and logs Fine ting! Takker. Kan legge ut siste SAS-logg. Den er fra før de forrige loggene. Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 06/24/2008 at 00:19 AM Application Version : 4.15.1000 Core Rules Database Version : 3488 Trace Rules Database Version: 1479 Scan type : Quick Scan Total Scan Time : 00:41:16 Memory items scanned : 598 Memory threats detected : 1 Registry items scanned : 466 Registry threats detected : 15 File items scanned : 34582 File threats detected : 64 Trojan.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\CCGSWNMC.DLL C:\WINDOWS\SYSTEM32\CCGSWNMC.DLL Parasite.CoolWebSearch Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} C:\WINDOWS\OLEHELP.EXE HTMLCore Module BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} CoolWebSearch Parasite Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} Adware.CoolWebSearch HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} Browser Hijacker.Tubby HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} ClientMan BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} Trojan.Vundo-Variant/Small-GEN HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ACED1C9F-2718-4512-9F69-F4E28C1F484F} HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F} HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}\InprocServer32 HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDCBRIGX.DLL Adware.Tracking Cookie C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\erling@zedo[1].txt C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\erling@doubleclick[1].txt C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt Trojan.Unclassified/CmdUtil C:\PROGRAMDATA\BANSVUDC.DLL C:\USERS\ALL USERS\BANSVUDC.DLL Rogue.Multi-Dropper/Installer C:\QOOBOX\QUARANTINE\C\WINDOWS\LFN.EXE.VIR Trojan.Downloader-Gen/MROFIN C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR Trojan.Fake-Drop/Gen C:\WINDOWS\ACCESSS.EXE C:\WINDOWS\AVPCC.DLL C:\WINDOWS\CLRSSN.EXE C:\WINDOWS\CPAN.DLL C:\WINDOWS\CTFMON32.EXE C:\WINDOWS\CTRLPAN.DLL C:\WINDOWS\DIRECTX32.EXE C:\WINDOWS\DNSRELAY.DLL C:\WINDOWS\EDITPAD.EXE C:\WINDOWS\EXPLORE.EXE C:\WINDOWS\EXPLORER32.EXE C:\WINDOWS\FUNNIEST.EXE C:\WINDOWS\FUNNY.EXE C:\WINDOWS\GFMNAAA.DLL C:\WINDOWS\HELPCVS.EXE C:\WINDOWS\INETINF.EXE C:\WINDOWS\INTERNET.EXE C:\WINDOWS\MSCONFD.DLL C:\WINDOWS\MSSPI.DLL C:\WINDOWS\MSSYS.EXE C:\WINDOWS\MSUPDATE.EXE C:\WINDOWS\MSWSC10.DLL C:\WINDOWS\MSWSC20.DLL C:\WINDOWS\MTWIRL32.DLL C:\WINDOWS\NOTEPAD32.EXE C:\WINDOWS\QTTASKS.EXE C:\WINDOWS\QUICKEN.EXE C:\WINDOWS\RUNDLL16.EXE C:\WINDOWS\SEARCHWORD.DLL C:\WINDOWS\SISTEM.EXE C:\WINDOWS\SVCHOST32.EXE C:\WINDOWS\SVCINIT.EXE C:\WINDOWS\TIME.EXE C:\WINDOWS\USERS32.EXE C:\WINDOWS\WAOL.EXE C:\WINDOWS\WIN64.EXE C:\WINDOWS\WINAJBM.DLL C:\WINDOWS\WINDOW.EXE C:\WINDOWS\WINMGNT.EXE C:\WINDOWS\X.EXE C:\WINDOWS\XPLUGIN.DLL C:\WINDOWS\Y.EXE Trojan.Dropper/ASTCTL32 C:\WINDOWS\ASTCTL32.OCX Rogue.LiveSecurityCenter-Trace C:\WINDOWS\DEFAULT.HTM Trojan.Downloader-Gen/Win C:\WINDOWS\IEDLL.EXE C:\WINDOWS\WIN32E.EXE Trojan.Unclassified/IExplorer-Fake C:\WINDOWS\IEXPLORER.EXE Trojan.Unclassified/Loader-Suspicious C:\WINDOWS\LOADER.EXE Trojan.CWS/VBE C:\WINDOWS\RUNDLL32.VBE Trojan.Unknown Origin C:\WINDOWS\RXJSAW5N\LRLPUQCB.VBS Trojan.Downloader-Systeem C:\WINDOWS\SYSTEEM.EXE Trojan.Downloader-SystemCritcial/Fake Alert C:\WINDOWS\SYSTEMCRITICAL.EXE Trojan.Unclassified/XXXVid C:\WINDOWS\XXXVIDEO.HTA Lenke til kommentar
norbat Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 Det ligger et par filer som skal fjernes, men i steden for å ta de manuelt, kunne det vært interessant og sett om følgende program tar de: Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Post loggen Lenke til kommentar
Trainman Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 MBAM-logg: Malwarebytes' Anti-Malware 1.18 Database versjon: 887 21:22:40 24.06.2008 mbam-log-6-24-2008 (21-22-40).txt Skann type: Rask Skann Objekter skannet: 35494 Tid tilbakelagt: 4 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Windows\System32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully. Filer infisert: C:\Windows\System32\fccbYSIB.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Var så liten at jeg ikke gadd å gjemme den. Takker Norbat. Lenke til kommentar
norbat Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\Windows\System32\cmnwsgcc.ini Folder:: C:\temp\itmp4 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg814524f] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] Trenger ingen ny logg. Fortell hvordan pc'n kjører. Lenke til kommentar
Trainman Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 Gjorde som du sa Norbat. Maskinen har blitt sitt gode gamle igjen. Takk for hjelpen. Lenke til kommentar
norbat Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 Flott Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet Avinstaller de andre programmen om du ikke ønsker å beholde de. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå