Muse Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 Jeg er veldig sikker på at jeg har fått virus. Jeg har NOD32 som antivirus, og det kommer stadig opp at virus er oppdaget, og selv om jeg sletter det, kommer det tilbake. Her er problemer jeg har med datamaskinen: - Ytelsen er generelt utrolig dårlig. - Av og til detectes ikke Power Adapteren, da er ytelsen katastrofal. - Lyden er forsvunnet i Windows! Får ikke lyd fra internett heller. Får kun lyd fra In-game i spill eller hvis jeg spiller av noe i en mediaprogram. - Automatiske oppdateringer slås av automatisk selv om jeg slår den på. - Veldig ofte kommer jeg meg ikke inn på diverse sider. Bl. a Google, deviantart, yahoo og diskusjon.no! Jeg forteller om disse problemene siden jeg ikke er helt sikker om alle disse er et faktum på grunn av virus. Her er loggene: SAS-logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/18/2008 at 03:02 AM Application Version : 4.15.1000 Core Rules Database Version : 3507 Trace Rules Database Version: 1498 Scan type : Quick Scan Total Scan Time : 00:26:51 Memory items scanned : 579 Memory threats detected : 3 Registry items scanned : 522 Registry threats detected : 14 File items scanned : 15580 File threats detected : 49 Trojan.Vundo-Variant/Small-V2 C:\WINDOWS\SYSTEM32\IYEYGSJW.DLL C:\WINDOWS\SYSTEM32\IYEYGSJW.DLL C:\WINDOWS\SYSTEM32\ALHRLWMA.DLL C:\WINDOWS\SYSTEM32\BFIYGKJA.DLL C:\WINDOWS\SYSTEM32\BGKHWVTE.DLL C:\WINDOWS\SYSTEM32\CEAQTIJL.DLL C:\WINDOWS\SYSTEM32\DGFWQVVY.DLL C:\WINDOWS\SYSTEM32\EJVBGMXN.DLL C:\WINDOWS\SYSTEM32\GCPIDOAR.DLL C:\WINDOWS\SYSTEM32\HOOEYUPL.DLL C:\WINDOWS\SYSTEM32\KRHRYNHV.DLL C:\WINDOWS\SYSTEM32\LPFSOJHU.DLL C:\WINDOWS\SYSTEM32\LRKTMQML.DLL C:\WINDOWS\SYSTEM32\LWFSTBUS.DLL C:\WINDOWS\SYSTEM32\PJYXFXCA.DLL C:\WINDOWS\SYSTEM32\QPXEYPIN.DLL C:\WINDOWS\SYSTEM32\THDCHFYF.DLL C:\WINDOWS\SYSTEM32\UKMTHVQN.DLL C:\WINDOWS\SYSTEM32\XBFTOEBQ.DLL C:\WINDOWS\SYSTEM32\XXOMBMPO.DLL C:\WINDOWS\SYSTEM32\YYTKTUEP.DLL Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\URQRLBBB.DLL C:\WINDOWS\SYSTEM32\URQRLBBB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6F7A7EC-1BFF-4DDD-B2E8-2AEB7265230F} HKCR\CLSID\{A6F7A7EC-1BFF-4DDD-B2E8-2AEB7265230F} HKCR\CLSID\{A6F7A7EC-1BFF-4DDD-B2E8-2AEB7265230F}\InprocServer32 HKCR\CLSID\{A6F7A7EC-1BFF-4DDD-B2E8-2AEB7265230F}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\LJJYXYRI.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\EFCDUVWU.DLL C:\WINDOWS\SYSTEM32\EFCDUVWU.DLL Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9360774b-bf3a-45db-8165-18ac35251aa6} HKCR\CLSID\{9360774B-BF3A-45DB-8165-18AC35251AA6} HKCR\CLSID\{9360774B-BF3A-45DB-8165-18AC35251AA6}\InprocServer32 HKCR\CLSID\{9360774B-BF3A-45DB-8165-18AC35251AA6}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\VSOSKK.DLL C:\WINDOWS\SYSTEM32\BUPMLY.DLL C:\WINDOWS\SYSTEM32\MKTCHS.DLL C:\WINDOWS\SYSTEM32\YGJVFS.DLL Trojan.Vundo-Variant/Small Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\urqRLbbB C:\WINDOWS\SYSTEM32\AMPFMISC.DLL C:\WINDOWS\SYSTEM32\BQJTGWUT.DLL C:\WINDOWS\SYSTEM32\BUENKDXD.DLL C:\WINDOWS\SYSTEM32\BYXQKCCD.DLL C:\WINDOWS\SYSTEM32\GGTFYVXR.DLL C:\WINDOWS\SYSTEM32\IIFGDSIY.DLL C:\WINDOWS\SYSTEM32\OUWYWR.DLL C:\WINDOWS\SYSTEM32\VOHAIPIO.DLL C:\WINDOWS\SYSTEM32\WUHKSFSB.DLL Malware.RegFreeze HKU\S-1-5-21-2154076207-3090956874-2846007417-1006\Software\ActualResearch Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-2154076207-3090956874-2846007417-1006\Software\Microsoft\rdfa Adware.Tracking Cookie C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt C:\Documents and Settings\Skolen\Cookies\[email protected][1].txt C:\Documents and Settings\Skolen\Cookies\[email protected][1].txt C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt C:\Documents and Settings\Skolen\Cookies\[email protected][1].txt C:\Documents and Settings\Skolen\Cookies\[email protected][1].txt C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt C:\Documents and Settings\Skolen\Cookies\skolen@drivecleaner[2].txt C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt C:\Documents and Settings\Skolen\Cookies\[email protected][2].txt .doubleclick.net [ C:\Documents and Settings\Skolen\Programdata\Mozilla\Firefox\Profiles\dk4uba08.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Skolen\Programdata\Mozilla\Firefox\Profiles\dk4uba08.default\cookies.txt ] .chacha.112.2o7.net [ C:\Documents and Settings\Skolen\Programdata\Mozilla\Firefox\Profiles\dk4uba08.default\cookies.txt ] Trojan.Downloader-CREW C:\WINDOWS\SYSTEM32\BDLLSEDY.DLL C:\WINDOWS\SYSTEM32\TMBTFINK.DLL Her er CF-loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-15.4 - Kristian Kristensen 2008-07-18 11:19:57.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.447 [GMT 2:00] Running from: C:\Documents and Settings\Kristian Kristensen\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM87443cae.txt C:\WINDOWS\cookies.ini C:\WINDOWS\pack.epk C:\WINDOWS\pskt.ini C:\WINDOWS\system32\acxfxyjp.ini C:\WINDOWS\system32\bwppbexx.ini C:\WINDOWS\system32\bwtmfhhk.ini C:\WINDOWS\system32\cqutcg.dll C:\WINDOWS\system32\ddwhvjik.ini C:\WINDOWS\system32\dwgljgiy.ini C:\WINDOWS\system32\efcDuvwU.dll C:\WINDOWS\system32\ekjvvxdx.ini C:\WINDOWS\system32\hlbokgot.ini C:\WINDOWS\system32\hleidvwp.ini C:\WINDOWS\system32\ixnhvtnw.ini C:\WINDOWS\system32\jcojmadk.ini C:\WINDOWS\system32\jsuwea.dll C:\WINDOWS\system32\kymvtpym.ini C:\WINDOWS\system32\lojwrpjc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\ndcurnbi.ini C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\pjtciokr.ini C:\WINDOWS\system32\qgfrxyxq.dll C:\WINDOWS\system32\rfrmownr.ini C:\WINDOWS\system32\rkqsdkhc.ini C:\WINDOWS\system32\rpkafe.dll C:\WINDOWS\system32\subtsfwl.ini C:\WINDOWS\system32\uaesmbbg.ini C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\uqkcwge.dat c:\windows\system32\uqkcwge.exe c:\WINDOWS\system32\uqkcwge_nav.dat c:\WINDOWS\system32\uqkcwge_navps.dat C:\WINDOWS\system32\uuvkmavu.ini C:\WINDOWS\system32\UwvuDcfe.ini C:\WINDOWS\system32\UwvuDcfe.ini2 C:\WINDOWS\system32\wbeaokry.ini C:\WINDOWS\system32\wjftdetc.ini C:\WINDOWS\system32\wjsgyeyi.ini C:\WINDOWS\system32\wnhiht.dll C:\WINDOWS\system32\xpasmlst.ini C:\WINDOWS\system32\ymijksxn.ini . ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))) . 2008-07-18 11:11 . 2008-07-18 11:19 <DIR> dr-h----- C:\Documents and Settings\Kristian Kristensen\Siste 2008-07-18 02:33 . 2008-07-18 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-18 02:32 . 2008-07-18 02:32 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-18 02:32 . 2008-07-18 02:32 <DIR> d-------- C:\Documents and Settings\Kristian Kristensen\Programdata\SUPERAntiSpyware.com 2008-07-07 11:54 . 2008-07-07 11:54 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2008-06-27 00:34 . 2008-06-27 00:36 <DIR> d-------- C:\MONKEY 2008-06-25 19:10 . 2008-06-26 21:10 1,254 ---hs---- C:\WINDOWS\system32\lqhbrqfa.ini 2008-06-18 22:29 . 2008-06-18 22:31 <DIR> d-------- C:\Programfiler\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 09:13 --------- d-----w C:\Documents and Settings\Kristian Kristensen\Programdata\OpenOffice.org2 2008-07-18 00:32 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-13 02:27 --------- d-----w C:\Programfiler\WC3 TFT på Kk 2008-07-12 19:48 --------- d-----w C:\Programfiler\Google 2008-07-12 11:25 --------- d-----w C:\Programfiler\Bridge Building Game 2008-07-12 11:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-12 11:18 --------- d-----w C:\Programfiler\Syncrosoft 2008-07-12 11:04 --------- d-----w C:\Programfiler\Image-Line 2008-07-12 10:14 --------- d-----w C:\Programfiler\Canon 2008-07-12 10:04 --------- d-----w C:\Programfiler\StepMania 2008-07-12 10:04 --------- d-----w C:\Programfiler\Pcsx2 2008-07-12 09:55 --------- d-----w C:\Programfiler\MediaMonkey 2008-07-12 09:54 --------- d-----w C:\Programfiler\Flock 2008-07-12 09:54 --------- d-----w C:\Programfiler\DivX 2008-07-12 09:46 --------- d-----w C:\Programfiler\BlueVoda Website Builder 2008-07-12 09:22 --------- d-----w C:\Programfiler\AquariaDemo 2008-07-12 09:21 --------- d-----w C:\Programfiler\Game_Maker7 2008-07-12 09:21 --------- d-----w C:\Programfiler\AviSynth 2.5 2008-07-12 09:20 --------- d-----w C:\Programfiler\Kong 2008-07-12 09:17 --------- d-----w C:\Programfiler\Wolfenstein 3D 2008-07-12 09:17 --------- d-----w C:\Programfiler\Frets on Fire 2008-07-12 09:16 --------- d-----w C:\Programfiler\Blaze Gif Creator 2008-07-12 09:15 --------- d-----w C:\Programfiler\Free Audio Pack 2008-07-12 09:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\AGS Demo Game 2008-07-12 09:04 --------- d-----w C:\Documents and Settings\Kristian Kristensen\Programdata\Hamachi 2008-07-08 23:30 --------- d-----w C:\Programfiler\Opera 2008-07-06 23:28 --------- d-----w C:\Programfiler\FrostWire 2008-06-22 17:52 --------- d-----w C:\Documents and Settings\Kristian Kristensen\Programdata\SPORE Creature Creator 2008-06-20 19:33 --------- d-----w C:\Documents and Settings\Kristian Kristensen\Programdata\FrostWire 2008-06-18 20:30 --------- d-----w C:\Programfiler\iPod 2008-06-18 20:21 --------- d-----w C:\Programfiler\QuickTime 2008-06-18 20:01 --------- d-----w C:\Programfiler\Apple Software Update 2008-06-16 12:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-06-15 20:34 --------- d-----w C:\Programfiler\Electronic Arts 2008-06-15 19:14 --------- d-----w C:\Programfiler\Java 2008-06-12 22:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania 2008-06-10 21:13 45,056 ------w C:\is155815.exe 2008-06-10 20:17 45,056 ------w C:\mzdza.exe 2008-06-08 19:08 2,231 ----a-w C:\is154890.exe 2008-06-06 10:12 2,232 ----a-w C:\f.exe 2008-05-30 21:37 --------- d-----w C:\Programfiler\TmNationsForever 2008-05-23 18:59 --------- d--h--w C:\Documents and Settings\Kristian Kristensen\Programdata\ijjigame 2008-04-20 14:36 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe 2008-01-11 17:36 22,328 ----a-w C:\Documents and Settings\Kristian Kristensen\Programdata\PnkBstrK.sys 2007-12-28 01:29 774,144 ----a-w C:\Programfiler\RngInterstitial.dll 2007-07-13 01:20 3,655,608 ----a-w C:\Programfiler\FLV PlayerRCATSetup.exe 2007-07-13 01:19 25,990,432 ----a-w C:\Programfiler\FLV PlayerRCSetup.exe 2007-04-09 15:35 1 ----a-w C:\Documents and Settings\Kristian Kristensen\SI.bin 2008-02-24 12:49 88 --sh--r C:\WINDOWS\system32\150555D733.sys 2008-02-24 12:49 6,788 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Steam"="c:\programfiler\valve\steam\steam.exe" [2008-03-30 03:13 1271032] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49 860160] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136] "igndlm.exe"="C:\Programfiler\IGN\Download Manager\DLM.exe" [2007-03-05 14:57 1103480] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45 820736] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2005-11-15 11:48 921600] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] "nwiz"="nwiz.exe" [2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Skolen\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.0.lnk - C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe [2006-06-28 00:58:04 393216] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\ElectricSheep.scr"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Shareaza\\Shareaza.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Valve\\Steam\\Steam.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\source sdk base\\hl2.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\team fortress 2\\hl2.exe"= "C:\\Programfiler\\Valve\\hl.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\FrostWire\\FrostWire.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\ricochet\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\backburner 2\\manager.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\condition zero\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\kris10an666\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\mp_tool.exe"= "C:\\Documents and Settings\\Kristian Kristensen\\Skrivebord\\Skrivebord\\Spill\\WarSow\\warsow.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\Curious Labs\\Poser 6\\Poser.exe"= "C:\\Programfiler\\TmNationsForever\\TmForever.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14204:TCP"= 14204:TCP:BitComet 14204 TCP "14204:UDP"= 14204:UDP:BitComet 14204 UDP "5900:TCP"= 5900:TCP:LSASS Export Shell R3 RDID1046;EDIROL UA-25;C:\WINDOWS\system32\Drivers\rdwm1046.sys [2007-03-05 22:09] S3 kbeepm;kbeepm;C:\DOCUME~1\KRISTI~1\LOKALE~1\Temp\kbeepm.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16472ce6-7ffb-11db-88b7-0015c5556af4}] \Shell\AutoRun\command - H:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-07-09 17:20:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-07-18 09:26:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . - - - - ORPHANS REMOVED - - - - BHO-{5811EF62-B70A-475E-BBC0-47B797DAE877} - C:\WINDOWS\system32\rwhctkkk.dll HKCU-Run-ModemOnHold - C:\Programfiler\NetWaiting\netwaiting.exe HKCU-Run-MsgCenterExe - C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe HKCU-Run-Uniblue RegistryBooster 2 - C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe HKLM-Run-Recordpad - C:\Programfiler\NCH Swift Sound\Recordpad\recordpad.exe HKLM-Run-BM87443cae - C:\WINDOWS\system32\xbftoebq.dll HKLM-Run-84770f32 - C:\WINDOWS\system32\iyeygsjw.dll HKLM-Run-Windows Control Center - winudpmr.exe HKLM-Run-Windows Controls Center - winudmr.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-18 11:34:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NicConfigSvc.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2008-07-18 11:53:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-18 09:52:34 Pre-Run: 9,979,285,504 byte ledig Post-Run: 9,972,498,432 byte ledig 264 --- E O F --- 2008-06-16 12:57:36 Til slutt har vi HTJ-loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:46, on 18.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\QuickTime\QTTask.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061025 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=6061025 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?e96abbf722e540d8b176e552073f69cf O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?e96abbf722e540d8b176e552073f69cf O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12428 bytes Tar imot alle forslag og er høyest takknemelig for dem. Lenke til kommentar
norbat Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen senere. File:: C:\WINDOWS\system32\lqhbrqfa.ini C:\is155815.exe C:\mzdza.exe C:\is154890.exe C:\f.exe Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste sammen med combofix-loggen Hvis følgende toolbars ikke er noe du må ha, avinstaller dem fra legg til / fjern programmer: Ask Toolbar Yahoo Toolbar Windows Live Toolbar Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå