TaklampeX Skrevet 17. juli 2008 Del Skrevet 17. juli 2008 (endret) Her er en nøtt jeg ikke klarer å knekke selv. Norman tar nå sikkert rundt 10 trojanere hver dag. Dette er trojanere jeg, etter å ha googla litt, mener å høre til reklame-programvare, dvs en toolbar eller noe annet møkk. Hvordan kan jeg finne ut hvilket program som slipper inn trojanere hele tida? Trojanerne ligger som regel i temp-mapper, og kalles W32/DLoader.HSQD og W32/Smalltroj.FEBN. Norman finner ingenting under søk, ikke ad-aware heller. Her kommer nøtten: Hva er det som tar alt det virituelle minnet mitt? Hvis pc'n står på i 5 timer kommer bobla til Windows med en beskjed om at det er for lite minne. Jeg har prøvd å google etter programmer som kan analysere minnet, uten særlig hell. Og ja, jeg vil helst ikke formatere... det tar så jævlig lang tid. Takk for hjelp. Endret 18. juli 2008 av TaklampeX Lenke til kommentar
norbat Skrevet 17. juli 2008 Del Skrevet 17. juli 2008 Kjør gjennom veiledningen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter poster du her i din egen tråd. Lenke til kommentar
TaklampeX Skrevet 17. juli 2008 Forfatter Del Skrevet 17. juli 2008 (endret) Puh, jeg tror harddisken min så vidt overlevde. Slik hørtes det ut: Skraaaap buldre buldre knaaas. SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 07/17/2008 at 09:43 PM Application Version : 4.15.1000 Core Rules Database Version : 3506 Trace Rules Database Version: 1497 Scan type : Quick Scan Total Scan Time : 00:13:40 Memory items scanned : 576 Memory threats detected : 0 Registry items scanned : 447 Registry threats detected : 0 File items scanned : 10593 File threats detected : 4 (...masse cookies.txt) Trojan.Unclassified/Loader-Suspicious (4 filer som heter LOADER.EXE, men de er trygge) ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-15.4 - Bruker 2008-07-17 21:47:21.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.795 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))) . 2008-07-17 21:27 . 2008-07-17 21:42 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-17 21:22 . 2008-07-17 21:22 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-17 21:01 . 2008-07-17 21:01 1,774,687 --a------ C:\Musikk.torrent 2008-07-16 22:56 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-16 22:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-16 22:56 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-16 22:56 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-16 22:56 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-16 22:56 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-16 22:56 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-16 22:56 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-16 22:56 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-15 21:04 . 2008-07-15 21:04 <DIR> d-------- C:\Programfiler\Lavasoft 2008-07-15 20:58 . 2008-07-15 20:58 <DIR> d-------- C:\Programfiler\LIUtilities 2008-07-15 20:52 . 2008-07-15 20:52 <DIR> d-------- C:\Programfiler\MemInfo 2008-07-15 16:35 . 2008-07-15 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Codemasters 2008-07-15 16:33 . 2008-07-15 16:33 <DIR> d-------- C:\Programfiler\OpenAL 2008-07-15 13:41 . 2008-07-15 13:42 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\PE Explorer 2008-07-15 13:38 . 2008-07-15 13:47 <DIR> d-------- C:\Programfiler\Resource Tuner 2008-07-15 13:38 . 2008-07-15 13:39 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Resource Tuner 2008-07-14 20:46 . 2008-07-14 20:46 <DIR> d-------- C:\Programfiler\ValuSoft 2008-07-14 10:32 . 2008-07-14 10:31 29,760 --a------ C:\WINDOWS\system32\8aH7G6tX.exe 2008-07-14 10:32 . 2008-07-14 10:32 0 --a------ C:\WINDOWS\system32\8aH7G6tX.exe.a_a 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\system32\no 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-11 11:07 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-08 10:20 . 2008-07-08 10:20 <DIR> d-------- C:\Programfiler\MySQL 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Programfiler\Symbian 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Programfiler\Intuwave 2008-06-30 07:41 . 2008-06-30 07:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Teleca 2008-06-30 07:41 . 2008-06-30 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson 2008-06-30 07:41 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss 2008-06-30 07:37 . 2008-06-30 07:37 143 --a------ C:\WINDOWS\DelMR.bat 2008-06-24 20:33 . 2008-07-14 20:42 <DIR> d-------- C:\Programfiler\Steam 2008-06-20 19:49 . 2008-06-20 19:49 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 19:49 . 2008-06-20 19:49 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-17 18:20 . 2008-06-17 18:20 8 --a------ C:\WINDOWS\system32\nvModes.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-17 19:53 --------- d-----w C:\Programfiler\Norman 2008-07-17 19:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\FileZilla 2008-07-16 17:48 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-16 17:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-07-16 10:51 --------- d-----w C:\Programfiler\WMR11 2008-07-16 10:44 --------- d-----w C:\Programfiler\FileZilla FTP Client 2008-07-15 14:33 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-07-15 14:33 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-15 14:25 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-14 08:17 --------- d-----w C:\Programfiler\Java 2008-07-07 22:49 --------- d-----w C:\Programfiler\RevConnect 2008-07-07 17:37 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-06-30 18:11 91,264 ----a-w C:\WINDOWS\system32\drivers\zebrsce.sys 2008-06-30 18:11 14,848 ----a-w C:\WINDOWS\system32\drivers\zebrmdfl.sys 2008-06-30 18:11 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcmnt.sys 2008-06-30 18:11 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcm.sys 2008-06-30 18:11 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdmc.sys 2008-06-30 18:11 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdm.sys 2008-06-30 05:53 --------- d-----w C:\Programfiler\Sony Ericsson 2008-06-30 05:53 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-06-30 05:45 83,200 ----a-w C:\WINDOWS\system32\drivers\zebrbus.sys 2008-06-30 05:45 63,360 ----a-w C:\WINDOWS\system32\drivers\zebrceb.sys 2008-06-30 05:45 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwhnt.sys 2008-06-30 05:45 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwh.sys 2008-06-30 05:29 --------- d-----w C:\Documents and Settings\Bruker\Programdata\Teleca 2008-06-28 13:11 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-16 13:36 --------- d-----w C:\Programfiler\Wisdom-soft AutoScreenRecorder 3 Pro 2008-06-15 20:07 --------- d-----w C:\Programfiler\SpaceMonger 2008-06-15 20:07 --------- d-----w C:\Documents and Settings\Bruker\Programdata\SpaceMonger 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 12:12 --------- d-----w C:\Programfiler\DivX 2008-06-11 19:42 --------- d-----w C:\Documents and Settings\Bruker\Programdata\uTorrent 2008-06-11 18:48 --------- d-----w C:\Programfiler\megui 2008-05-31 11:49 --------- d-----w C:\Programfiler\Windows Media Components 2008-05-31 11:48 --------- d-----w C:\Programfiler\Futuremark 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-24 19:19 --------- d-----w C:\Documents and Settings\Bruker\Programdata\dvdcss 2008-05-24 11:13 --------- d-----w C:\Programfiler\Western Digital Technologies 2008-05-24 11:13 --------- d-----w C:\Programfiler\Western Digital 2008-05-23 20:51 --------- d-----w C:\Programfiler\Winamp 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-22 19:22 --------- d-----w C:\Documents and Settings\Bruker\Programdata\Winamp 2008-05-17 11:47 --------- d-----w C:\Programfiler\AsfTools 3.1 2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 06:51 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp7C.tmp 2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp7B.tmp 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-24 18:43 22,328 ----a-w C:\Documents and Settings\Bruker\Programdata\PnkBstrK.sys 2008-02-22 14:24 81,920 ----a-w C:\Documents and Settings\Bruker\Programdata\ezpinst.exe 2008-02-22 14:24 47,360 ----a-w C:\Documents and Settings\Bruker\Programdata\pcouffin.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232] "mRouterConfig"="C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2001-11-28 13:51 1123328] "NetLimiter"="C:\Programfiler\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296] "\\OPPE\EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 06:00 98304] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "WD Drive Manager"="C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 04:50 438272] "PC Suite for Smartphones"="C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 14:53 548864] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Resume copy"="copyfstq.exe" [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "VIDC.PIM1"= PCLEPIM1.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-04-11 07:34 288576 C:\Programfiler\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig] --a------ 2006-03-02 11:54 290816 C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 18:23 1695232 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones] -ra------ 2007-12-25 14:53 548864 C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-06-13 08:16 528384 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "SQLAgent$SONY_MEDIAMGR"=3 (0x3) "MSSQL$SONY_MEDIAMGR"=3 (0x3) "FileZilla Server"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Spill\\Battlefield 2\\BF2.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Cerberus\\Cerberus.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "Y:\\Grid\\GRID.exe"= R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 04:52] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-06-30 07:45] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-06-30 07:45] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-06-30 20:11] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-06-30 20:11] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-06-30 20:11] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-06-30 20:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670ee6a0-2982-11dd-b598-001e8c0abe76}] \Shell\AutoRun\command - H:\wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea4c89d4-19c1-11dd-b583-001e8c0abe76}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea4c89d5-19c1-11dd-b583-001e8c0abe76}] \Shell\AutoRun\command - H:\ASUSACPI.exe . Contents of the 'Scheduled Tasks' folder "2008-07-12 09:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-07-15 22:51:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 09:00:01 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 10:00:01 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 11:00:01 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 12:00:01 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 13:00:01 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 14:00:01 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 15:00:01 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 16:00:01 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-15 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 17:00:01 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 18:00:01 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 19:00:02 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-17 20:00:03 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-16 21:00:01 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-16 00:00:01 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-16 01:00:01 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\8aH7G6tX.exe "2008-07-14 08:32:08 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\8aH7G6tX.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-17 21:53:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Programfiler\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\RealVNC\VNC4\winvnc4.exe C:\Programfiler\Norman\Npm\Bin\Njeeves.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Norman\NVC\bin\Nip.exe C:\PROGRA~1\Norman\NVC\bin\CClaw.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-07-17 22:03:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-17 20:02:06 Pre-Run: 10,783,940,608 byte ledig Post-Run: 10,528,727,040 byte ledig 354 --- E O F --- 2008-07-12 01:03:06 Den fjerna altså noen filer. HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:09:10, on 17.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\DU Meter\DUMeter.exe C:\Programfiler\NetLimiter\NetLimiter.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Programfiler\RealVNC\VNC4\WinVNC4.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Bruker\Skrivebord\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DU Meter] C:\Programfiler\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NetLimiter] C:\Programfiler\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [\\OPPE\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\OPPE\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [WD Drive Manager] C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Programfiler\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programfiler\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programfiler\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://I:\components\hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://I:\components\A9.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201706522146 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201788031671 O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://I:\components\wmvhdrating.ocx O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar ) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programfiler\RealVNC\VNC4\WinVNC4.exe -- End of file - 10768 bytes Om problemet er løst? Neida, 10 minutter etter oppstart dukka det opp enda en W32/DLoader.HSQD. Begynner å merke at dette peker mot en formatering... hvis ikke du har noe forslag, norbat? Uansett, tusen takk for hjelpen! EDIT: Legger til resultatet fra en online scan. Klikk for å se/fjerne innholdet nedenfor Scan taken on 17 Jul 2008 20:29:21 (GMT) A-Squared Found Trojan-PSW.Win32.OnLineGames.arxy AntiVir Found TR/Crypt.ULPM.Gen ArcaVir Found nothing Avast Found Win32:Trojan-gen {Other} AVG Antivirus Found Generic10.AOWW BitDefender Found Trojan.Adclicker.HB ClamAV Found Trojan.Spy-41149 CPsecure Found nothing Dr.Web Found Trojan.Click.19260 F-Prot Antivirus Found W32/Pws.ANRK F-Secure Anti-Virus Found Trojan-GameThief.Win32.OnLineGames.arxy Fortinet Found W32/OnLineGames.ARXY!tr.pws Ikarus Found Trojan-GameThief.Win32.OnLineGames.arxy Kaspersky Anti-Virus Found Trojan-GameThief.Win32.OnLineGames.arxy NOD32 Found Win32/TrojanClicker.Agent.NDQ Norman Virus Control Found W32/DLoader.HSQD Panda Antivirus Found Generic Sophos Antivirus Found Mal/EncPk-F VirusBuster Found nothing VBA32 Found Trojan-PSW.Win32.OnLineGames.arxy Tydligvis noe som følger med online games? Har installert Steam nylig, med AudioSurf...... Endret 17. juli 2008 av TaklampeX Lenke til kommentar
norbat Skrevet 17. juli 2008 Del Skrevet 17. juli 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\8aH7G6tX.exe C:\WINDOWS\system32\8aH7G6tX.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job Deretter tar du en rask scan med MBAM for å se om det er noen leftover: Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste sammen med siste combofix-logg. Lenke til kommentar
TaklampeX Skrevet 17. juli 2008 Forfatter Del Skrevet 17. juli 2008 Ypperlig! Her fjernes det så det holder. Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-15.4 - Bruker 2008-07-17 22:37:52.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1325 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\8aH7G6tX.exe C:\WINDOWS\system32\8aH7G6tX.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\8aH7G6tX.exe C:\WINDOWS\system32\8aH7G6tX.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))) . 2008-07-17 21:27 . 2008-07-17 22:37 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-07-17 21:25 . 2008-07-17 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-17 21:22 . 2008-07-17 21:22 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-17 21:01 . 2008-07-17 21:01 1,774,687 --a------ C:\Musikk.torrent 2008-07-16 22:56 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-16 22:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-16 22:56 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-16 22:56 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-16 22:56 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-16 22:56 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-16 22:56 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-16 22:56 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-16 22:56 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-15 21:04 . 2008-07-15 21:04 <DIR> d-------- C:\Programfiler\Lavasoft 2008-07-15 20:58 . 2008-07-15 20:58 <DIR> d-------- C:\Programfiler\LIUtilities 2008-07-15 20:52 . 2008-07-15 20:52 <DIR> d-------- C:\Programfiler\MemInfo 2008-07-15 16:35 . 2008-07-15 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Codemasters 2008-07-15 16:33 . 2008-07-15 16:33 <DIR> d-------- C:\Programfiler\OpenAL 2008-07-15 13:41 . 2008-07-15 13:42 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\PE Explorer 2008-07-15 13:38 . 2008-07-15 13:47 <DIR> d-------- C:\Programfiler\Resource Tuner 2008-07-15 13:38 . 2008-07-15 13:39 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Resource Tuner 2008-07-14 20:46 . 2008-07-14 20:46 <DIR> d-------- C:\Programfiler\ValuSoft 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\system32\no 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-11 11:09 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-11 11:07 . 2008-07-11 11:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-08 10:20 . 2008-07-08 10:20 <DIR> d-------- C:\Programfiler\MySQL 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Programfiler\Symbian 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Programfiler\Intuwave 2008-06-30 07:41 . 2008-06-30 07:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared 2008-06-30 07:41 . 2008-06-30 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Teleca 2008-06-30 07:41 . 2008-06-30 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson 2008-06-30 07:41 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss 2008-06-30 07:37 . 2008-06-30 07:37 143 --a------ C:\WINDOWS\DelMR.bat 2008-06-24 20:33 . 2008-07-14 20:42 <DIR> d-------- C:\Programfiler\Steam 2008-06-20 19:49 . 2008-06-20 19:49 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 19:49 . 2008-06-20 19:49 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-17 18:20 . 2008-06-17 18:20 8 --a------ C:\WINDOWS\system32\nvModes.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-17 19:53 --------- d-----w C:\Programfiler\Norman 2008-07-17 19:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\FileZilla 2008-07-16 17:48 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-16 17:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-07-16 10:51 --------- d-----w C:\Programfiler\WMR11 2008-07-16 10:44 --------- d-----w C:\Programfiler\FileZilla FTP Client 2008-07-15 14:33 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-07-15 14:33 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-15 14:25 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-14 08:17 --------- d-----w C:\Programfiler\Java 2008-07-07 22:49 --------- d-----w C:\Programfiler\RevConnect 2008-07-07 17:37 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-06-30 18:11 91,264 ----a-w C:\WINDOWS\system32\drivers\zebrsce.sys 2008-06-30 18:11 14,848 ----a-w C:\WINDOWS\system32\drivers\zebrmdfl.sys 2008-06-30 18:11 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcmnt.sys 2008-06-30 18:11 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcm.sys 2008-06-30 18:11 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdmc.sys 2008-06-30 18:11 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdm.sys 2008-06-30 05:53 --------- d-----w C:\Programfiler\Sony Ericsson 2008-06-30 05:53 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-06-30 05:45 83,200 ----a-w C:\WINDOWS\system32\drivers\zebrbus.sys 2008-06-30 05:45 63,360 ----a-w C:\WINDOWS\system32\drivers\zebrceb.sys 2008-06-30 05:45 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwhnt.sys 2008-06-30 05:45 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwh.sys 2008-06-30 05:29 --------- d-----w C:\Documents and Settings\Bruker\Programdata\Teleca 2008-06-28 13:11 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-16 13:36 --------- d-----w C:\Programfiler\Wisdom-soft AutoScreenRecorder 3 Pro 2008-06-15 20:07 --------- d-----w C:\Programfiler\SpaceMonger 2008-06-15 20:07 --------- d-----w C:\Documents and Settings\Bruker\Programdata\SpaceMonger 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 12:12 --------- d-----w C:\Programfiler\DivX 2008-06-11 19:42 --------- d-----w C:\Documents and Settings\Bruker\Programdata\uTorrent 2008-06-11 18:48 --------- d-----w C:\Programfiler\megui 2008-05-31 11:49 --------- d-----w C:\Programfiler\Windows Media Components 2008-05-31 11:48 --------- d-----w C:\Programfiler\Futuremark 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-24 19:19 --------- d-----w C:\Documents and Settings\Bruker\Programdata\dvdcss 2008-05-24 11:13 --------- d-----w C:\Programfiler\Western Digital Technologies 2008-05-24 11:13 --------- d-----w C:\Programfiler\Western Digital 2008-05-23 20:51 --------- d-----w C:\Programfiler\Winamp 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-22 19:22 --------- d-----w C:\Documents and Settings\Bruker\Programdata\Winamp 2008-05-17 11:47 --------- d-----w C:\Programfiler\AsfTools 3.1 2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 06:51 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp7C.tmp 2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp7B.tmp 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-24 18:43 22,328 ----a-w C:\Documents and Settings\Bruker\Programdata\PnkBstrK.sys 2008-02-22 14:24 81,920 ----a-w C:\Documents and Settings\Bruker\Programdata\ezpinst.exe 2008-02-22 14:24 47,360 ----a-w C:\Documents and Settings\Bruker\Programdata\pcouffin.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232] "mRouterConfig"="C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2001-11-28 13:51 1123328] "NetLimiter"="C:\Programfiler\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296] "\\OPPE\EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 06:00 98304] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "WD Drive Manager"="C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 04:50 438272] "PC Suite for Smartphones"="C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 14:53 548864] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Resume copy"="copyfstq.exe" [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "VIDC.PIM1"= PCLEPIM1.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-04-11 07:34 288576 C:\Programfiler\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig] --a------ 2006-03-02 11:54 290816 C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 18:23 1695232 C:\Programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones] -ra------ 2007-12-25 14:53 548864 C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-06-13 08:16 528384 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "SQLAgent$SONY_MEDIAMGR"=3 (0x3) "MSSQL$SONY_MEDIAMGR"=3 (0x3) "FileZilla Server"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Spill\\Battlefield 2\\BF2.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Cerberus\\Cerberus.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "Y:\\Grid\\GRID.exe"= R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Programfiler\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 04:52] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-06-30 07:45] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-06-30 07:45] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-06-30 20:11] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-06-30 20:11] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-06-30 20:11] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-06-30 20:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670ee6a0-2982-11dd-b598-001e8c0abe76}] \Shell\AutoRun\command - H:\wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea4c89d4-19c1-11dd-b583-001e8c0abe76}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea4c89d5-19c1-11dd-b583-001e8c0abe76}] \Shell\AutoRun\command - H:\ASUSACPI.exe . Contents of the 'Scheduled Tasks' folder "2008-07-12 09:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-17 22:39:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Programfiler\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . Completion time: 2008-07-17 22:40:25 ComboFix-quarantined-files.txt 2008-07-17 20:39:38 ComboFix2.txt 2008-07-17 20:03:10 Pre-Run: 10,582,753,280 byte ledig Post-Run: 10,574,741,504 byte ledig 325 --- E O F --- 2008-07-12 01:03:06 og MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.20Database versjon: 962 Windows 5.1.2600 Service Pack 3 22:50:27 17.07.2008 mbam-log-7-17-2008 (22-50-27).txt Skanntype: Rask Skann Objekter skannet: 40867 Tid tilbakelagt: 4 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/musicmanageruninstaller.od2 (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.od2 (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.od2 (Trojan.Agent) -> Quarantined and deleted successfully. Skal restarte nå og se om det holder. Endrer emnetittel til [løst] i mårra hvis det går fint. norbat: TUSEN TAKK!! Lenke til kommentar
norbat Skrevet 17. juli 2008 Del Skrevet 17. juli 2008 Loggen ser fin ut Om alt kjører ok, kan du avinstallere combofix ved å skrive combofix /u i kjør-feltet. Dette vil også nullstille systemgjenlpprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå