Gå til innhold

Kan noen sjekke HijackThis og Combofix-loggen min også? <Løst>

Trainman

Av Trainman
i IKT-drift og sikkerhet

Anbefalte innlegg

Trainman

Trainman

Skrevet
Skrevet (endret)

Var så dum å installere et program lastet ned fra piratebay. Da fikk jeg en mengde gruff på maskinen og det var alt fra trojanere til smitfrauds og virtumundoinfeksjoner.

 

Har kjørt Combofix, SAS, AdAware, og Spybot S&D. flere ganger, men vil gjerne ha en expertuttalelse.

 

Har ikke tid til å finne ut hvordan man pakker mye tekst i Vis/skjul, så her er loggen i fullskala:

 

ComboFix 08-06-20.4 - Erling 2008-06-24 15:56:12.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1129 [GMT 2:00]

Running from: D:\Nedlastinger\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))

.

 

2008-06-24 00:54 . 2008-06-24 00:54 <DIR> d-------- C:\Program Files\InterMute

2008-06-23 23:05 . 2008-06-23 23:42 <DIR> d--h-c--- C:\$AVG8.VAULT$

2008-06-23 23:02 . 2008-06-24 08:08 <DIR> d-------- C:\Windows\System32\drivers\Avg

2008-06-23 23:02 . 2008-06-23 23:02 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-06-23 23:01 . 2008-06-23 23:01 <DIR> d-------- C:\Program Files\AVG

2008-06-23 23:01 . 2008-06-23 23:01 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-06-23 22:52 . 2008-06-23 22:56 354 ---hs---- C:\Windows\System32\cmnwsgcc.ini

2008-06-23 22:21 . 2008-06-24 00:47 <DIR> d-------- C:\Users\LogMeInRemoteUser

2008-06-23 22:20 . 2008-06-23 22:20 185 --a------ C:\Windows\wininit.ini

2008-06-23 21:41 . 2008-06-23 21:41 0 --a------ C:\Windows\LogMeIn_uninstall_reboot

2008-06-23 21:37 . 2008-06-23 23:42 <DIR> d-------- C:\Program Files\Sacor

2008-06-23 21:32 . 2008-06-23 21:32 321,536 --------- C:\Windows\System32\fccbYSIB.dll_old

2008-06-23 21:28 . 2008-06-23 21:28 <DIR> d----c--- C:\temp\itmp4

2008-06-23 21:21 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000002.regtrans-ms

2008-06-23 21:21 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000001.regtrans-ms

2008-06-23 21:21 . 2008-06-23 21:21 262,144 --a------ C:\Users\LOGMEI~2

2008-06-23 21:21 . 2008-06-23 21:21 65,536 --ahs---- C:\Users\LOGMEI~2{9d6556d8-3d6d-11dd-8261-00030d000001}.TM.blf

2008-06-23 21:21 . 2008-06-23 21:21 5,120 --ah----- C:\Users\LOGMEI~2.LOG1

2008-06-23 21:21 . 2008-06-23 21:21 0 --ah----- C:\Users\LOGMEI~2.LOG2

2008-06-23 21:20 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000002.regtrans-ms

2008-06-23 21:20 . 2008-06-23 21:21 524,288 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TMContainer00000000000000000001.regtrans-ms

2008-06-23 21:20 . 2008-06-23 21:21 65,536 --ahs---- C:\Users\LOGMEI~1{9d6556c8-3d6d-11dd-8261-00030d000001}.TM.blf

2008-06-23 21:20 . 2008-06-23 21:21 8,192 --a------ C:\Users\LOGMEI~1

2008-06-23 21:20 . 2008-06-23 21:21 5,120 --ah----- C:\Users\LOGMEI~1.LOG1

2008-06-23 21:20 . 2008-06-23 21:20 0 --ah----- C:\Users\LOGMEI~1.LOG2

2008-06-23 21:07 . 2008-06-23 21:10 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-06-23 21:07 . 2008-06-23 21:10 <DIR> d-------- C:\ProgramData\Lavasoft

2008-06-18 21:48 . 2008-06-18 21:48 <DIR> d-------- C:\Users\Erling\dwhelper

2008-06-17 18:33 . 2008-06-17 18:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-06-17 18:17 . 2008-06-17 18:17 <DIR> d-------- C:\Users\Erling\AppData\Roaming\Media Player Classic

2008-06-16 21:08 . 2008-06-16 23:17 <DIR> d-------- C:\Users\Erling\.housecall6.6

2008-06-14 09:55 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-06-14 09:55 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-06-14 09:55 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-06-14 09:55 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-06-06 21:09 . 2008-06-06 21:09 <DIR> d-------- C:\Users\All Users\UltiDev

2008-06-06 21:09 . 2008-06-06 21:09 <DIR> d-------- C:\ProgramData\UltiDev

2008-06-06 21:09 . 2008-06-17 19:02 <DIR> d-------- C:\Program Files\UltiDev

2008-06-06 21:05 . 2008-06-06 21:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server

2008-06-05 23:59 . 2008-06-05 23:59 <DIR> d-------- C:\Windows\nvidia icons

2008-06-04 21:06 . 2008-06-04 21:06 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-02 23:16 . 2008-06-02 23:16 <DIR> d-------- C:\Users\All Users\LogMeIn

2008-06-02 23:16 . 2008-06-02 23:16 <DIR> d-------- C:\ProgramData\LogMeIn

2008-06-02 23:16 . 2008-05-28 12:32 87,352 --a------ C:\Windows\System32\LMIinit.dll

2008-06-02 23:16 . 2008-05-28 12:33 83,288 --a------ C:\Windows\System32\LMIRfsClientNP.dll

2008-06-02 23:16 . 2008-03-07 13:39 45,848 --a------ C:\Windows\System32\drivers\LMIRfsDriver.sys

2008-06-02 23:16 . 2008-05-28 12:33 24,608 --a------ C:\Windows\System32\LMIport.dll

2008-06-02 23:16 . 2008-06-02 23:16 1,024 --a--c--- C:\.rnd

2008-06-01 20:52 . 2008-06-01 20:52 <DIR> d-------- C:\Users\Erling\AppData\Roaming\AccurateRip

2008-06-01 00:27 . 2008-06-01 00:27 <DIR> d-------- C:\Program Files\CDBurnerXP

2008-06-01 00:11 . 2008-06-08 18:49 <DIR> d-------- C:\Users\Erling\AppData\Roaming\CDBurnerXP_Soft

2008-05-28 21:33 . 2008-05-28 21:33 <DIR> d-------- C:\Program Files\Sun

2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\Windows\System32\lmimirr.dll

2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\Windows\System32\lmimirr2.dll

2008-05-28 06:03 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-05-28 06:03 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d--h----- C:\Users\All Users\CanonBJ

2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d--h----- C:\ProgramData\CanonBJ

2008-05-25 23:08 . 2008-06-23 20:34 <DIR> d-------- C:\Users\Erling\AppData\Roaming\dvdcss

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-23 21:01 --------- d-----w C:\ProgramData\Avg8

2008-06-23 19:53 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-06-23 19:22 --------- d-----w C:\Users\Erling\AppData\Roaming\uTorrent

2008-06-23 19:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-06-23 10:54 --------- d-----w C:\Program Files\Launch Manager

2008-06-22 18:37 106,366 ----a-w C:\Users\Erling\AppData\Roaming\nvModes.dat

2008-06-19 19:33 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-06-11 12:08 --------- d-----w C:\Program Files\Windows Mail

2008-06-06 19:06 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-01 16:37 --------- d-----w C:\Users\Erling\AppData\Roaming\FrostWire

2008-05-31 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-25 15:27 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-23 20:33 --------- d-----w C:\ProgramData\Forge of Games

2008-05-23 19:57 --------- d-----w C:\Users\Erling\AppData\Roaming\Astro Gemini Software

2008-05-23 19:55 --------- d-----w C:\Program Files\3D-ScreenSaver-Download

2008-05-22 20:30 --------- d-----w C:\ProgramData\Elaborate Bytes

2008-05-21 11:00 --------- d-----w C:\Program Files\NCH Software

2008-05-21 10:58 --------- d-----w C:\ProgramData\NCH Software

2008-05-21 10:41 --------- d-----w C:\ProgramData\NCH Swift Sound

2008-05-21 10:40 27,136 ----a-w C:\Windows\system32\drivers\nchssvad.sys

2008-05-21 10:40 --------- d-----w C:\Users\Erling\AppData\Roaming\NCH Swift Sound

2008-05-21 10:19 --------- d-----w C:\Program Files\Pinnacle

2008-05-20 19:40 --------- d-----w C:\Users\Erling\AppData\Roaming\CyberLink

2008-05-20 19:40 --------- d-----w C:\ProgramData\CyberLink

2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-05-08 20:58 --------- d-----w C:\Users\Erling\AppData\Roaming\Azureus

2008-05-08 12:02 9,728 ----a-w C:\Windows\System32\BsMonUI.dll

2008-05-08 12:02 57,430 ----a-w C:\Windows\System32\btfunc.dll

2008-05-08 12:02 405,589 ----a-w C:\Windows\System32\BsUI.dll

2008-05-08 12:02 278,647 ----a-w C:\Windows\System32\outlookAddin.dll

2008-05-08 12:02 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll

2008-05-08 12:01 622,693 ----a-w C:\Windows\System32\BSShell.dll

2008-05-08 12:01 540,758 ----a-w C:\Windows\System32\Bscdlg.dll

2008-05-08 12:01 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll

2008-05-08 12:01 114,788 ----a-w C:\Windows\System32\BsProfileFunc.dll

2008-05-08 12:01 114,774 ----a-w C:\Windows\System32\versit.dll

2008-05-08 12:00 94,314 ----a-w C:\Windows\System32\BsHelpCSps.dll

2008-05-08 12:00 516,211 ----a-w C:\Windows\System32\BlueSoleilCSps.dll

2008-05-08 12:00 143,450 ----a-w C:\Windows\System32\BsCommon.dll

2008-05-08 11:59 98,403 ----a-w C:\Windows\System32\Bs2Res.dll

2008-05-08 11:59 28,766 ----a-w C:\Windows\System32\PlayerCtrl.dll

2008-05-08 11:59 221,268 ----a-w C:\Windows\System32\BsSDK.dll

2008-05-08 11:58 28,760 ----a-w C:\Windows\System32\BsTrace.dll

2008-05-08 11:58 28,672 ----a-w C:\Windows\System32\BsMobileCSps.dll

2008-05-08 11:58 118,880 ----a-w C:\Windows\System32\BsMobileSDK.dll

2008-05-07 18:58 --------- d-----w C:\Users\Erling\AppData\Roaming\DeepBurner

2008-05-07 14:44 --------- d-----w C:\ProgramData\NtiDvdCopy

2008-05-07 07:55 767,488 ----a-w C:\Windows\system32\drivers\athr.sys

2008-05-06 07:23 --------- d-----w C:\Users\Erling\AppData\Roaming\ImgBurn

2008-05-05 16:52 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-04 22:18 --------- d-----w C:\Users\Erling\AppData\Roaming\vlc

2008-05-03 19:51 --------- d-----w C:\ProgramData\Google Updater

2008-05-03 19:50 --------- d-----w C:\Program Files\Google

2008-05-02 12:23 --------- d-----w C:\Program Files\AMG

2008-05-01 21:57 --------- d-----w C:\Users\Erling\AppData\Roaming\SUPERAntiSpyware.com

2008-05-01 21:57 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-05-01 21:35 118 ----a-w C:\Users\Erling\AppData\Roaming\wklnhst.dat

2008-05-01 14:11 --------- d-----w C:\Users\Erling\AppData\Roaming\PeerNetworking

2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\nvuninst.exe

2008-04-29 19:25 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-04-29 19:25 --------- d-----w C:\Users\Erling\AppData\Roaming\DAEMON Tools

2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS

2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys

2008-04-28 09:23 --------- d-----w C:\ProgramData\Atheros

2008-04-28 09:23 --------- d-----w C:\Program Files\Atheros

2008-04-28 09:04 --------- d-----w C:\Users\Erling\AppData\Roaming\InstallShield

2008-04-28 09:04 --------- d-----w C:\Program Files\Intel

2008-04-27 17:28 --------- d-----w C:\ProgramData\WindowsSearch

2008-04-27 06:54 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-26 13:30 --------- d-----w C:\Program Files\GPLGS

2008-04-26 13:29 --------- d-----w C:\Program Files\Acro Software

2008-04-26 12:27 --------- d-----w C:\ProgramData\Azureus

2008-04-26 11:52 174 --sha-w C:\Program Files\desktop.ini

2008-04-26 11:46 --------- d-----w C:\ProgramData\Avanquest Bluetooth SDK

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Journal

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Defender

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-26 11:43 --------- d-----w C:\Program Files\Windows Calendar

2008-04-26 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-04-26 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-04-26 09:49 --------- d-----w C:\ProgramData\Sony Ericsson

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 11:59 --------- d-----w C:\Program Files\Common Files\Java

2008-04-25 09:53 988,216 ----a-w C:\Windows\System32\winload.exe

2008-04-25 09:53 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-04-25 09:53 615,992 ----a-w C:\Windows\System32\ci.dll

2008-04-25 09:53 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-04-25 09:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-04-25 09:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-04-25 09:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-04-25 09:53 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-04-25 09:53 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-04-25 09:53 19,000 ----a-w C:\Windows\System32\kd1394.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-23_22.55.22.97 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-23 20:51:28 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-23 22:34:46 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-23 22:34:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-06-23 22:34:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-06-23 20:51:48 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-23 22:37:19 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-06-23 20:51:48 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-06-24 13:58:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-06-24 13:58:21 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-06-23 20:52:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-24 06:08:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-23 20:52:54 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-24 06:08:19 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-23 20:52:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-24 06:08:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-23 21:01:54 26,184 ----a-w C:\Windows\System32\drivers\avgmfx86.sys

- 2008-06-23 19:29:42 119,736 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-06-23 20:58:40 119,736 ----a-w C:\Windows\System32\perfc009.dat

- 2008-06-23 19:29:42 95,104 ----a-w C:\Windows\System32\perfc014.dat

+ 2008-06-23 20:58:40 95,104 ----a-w C:\Windows\System32\perfc014.dat

- 2008-06-23 19:29:42 636,790 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-06-23 20:58:40 636,790 ----a-w C:\Windows\System32\perfh009.dat

- 2008-06-23 19:29:42 501,692 ----a-w C:\Windows\System32\perfh014.dat

+ 2008-06-23 20:58:40 501,692 ----a-w C:\Windows\System32\perfh014.dat

- 2008-06-23 19:26:18 8,094 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2495253727-173547519-3524149522-1000_UserData.bin

+ 2008-06-23 22:37:09 8,636 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2495253727-173547519-3524149522-1000_UserData.bin

- 2008-06-23 19:26:18 79,866 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-06-23 22:37:09 80,214 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-06-23 19:26:16 44,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-06-23 22:37:07 45,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"BtTray"="D:\Programfiler\Bluesoleil\BtTray.exe" [2008-05-12 17:47 227840]

"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2007-02-20 13:09 81920]

"VirtualCloneDrive"="D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]

"AVG8_TRAY"="D:\PROGRA~1\AVG8~1\avgtray.exe" [2008-06-23 23:01 1177368]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 00:31:52 535336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SAS\SASSEH.DLL [2008-05-30 10:01 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\SAS\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SAS\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0814524f]

C:\Windows\system32\ccgswnmc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]

C:\Acer\AcerTour\Reminder.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]

D:\PROGRA~2\AUSLOG~1\boostspeed.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

D:\Programfiler\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

--a------ 2007-07-05 12:35 94208 C:\Windows\PLFSetL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\Windows\mrofinu1000106.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel]

C:\Acer\APanel\APanel.cmd

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-03-25 04:28 144784 D:\Programfiler\Java Developer\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a--c--- 2008-06-23 20:47 1506544 D:\Programfiler\SAS\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

--a------ 2006-10-16 13:50 202312 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

C:\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2495253727-173547519-3524149522-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{4112C55B-3062-4884-88C5-6BB34EA5E12A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{C07C6118-9BAA-46AA-AF8B-ABE77CA91BEB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{88C3F199-A9F1-447E-BDAF-FD2396F13A38}D:\\programfiler\\azureus\\azureus.exe"= UDP:D:\programfiler\azureus\azureus.exe:Azureus

"UDP Query User{C0E80CC7-EE2C-4F9C-B41F-DF8D521E4352}D:\\programfiler\\azureus\\azureus.exe"= TCP:D:\programfiler\azureus\azureus.exe:Azureus

"TCP Query User{B6172A19-0EA2-4D5D-9C76-AEC42C7F3DB4}D:\\programfiler\\azureus\\azureus.exe"= UDP:D:\programfiler\azureus\azureus.exe:Azureus

"UDP Query User{0DEB2912-8062-4C06-91DF-E338BAB67B2E}D:\\programfiler\\azureus\\azureus.exe"= TCP:D:\programfiler\azureus\azureus.exe:Azureus

"{EAAB8D61-13E2-4CC6-ABC5-7BFFE9962514}"= UDP:D:\Programfiler\FrostWire\FrostWire.exe:LimeWire

"{86E84455-FB49-4244-A7C4-8B29974634CF}"= TCP:D:\Programfiler\FrostWire\FrostWire.exe:LimeWire

"TCP Query User{51E255E4-42C6-4275-AB1F-35EE55003EEB}D:\\programfiler\\tmnationsforever\\tmforever.exe"= UDP:D:\programfiler\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{AE1B285C-AF97-4270-943F-8CC49F477867}D:\\programfiler\\tmnationsforever\\tmforever.exe"= TCP:D:\programfiler\tmnationsforever\tmforever.exe:TmForever

"{6385282F-D4A6-4B9B-BDB0-3D27F9B19223}"= UDP:D:\Programfiler\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{9AFA8CDF-A5E8-49BC-81D7-0CE94C34DB2B}"= TCP:D:\Programfiler\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{4770F37D-7C50-48EB-BBE2-BD593EEC98EC}"= UDP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS

"{08720743-5B52-4BF6-BB6A-346FBC121FAB}"= TCP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS

"{67397F77-57F1-466D-B8CD-8D6DB772FD79}"= UDP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS

"{20F68296-062B-4B3E-A752-6045D60813CA}"= TCP:D:\Programfiler\Bluesoleil\BlueSoleilCS.exe:BlueSoleilCS

"{4E2E2F3E-C280-4D88-8CE9-D34B7F60F9F5}"= UDP:86:BroadCam Web Server

"TCP Query User{3517C702-9CF7-41E7-9B7F-C0B587DCDD77}D:\\programfiler\\eclipse\\eclipse.exe"= UDP:D:\programfiler\eclipse\eclipse.exe:eclipse

"UDP Query User{20F1A1B7-5ABA-4269-A95A-F4B7845DC4D3}D:\\programfiler\\eclipse\\eclipse.exe"= TCP:D:\programfiler\eclipse\eclipse.exe:eclipse

"TCP Query User{BC8E6DD2-BCD4-456D-8C41-135AC086240A}D:\\programfiler\\mozilla firefox\\firefox.exe"= UDP:D:\programfiler\mozilla firefox\firefox.exe:Firefox

"UDP Query User{B8575E7B-38C3-47B0-B322-D0ED2749DA4D}D:\\programfiler\\mozilla firefox\\firefox.exe"= TCP:D:\programfiler\mozilla firefox\firefox.exe:Firefox

"{73429FF8-7448-4846-9582-3FC61328D906}"= D:\Programfiler\AVG 8\avgupd.exe:avgupd.exe

 

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys [2008-01-21 19:28]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-23 23:01]

R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG8~1\avgwdsvc.exe [2008-06-23 23:01]

R2 BlueSoleilCS;BlueSoleilCS;D:\Programfiler\Bluesoleil\BlueSoleilCS.exe [2008-05-12 17:47]

R2 BsMobileCS;BsMobileCS;D:\Programfiler\Bluesoleil\BsMobileCS.exe [2008-05-08 13:58]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R2 SBSDWSCService;SBSD Security Center Service;D:\Programfiler\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R3 BsHelpCS;BsHelpCS;D:\Programfiler\Bluesoleil\BsHelpCS.exe [2008-05-08 13:59]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys [2008-01-21 19:28]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 09:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-24 15:58:24

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\BsMobileSDK.dll

-> C:\Windows\system32\BsLangInDepRes.dll

.

Completion time: 2008-06-24 15:59:19

ComboFix-quarantined-files.txt 2008-06-24 13:59:15

ComboFix2.txt 2008-06-23 20:56:15

 

Pre-Run: 19,263,127,552 byte ledig

Post-Run: 19,143,299,072 byte ledig

 

336 --- E O F --- 2008-06-18 19:39:22

 

HijackThis logg

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:25, on 24.06.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

D:\Programfiler\Bluesoleil\BtTray.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

D:\Programfiler\AVG 8\avgtray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG 8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java Developer\bin\ssv.dll

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [btTray] "D:\Programfiler\Bluesoleil\BtTray.exe"

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Programfiler\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG8~1\avgtray.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send by Bluetooth - D:\Programfiler\Bluesoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Send via &Message... - D:\Programfiler\Bluesoleil\TransSend\IE\tssms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java Developer\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java Developer\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG 8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SAS\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Ad Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG8~1\avgwdsvc.exe

O23 - Service: BlueSoleilCS - Unknown owner - D:\Programfiler\Bluesoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Programfiler\Bluesoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - D:\Programfiler\Bluesoleil\BsMobileCS.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programfiler\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6241 bytes

 

På forhånd takk for hjelpen.

Endret av Trainman
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Trainman

Trainman

Skrevet
  • Forfatter
Skrevet
peters91 forklarer fint hvordan du setter teksten i spoiler her: https://www.diskusjon.no/index.php?session=...t&p=8024350

 

edit: post også SUPERAntiSpyware-loggen. Den finner du ved å starte programmet, velge prefrences -> statesticks and logs

 

Fine ting! Takker.

 

Kan legge ut siste SAS-logg. Den er fra før de forrige loggene.

 

Klikk for å se/fjerne innholdet nedenfor
SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/24/2008 at 00:19 AM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3488

Trace Rules Database Version: 1479

 

Scan type : Quick Scan

Total Scan Time : 00:41:16

 

Memory items scanned : 598

Memory threats detected : 1

Registry items scanned : 466

Registry threats detected : 15

File items scanned : 34582

File threats detected : 64

 

Trojan.Vundo-Variant/Small

C:\WINDOWS\SYSTEM32\CCGSWNMC.DLL

C:\WINDOWS\SYSTEM32\CCGSWNMC.DLL

 

Parasite.CoolWebSearch Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}

C:\WINDOWS\OLEHELP.EXE

 

HTMLCore Module BHO

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}

 

CoolWebSearch Parasite Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}

 

Adware.CoolWebSearch

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}

 

Browser Hijacker.Tubby

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}

 

ClientMan BHO

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

 

Trojan.Vundo-Variant/Small-GEN

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ACED1C9F-2718-4512-9F69-F4E28C1F484F}

HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}

HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}\InprocServer32

HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\DDCBRIGX.DLL

 

Adware.Tracking Cookie

C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\erling@zedo[1].txt

C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\erling@doubleclick[1].txt

C:\Users\Erling\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

 

Trojan.Unclassified/CmdUtil

C:\PROGRAMDATA\BANSVUDC.DLL

C:\USERS\ALL USERS\BANSVUDC.DLL

 

Rogue.Multi-Dropper/Installer

C:\QOOBOX\QUARANTINE\C\WINDOWS\LFN.EXE.VIR

 

Trojan.Downloader-Gen/MROFIN

C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR

 

Trojan.Fake-Drop/Gen

C:\WINDOWS\ACCESSS.EXE

C:\WINDOWS\AVPCC.DLL

C:\WINDOWS\CLRSSN.EXE

C:\WINDOWS\CPAN.DLL

C:\WINDOWS\CTFMON32.EXE

C:\WINDOWS\CTRLPAN.DLL

C:\WINDOWS\DIRECTX32.EXE

C:\WINDOWS\DNSRELAY.DLL

C:\WINDOWS\EDITPAD.EXE

C:\WINDOWS\EXPLORE.EXE

C:\WINDOWS\EXPLORER32.EXE

C:\WINDOWS\FUNNIEST.EXE

C:\WINDOWS\FUNNY.EXE

C:\WINDOWS\GFMNAAA.DLL

C:\WINDOWS\HELPCVS.EXE

C:\WINDOWS\INETINF.EXE

C:\WINDOWS\INTERNET.EXE

C:\WINDOWS\MSCONFD.DLL

C:\WINDOWS\MSSPI.DLL

C:\WINDOWS\MSSYS.EXE

C:\WINDOWS\MSUPDATE.EXE

C:\WINDOWS\MSWSC10.DLL

C:\WINDOWS\MSWSC20.DLL

C:\WINDOWS\MTWIRL32.DLL

C:\WINDOWS\NOTEPAD32.EXE

C:\WINDOWS\QTTASKS.EXE

C:\WINDOWS\QUICKEN.EXE

C:\WINDOWS\RUNDLL16.EXE

C:\WINDOWS\SEARCHWORD.DLL

C:\WINDOWS\SISTEM.EXE

C:\WINDOWS\SVCHOST32.EXE

C:\WINDOWS\SVCINIT.EXE

C:\WINDOWS\TIME.EXE

C:\WINDOWS\USERS32.EXE

C:\WINDOWS\WAOL.EXE

C:\WINDOWS\WIN64.EXE

C:\WINDOWS\WINAJBM.DLL

C:\WINDOWS\WINDOW.EXE

C:\WINDOWS\WINMGNT.EXE

C:\WINDOWS\X.EXE

C:\WINDOWS\XPLUGIN.DLL

C:\WINDOWS\Y.EXE

 

Trojan.Dropper/ASTCTL32

C:\WINDOWS\ASTCTL32.OCX

 

Rogue.LiveSecurityCenter-Trace

C:\WINDOWS\DEFAULT.HTM

 

Trojan.Downloader-Gen/Win

C:\WINDOWS\IEDLL.EXE

C:\WINDOWS\WIN32E.EXE

 

Trojan.Unclassified/IExplorer-Fake

C:\WINDOWS\IEXPLORER.EXE

 

Trojan.Unclassified/Loader-Suspicious

C:\WINDOWS\LOADER.EXE

 

Trojan.CWS/VBE

C:\WINDOWS\RUNDLL32.VBE

 

Trojan.Unknown Origin

C:\WINDOWS\RXJSAW5N\LRLPUQCB.VBS

 

Trojan.Downloader-Systeem

C:\WINDOWS\SYSTEEM.EXE

 

Trojan.Downloader-SystemCritcial/Fake Alert

C:\WINDOWS\SYSTEMCRITICAL.EXE

 

Trojan.Unclassified/XXXVid

C:\WINDOWS\XXXVIDEO.HTA

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Det ligger et par filer som skal fjernes, men i steden for å ta de manuelt, kunne det vært interessant og sett om følgende program tar de:

 

Last ned MBAM til skrivebordet.

Kjør fila og installer programmet. Velg Norsk språkdrakt

La programmet oppdatere seg og velg å kjør en hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk.

Post loggen

Lenke til kommentar
Trainman

Trainman

Skrevet
  • Forfatter
Skrevet

MBAM-logg:

 

Malwarebytes' Anti-Malware 1.18

Database versjon: 887

 

21:22:40 24.06.2008

mbam-log-6-24-2008 (21-22-40).txt

 

Skann type: Rask Skann

Objekter skannet: 35494

Tid tilbakelagt: 4 minute(s), 32 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Windows\System32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Windows\System32\fccbYSIB.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Var så liten at jeg ikke gadd å gjemme den.

 

Takker Norbat.

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\Windows\System32\cmnwsgcc.ini

 

Folder::

C:\temp\itmp4

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg814524f]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

 

Trenger ingen ny logg.

 

Fortell hvordan pc'n kjører.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...