sheherezade Skrevet 4. juli 2008 Del Skrevet 4. juli 2008 (endret) Jeg ramlet borti noe dritt som het Downloader.zlob via en webside. Kan noen se gjennom Hijackthis loggen for meg? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:52, on 04.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Windows\system32\WUDFHost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\ico.exe C:\Windows\system32\svchost.exe C:\Windows\System32\Pmxmiced.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Users\Elisabeth Johnsen\Program Files\DNA\btdna.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\explorer.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.backthehomepage.com/?cm=612756&...amp;ibd=2080110 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\Windows\system32\734914\734914.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Elisabeth Johnsen\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\RunOnce: [inetReg] "C:\Program Files\Creative\Produktregistrering\Norwegan\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6 (User 'IUSR_NMPR') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe -- End of file - 13805 bytes Endret 6. juli 2008 av sheherezade Lenke til kommentar
snippsat Skrevet 4. juli 2008 Del Skrevet 4. juli 2008 (endret) Ja her er det en del grums. --- Vil først se hva MBAM tar av dette. --- Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du. --- Restart og lag en ny hijackthis logg. Endret 11. juli 2008 av SNIPPSAT Lenke til kommentar
sheherezade Skrevet 4. juli 2008 Forfatter Del Skrevet 4. juli 2008 Søren! Der var det mye dritt som hadde gått hus forbi hos Spybod, Lavasoft og AVG! MBAM logg Malwarebytes' Anti-Malware 1.19 Database versjon: 921 Windows 6.0.6001 Service Pack 1 00:01:30 05.07.2008 mbam-log-7-5-2008 (00-01-30).txt Skanntype: Rask Skann Objekter skannet: 40876 Tid tilbakelagt: 2 minute(s), 41 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 12 Registerverdier infisert: 15 Registerfiler infisert: 14 Mapper infisert: 2 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e2090673-256b-4632-94ee-fec7f551543c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2090673-256b-4632-94ee-fec7f551543c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Mapper infisert: C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Windows\System32\734914 (Trojan.BHO) -> Quarantined and deleted successfully. Filer infisert: C:\Windows\System32\734914\734914.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Users\Elisabeth Johnsen\AppData\Local\Temp\zfe2.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Elisabeth Johnsen\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. Hijackthis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:06:29, on 05.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\ico.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Windows\System32\Pmxmiced.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Users\Elisabeth Johnsen\Program Files\DNA\btdna.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.backthehomepage.com/?cm=612756&...amp;ibd=2080110 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Elisabeth Johnsen\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'IUSR_NMPR') O4 - HKUS\S-1-5-21-797261000-407550504-2405038764-1000\..\RunOnce: [inetReg] "C:\Program Files\Creative\Produktregistrering\Norwegan\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6 (User 'IUSR_NMPR') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe -- End of file - 9775 bytes Lenke til kommentar
snippsat Skrevet 4. juli 2008 Del Skrevet 4. juli 2008 Ja renset bra opp. Kjører litt til så vi er sikker på at du er ren for maleware. --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
sheherezade Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Combofix logg ComboFix 08-07-04.2 - Elisabeth Johnsen 2008-07-05 1:53:00.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2060 [GMT 2:00] Running from: C:\Users\Elisabeth Johnsen\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))) . 2008-07-04 23:56 . 2008-07-04 23:56 <DIR> d-------- C:\Users\Elisabeth Johnsen\AppData\Roaming\Malwarebytes 2008-07-04 23:56 . 2008-07-04 23:56 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-07-04 23:56 . 2008-07-04 23:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-04 23:56 . 2008-06-28 14:21 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-04 23:56 . 2008-06-28 14:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-04 21:23 . 2008-07-04 21:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-04 21:19 . 2008-07-04 21:19 <DIR> d-------- C:\Program Files\BitTorrent 2008-07-04 21:06 . 2008-07-04 23:52 <DIR> d-a------ C:\ProgramData\TEMP 2008-07-04 08:01 . 2008-07-04 23:25 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-01 22:44 . 2008-07-01 22:44 <DIR> d-------- C:\Users\Elisabeth Johnsen\AppData\Roaming\Talkback 2008-07-01 00:13 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-30 23:01 . 2008-06-30 23:01 <DIR> d-------- C:\PerfLogs 2008-06-29 12:46 . 2008-06-29 12:46 <DIR> d-------- C:\Program Files\THQ 2008-06-24 00:49 . 2008-06-24 00:49 <DIR> d-------- C:\Program Files\MSECache 2008-06-23 00:41 . 2008-06-23 00:41 <DIR> d-------- C:\ProgramData\Apple Computer 2008-06-23 00:41 . 2008-06-23 00:42 <DIR> d-------- C:\Program Files\QuickTime 2008-06-23 00:40 . 2008-06-23 00:40 <DIR> d-------- C:\ProgramData\Apple 2008-06-23 00:40 . 2008-06-23 00:40 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-12 01:11 . 2008-06-12 01:11 <DIR> d-------- C:\Program Files\goodsol 2008-06-12 01:11 . 2000-05-22 15:58 244,416 --a------ C:\Windows\System32\msflxgrd.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-04 23:45 --------- d-----w C:\Users\Elisabeth Johnsen\AppData\Roaming\DNA 2008-07-04 19:25 --------- d-----w C:\Users\Elisabeth Johnsen\AppData\Roaming\BitTorrent 2008-07-04 17:35 --------- d-----w C:\ProgramData\eMule 2008-07-04 05:38 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-07-04 05:38 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys 2008-07-04 05:38 10,520 ----a-w C:\Windows\System32\avgrsstx.dll 2008-06-30 22:41 --------- d-----w C:\Program Files\Windows Mail 2008-06-30 21:10 174 --sha-w C:\Program Files\desktop.ini 2008-06-30 21:04 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-30 21:04 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-30 21:04 --------- d-----w C:\Program Files\Windows Journal 2008-06-30 21:04 --------- d-----w C:\Program Files\Windows Defender 2008-06-30 21:04 --------- d-----w C:\Program Files\Windows Calendar 2008-06-30 20:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-30 20:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-30 20:34 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-06-30 20:34 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-06-29 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-14 12:13 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-06-03 20:28 --------- d-----w C:\Users\Elisabeth Johnsen\AppData\Roaming\My Games 2008-06-03 20:13 --------- d-----w C:\Program Files\Firaxis Games 2008-05-30 19:38 --------- d-----w C:\ProgramData\ATI 2008-05-28 19:34 --------- d-----w C:\Program Files\Sigmatel 2008-05-26 14:47 --------- d-----w C:\Program Files\Intel 2008-05-26 14:45 --------- d-----w C:\Users\Elisabeth Johnsen\AppData\Roaming\InstallShield 2008-05-26 14:45 --------- d-----w C:\Program Files\Dell 2008-05-24 14:29 --------- d-----w C:\ProgramData\avg8 2008-05-24 14:29 --------- d-----w C:\Program Files\AVG 2008-05-23 17:55 --------- d-----w C:\Users\Elisabeth Johnsen\AppData\Roaming\dvdcss 2008-05-20 14:12 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-09 22:01 --------- d-----w C:\ProgramData\PCPitstop 2008-05-09 13:56 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Users\Elisabeth Johnsen\Program Files\DNA\btdna.exe" [2008-05-08 10:03 289088] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 06:40 218032] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 12:14 439512] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 12:18 215256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 07:38 1232152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "PMX Daemon"="ICO.EXE" [2006-11-08 17:01 49152 C:\Windows\System32\ico.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EB658B2E-E02D-40DB-95C0-0F3D8A572F07}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{0A602B00-856E-4F0C-AF63-9172667BBB6B}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{220B6067-3618-4109-9690-A7847653DDE1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{3880C57E-DAA7-41AC-82D9-E63FBFE4EEEB}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{DB58A995-CC26-4A53-ABF8-CF5265653277}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{6CF46BD8-678B-489B-A145-EF4B7E371F1E}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{9FC42C24-C128-485A-9599-F01BA8B2277B}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv Media Server Discovery "{121BAF39-D309-49A3-851B-6A3665BBFD77}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{BE74FFCA-7BC9-42CF-A39A-484489E025BD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{91B16DE7-51EC-4A00-AEA8-0ABC8EDF049B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "TCP Query User{0CEA433B-1955-43C5-AF4E-13727A1DBE01}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{D8F686AD-00F6-4050-A14D-8B740BC82942}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{BB426BEC-0702-4020-8777-F1B8E603B6C1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{6F51DDE0-CAE7-4A59-9D88-78523FF92CAD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{4F8BA64F-18DE-4841-9B37-620DD74A4CA1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{C643AC34-B13A-410F-B851-8A2E4C4CEA61}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{77EBBC40-3D5A-42CF-937A-FF8CCA5CFD4C}C:\\users\\elisabeth johnsen\\program files\\dna\\btdna.exe"= UDP:C:\users\elisabeth johnsen\program files\dna\btdna.exe:btdna.exe "UDP Query User{07BA2C59-6CE6-4A3C-BADE-09323FF20EAB}C:\\users\\elisabeth johnsen\\program files\\dna\\btdna.exe"= TCP:C:\users\elisabeth johnsen\program files\dna\btdna.exe:btdna.exe "{962B7199-E6E5-45B6-A7BA-A069E4E79FCA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7C2A763A-EBAC-4E01-9E65-B5AD6761533E}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{46AD43C9-A3D5-451C-A9A6-282BDAAFEF34}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{22501A85-C2E4-40D2-A992-D82056D85EDE}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{58721C85-63FA-4359-8A46-97E16BB51126}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{CFC3EDEF-D3EF-4913-88DE-2BAA2BACEF57}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{BAB64391-4501-462F-9DC6-5F77292BD7A8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-04 07:38] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 07:38] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 07:38] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 13:46] R2 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 12:14] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34] R2 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 12:17] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-14 23:16] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-04 07:38] R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-01-10 16:09] R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 15:41] R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 18:44] S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-14 23:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffc320e9-cea3-11dc-b2d7-001d0922cd8a}] \shell\AutoRun\command - J:\autorun.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 01:54:58 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-05 1:56:03 ComboFix-quarantined-files.txt 2008-07-04 23:56:00 Pre-Run: 299,077,046,272 byte ledig Post-Run: 308,169,887,744 byte ledig 169 --- E O F --- 2008-06-30 22:18:55 Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Ja ser bra ut dette Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
sheherezade Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 (endret) Edit: lurer på om jeg kan ha pratet litt for raskt her. En skann med LavaSoft Ad-aware kommer opp med to tilfeller av Win32.Trojandownloader.zlob - begge står som "registry entry". Er det bare å fjerne det på vanlig måte, eller har faenskapet fremdeles et tak i maskina mi? Endret 5. juli 2008 av sheherezade Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) Er det bare å fjerne det på vanlig måte, eller har faenskapet fremdeles et tak i maskina mi? Er bare og fjerne,jeg liker ikke Ad-adware viser noen false posetivs. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Ny runde MBam. Prøv Ad-adware igjen. Jeg vill ha fjernet ad-adware-spybot og brukt MBAM. Endret 5. juli 2008 av SNIPPSAT Lenke til kommentar
sheherezade Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Glimrende! Alt ser ut til å ha forsvunnet. Tusen takk for hjelpen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå