(LØST) Pop-up's med link til virusprogram ? Logger som trenger og bli sett!

Pizzaen · 25. juli 2008

Hei I dag når jeg våknet gikk jeg på Pc'n å da når jeg startet Firefox kom det opp popupvindu fra Firefox vært 10 minutt, og når jeg gikk ut av popupvinduet så gikk den innpå en side som skulle ha meg til og laste ned noe spyware remover eller noe sånt. Og eneste måten og komme seg ut av siden var og laste ned exe fila eller og gå innpå oppgavebehandling og avslutte Firefox og jeg gjorde det siste.

Her er noen bilder av popup's og siden jeg kom til:

Dette var siden jeg kom til når jeg trykket avbryt på popuppen:

SAS:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 07/25/2008 at 10:28 AM

Application Version : 4.15.1000

Core Rules Database Version : 3514

Trace Rules Database Version: 1505

Scan type : Quick Scan

Total Scan Time : 00:07:38

Memory items scanned : 643

Memory threats detected : 3

Registry items scanned : 352

Registry threats detected : 9

File items scanned : 4687

File threats detected : 4

Trojan.Vundo-Variant/Small-GEN

C:\WINDOWS\SYSTEM32\VTUMKCUN.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AFF305D-DDE6-4FBF-8AB2-65A9E744DC83}

HKCR\CLSID\{4AFF305D-DDE6-4FBF-8AB2-65A9E744DC83}

HKCR\CLSID\{4AFF305D-DDE6-4FBF-8AB2-65A9E744DC83}\InprocServer32

HKCR\CLSID\{4AFF305D-DDE6-4FBF-8AB2-65A9E744DC83}\InprocServer32#ThreadingModel

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtUmKCUN

Adware.Vundo Variant/Resident

C:\WINDOWS\SYSTEM32\CBXNHASR.DLL

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\HINPAG.DLL

Adware.Vundo Variant/Rel

HKLM\SOFTWARE\Microsoft\aoprndtws

HKLM\SOFTWARE\Microsoft\FCOVM

HKLM\SOFTWARE\Microsoft\RemoveRP

HKU\S-1-5-21-602162358-1659004503-682003330-1003\Software\Microsoft\rdfa

NotHarmful.Sysinternals Bluescreen Screen Saver

O:\SYSTEM VOLUME INFORMATION\_RESTORE{1FDB1E40-4EBC-46B2-84A1-B9E85922A5AB}\RP278\A0176754.SCR

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:03, on 25.07.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

C:\Programfiler\MozyHome\mozybackup.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\ESET\ESET Smart Security\egui.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\programfiler\steam\steam.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\iTunes\iTunes.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Safari\Safari.exe

O:\Programmer\StatBar\StatBar.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [statBar] O:\Programmer\StatBar\StatBar.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: iTunes.lnk = ?

O4 - Startup: msnmsgr.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Programfiler\MozyHome\mozybackup.exe

--

End of file - 6723 bytes

Combofix:

ComboFix 08-07-24.1 - Vegard 2008-07-25 10:35:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.423 [GMT 2:00]

Running from: C:\Documents and Settings\Vegard\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMb3266e1f.txt

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bapwliej.dll

C:\WINDOWS\system32\jeilwpab.ini

C:\WINDOWS\system32\neaudoyv.dll

C:\WINDOWS\system32\rsAHNXbc.ini

C:\WINDOWS\system32\rsAHNXbc.ini2

C:\WINDOWS\system32\xnnutvjb.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))

.

2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\SUPERAntiSpyware.com

2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-25 09:37 . 2008-07-25 10:14 111,614 --a------ C:\WINDOWS\BMb3266e1f.xml

2008-07-25 09:24 . 2008-07-25 10:04 <DIR> dr-h----- C:\Documents and Settings\Vegard\Siste

2008-07-23 20:58 . 2008-07-23 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-07-23 14:37 . 2008-07-23 14:37 1,720,086 --a------ C:\WINDOWS\system32\TmpA4595281

2008-07-23 13:28 . 2008-07-23 13:28 <DIR> d-------- C:\Programfiler\iPod

2008-07-23 13:24 . 2008-07-23 13:24 <DIR> d-------- C:\Programfiler\Safari

2008-07-23 13:20 . 2008-07-23 13:20 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-06-27 20:23 . 2008-06-27 20:23 <DIR> dr-h----- C:\Documents and Settings\Felles\Siste

2008-06-27 07:42 . 2008-06-27 07:42 317 --a------ C:\WINDOWS\game.ini

2008-06-27 07:33 . 2008-06-27 07:33 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-06-26 12:46 . 1998-10-06 19:03 327,168 --a------ C:\WINDOWS\IsUn0414.exe

2008-06-26 12:45 . 2008-06-26 12:45 <DIR> d-------- C:\Documents and Settings\Vegard\WINDOWS

2008-06-25 22:55 . 2008-06-26 18:37 <DIR> d-------- C:\Programfiler\GCFScape

2008-06-25 22:52 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-25 22:52 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-06-25 22:50 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-06-25 22:23 . 2008-07-25 10:03 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\gtk-2.0

2008-06-25 22:23 . 2008-06-25 22:23 <DIR> d-------- C:\Documents and Settings\Vegard\.thumbnails

2008-06-25 21:17 . 2008-06-25 21:54 <DIR> d-------- C:\Programfiler\Audacity

2008-06-25 18:46 . 2008-06-25 18:46 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\vlc

2008-06-25 18:45 . 2008-07-23 21:54 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-06-25 18:01 . 2008-06-25 18:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-06-25 16:29 . 2008-06-26 03:09 <DIR> d-------- C:\Programfiler\Fellesfiler\BinarySense

2008-06-25 16:29 . 2008-06-25 16:29 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\BinarySense

2008-06-25 14:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-25 14:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-25 14:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-25 14:23 . 2008-06-25 14:23 <DIR> d-------- C:\Documents and Settings\Felles\Programdata\ESET

2008-06-25 14:23 . 2008-06-25 14:23 <DIR> d-------- C:\Documents and Settings\Felles\Programdata\ATI

2008-06-25 14:22 . 2008-06-25 12:42 <DIR> dr------- C:\Documents and Settings\Felles\Start-meny

2008-06-25 14:22 . 2008-06-25 12:42 <DIR> d--h----- C:\Documents and Settings\Felles\Skrivere

2008-06-25 14:22 . 2008-06-25 14:28 <DIR> d-------- C:\Documents and Settings\Felles\Skrivebord

2008-06-25 14:22 . 2008-06-25 17:26 <DIR> dr-h----- C:\Documents and Settings\Felles\Programdata

2008-06-25 14:22 . 2008-06-25 14:22 <DIR> dr------- C:\Documents and Settings\Felles\Mine dokumenter

2008-06-25 14:22 . 2008-06-25 10:55 <DIR> d--h----- C:\Documents and Settings\Felles\Maler

2008-06-25 14:22 . 2008-07-25 10:36 <DIR> d--h----- C:\Documents and Settings\Felles\Lokale innstillinger

2008-06-25 14:22 . 2008-06-25 14:22 <DIR> dr------- C:\Documents and Settings\Felles\Favoritter

2008-06-25 14:22 . 2008-06-25 12:42 <DIR> d--h----- C:\Documents and Settings\Felles\AndrMask

2008-06-25 14:22 . 2008-06-27 20:23 <DIR> d-------- C:\Documents and Settings\Felles

2008-06-25 14:22 . 2008-04-14 09:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-25 11:59 . 2008-06-25 11:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-06-25 11:58 . 2008-06-25 11:59 <DIR> d-------- C:\Programfiler\LimeWire

2008-06-25 11:58 . 2008-06-25 11:58 <DIR> d-------- C:\Programfiler\Fraps

2008-06-25 11:58 . 2008-07-24 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-25 11:54 . 2008-06-25 11:54 <DIR> d-------- C:\Programfiler\MozyHome

2008-06-25 11:54 . 2008-06-25 11:54 <DIR> d-------- C:\Programfiler\CCleaner

2008-06-25 11:54 . 2008-06-11 21:32 53,752 --a------ C:\WINDOWS\system32\drivers\mozy.sys

2008-06-25 11:54 . 2008-07-24 05:00 5,148 --a------ C:\WINDOWS\mozy.blk

2008-06-25 11:54 . 2008-07-24 05:00 464 --a------ C:\WINDOWS\mozy.flt

2008-06-25 11:53 . 2008-06-25 12:13 <DIR> d-------- C:\Programfiler\Unlocker

2008-06-25 11:53 . 2008-07-25 10:39 <DIR> d-------- C:\Programfiler\Steam

2008-06-25 11:53 . 2008-06-25 11:53 <DIR> d-------- C:\Programfiler\Red Kawa

2008-06-25 11:53 . 2008-06-25 11:53 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer

2008-06-25 11:52 . 2008-06-25 11:52 <DIR> d-------- C:\Programfiler\QuickTime

2008-06-25 11:52 . 2008-07-23 13:28 <DIR> d-------- C:\Programfiler\iTunes

2008-06-25 11:52 . 2008-06-25 11:52 <DIR> d-------- C:\Programfiler\Bonjour

2008-06-25 11:52 . 2008-07-25 10:14 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\Apple Computer

2008-06-25 11:52 . 2008-06-25 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-06-25 11:51 . 2008-07-23 13:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-25 11:51 . 2008-06-25 11:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-06-25 11:51 . 2008-07-23 15:51 <DIR> d-------- C:\Programfiler\ATITool

2008-06-25 11:51 . 2008-06-25 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-06-25 11:50 . 2008-06-25 11:58 <DIR> d-------- C:\Programfiler\Windows Live

2008-06-25 11:50 . 2008-06-25 11:58 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-06-25 11:50 . 2008-06-25 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-06-25 11:49 . 2008-06-25 13:02 <DIR> d-------- C:\Programfiler\uTorrent

2008-06-25 11:49 . 2008-06-25 18:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-06-25 11:49 . 2008-07-25 10:40 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\uTorrent

2008-06-25 11:48 . 2008-06-25 11:48 <DIR> d-------- C:\Programfiler\VideoLAN

2008-06-25 11:37 . 2008-06-25 11:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-25 11:31 . 2008-06-25 11:31 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\ATI

2008-06-25 11:31 . 2008-06-25 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI

2008-06-25 11:30 . 2008-06-25 11:30 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-06-25 11:28 . 2008-06-25 11:29 <DIR> d-------- C:\Programfiler\ATI Technologies

2008-06-25 11:28 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-06-25 11:25 . 2008-06-25 11:25 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\ESET

2008-06-25 11:24 . 2008-06-25 11:24 <DIR> d-------- C:\Programfiler\ESET

2008-06-25 11:24 . 2008-06-25 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET

2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-06-25 11:19 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-25 11:19 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-25 11:17 . 2008-06-25 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage

2008-06-25 11:12 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-06-25 11:11 . 2008-06-25 11:11 <DIR> d-------- C:\Programfiler\Realtek Sound Manager

2008-06-25 11:11 . 2008-06-25 11:11 <DIR> d-------- C:\Programfiler\Realtek AC97

2008-06-25 11:11 . 2008-06-25 11:11 <DIR> d-------- C:\Programfiler\AvRack

2008-06-25 11:10 . 2008-06-27 07:42 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

2008-06-25 11:10 . 2005-08-12 12:40 307,200 -r------- C:\WINDOWS\alcupd.exe

2008-06-25 11:10 . 2005-10-20 11:12 217,088 -r------- C:\WINDOWS\alcrmv.exe

2008-06-25 11:07 . 2004-07-16 08:19 70,400 -ra------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys

2008-06-25 11:04 . 2008-06-25 11:28 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-06-25 11:04 . 2005-03-09 08:53 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys

2008-06-25 11:03 . 2008-06-25 11:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2008-06-25 11:03 . 2008-06-25 11:49 <DIR> dr------- C:\Documents and Settings\Vegard\Start-meny

2008-06-25 11:03 . 2008-06-25 12:42 <DIR> d--h----- C:\Documents and Settings\Vegard\Skrivere

2008-06-25 11:03 . 2008-07-25 10:34 <DIR> d-------- C:\Documents and Settings\Vegard\Skrivebord

2008-06-25 11:03 . 2008-07-25 10:19 <DIR> dr-h----- C:\Documents and Settings\Vegard\Programdata

2008-06-25 11:03 . 2008-07-25 10:31 <DIR> dr------- C:\Documents and Settings\Vegard\Mine dokumenter

2008-06-25 11:03 . 2008-06-25 18:08 <DIR> d--h----- C:\Documents and Settings\Vegard\Maler

2008-06-25 11:03 . 2008-07-23 16:08 <DIR> d--h----- C:\Documents and Settings\Vegard\Lokale innstillinger

2008-06-25 11:03 . 2008-06-25 11:04 <DIR> dr------- C:\Documents and Settings\Vegard\Favoritter

2008-06-25 11:03 . 2008-06-25 12:42 <DIR> d--h----- C:\Documents and Settings\Vegard\AndrMask

2008-06-25 11:03 . 2008-07-25 10:03 <DIR> d-------- C:\Documents and Settings\Vegard

2008-06-25 11:03 . 2008-06-25 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata

2008-06-25 11:03 . 2008-07-25 10:36 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger

2008-06-25 11:03 . 2008-06-25 11:03 <DIR> d--hs---- C:\Documents and Settings\LocalService

2008-06-25 11:02 . 2008-06-25 11:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata

2008-06-25 11:02 . 2008-07-25 10:36 <DIR> d--h----- C:\Documents and Settings\NetworkService\Lokale innstillinger

2008-06-25 11:02 . 2008-06-25 11:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService

2008-06-25 11:02 . 2008-06-25 11:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Start-meny

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Skrivere

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Skrivebord

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Siste

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Programdata

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Mine dokumenter

2008-06-25 11:00 . 2008-06-25 10:55 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Maler

2008-06-25 11:00 . 2008-07-25 10:36 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoritter

2008-06-25 11:00 . 2008-06-25 12:42 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\AndrMask

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-27 01:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-06-25 10:28 --------- d-----w C:\Documents and Settings\Vegard\Programdata\Ahead

2008-06-25 10:27 --------- d-----w C:\Programfiler\Nero

2008-06-25 10:27 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2008-06-25 10:26 --------- d-----w C:\Programfiler\MSBuild

2008-06-25 10:26 --------- d-----w C:\Programfiler\Microsoft Works

2008-06-25 10:25 --------- d-----w C:\Programfiler\Microsoft.NET

2008-06-25 10:24 --------- d-----w C:\Programfiler\Microsoft Visual Studio 8

2008-06-25 10:21 --------- d-----w C:\Programfiler\DAEMON Tools Lite

2008-06-25 10:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-06-25 10:18 --------- d-----w C:\Documents and Settings\Vegard\Programdata\DAEMON Tools

2008-06-25 10:16 --------- d-----w C:\Programfiler\GIMP-2.0

2008-06-25 10:00 --------- d-----w C:\Programfiler\Java

2008-06-25 08:59 --------- d-----w C:\Programfiler\microsoft frontpage

2008-06-25 08:57 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-06-25 08:57 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-06-25 08:55 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]

2008-06-11 21:33 2393392 --a------ C:\Programfiler\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]

2008-06-11 21:33 2393392 --a------ C:\Programfiler\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360]

"Steam"="c:\programfiler\steam\steam.exe" [2008-06-25 11:53 1271032]

"StatBar"="O:\Programmer\StatBar\StatBar.exe" [2005-01-22 01:01 335872]

"uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2008-06-25 11:49 219952]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Programfiler\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

C:\Documents and Settings\Vegard\Start-meny\Programmer\Oppstart\

iTunes.lnk - C:\Programfiler\iTunes\iTunes.exe [2008-07-10 10:51:26 20246824]

msnmsgr.lnk - C:\Programfiler\Windows Live\Messenger\msnmsgr.exe [2007-10-18 11:34:28 5724184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Steam\\Steam.exe"=

R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-06-11 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4553cc-429d-11dd-9f7a-806d6172696f}]

\Shell\AutoRun\command - J:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-07-23 11:20:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

- - - - ORPHANS REMOVED - - - -

BHO-{7419ecf1-e634-48a3-b312-e3bdefe56e64} - C:\WINDOWS\system32\hinpag.dll

BHO-{9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\vtUmKCUN.dll

HKLM-Run-NWEReboot - (no file)

ShellExecuteHooks-{9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\vtUmKCUN.dll

Notify-WgaLogon - (no file)

.

------- Supplementary Scan -------

.

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-25 10:39:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

C:\Programfiler\MozyHome\mozybackup.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

.

**************************************************************************

.

Completion time: 2008-07-25 10:43:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-25 08:43:09

Pre-Run: 35,045,273,600 byte ledig

Post-Run: 34,797,338,624 byte ledig

266 --- E O F --- 2008-06-28 06:48:05

Endret 25. juli 2008 av Pizzaen

norbat · 25. juli 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen senere.

File::

C:\WINDOWS\BMb3266e1f.xml

DirLook::

C:\WINDOWS\system32\TmpA4595281

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste sammen med den nye combofix-loggen

Pizzaen · 25. juli 2008

Malwarebyte:

Malwarebytes' Anti-Malware 1.23

Database versjon: 990

Windows 5.1.2600 Service Pack 3

12:17:28 25.07.2008

mbam-log-7-25-2008 (12-17-28).txt

Skanntype: Rask Skann

Objekter skannet: 41094

Tid tilbakelagt: 4 minute(s), 5 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: