Tomhah Skrevet 12. august 2008 Del Skrevet 12. august 2008 Hei! I det siste har rare ting skjedd med maskinen. Hva som har skjedd kan dere lese her: https://www.diskusjon.no/index.php?showtopic=992970 Her er SAS logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/12/2008 at 01:05 PM Application Version : 4.15.1000 Core Rules Database Version : 3534 Trace Rules Database Version: 1523 Scan type : Quick Scan Total Scan Time : 00:15:37 Memory items scanned : 402 Memory threats detected : 0 Registry items scanned : 399 Registry threats detected : 4 File items scanned : 11435 File threats detected : 2 Adware.Tracking Cookie C:\Documents and Settings\Tommy\Cookies\tommy@adtech[1].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-117609710-1801674531-839522115-1003\Software\Microsoft\rdfa Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\TBLK726V.EXE_ Her er Combofix logg: ComboFix 08-08-11.01 - Tommy 2008-08-12 13:21:55.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1521 [GMT 2:00] Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\__c0028284.dat C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\cxilhkmm.dll C:\WINDOWS\system32\doclcnwx.dll C:\WINDOWS\system32\LVvuCJjl.ini C:\WINDOWS\system32\LVvuCJjl.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mmkhlixc.ini C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))) . 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Malwarebytes 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-12 12:40 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-12 12:40 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Levende 2008-08-10 23:02 . 1996-10-16 11:58 301,056 --a------ C:\WINDOWS\unin0414.exe 2008-07-31 12:33 . 2008-07-31 12:33 <DIR> d-------- C:\Program Files\Unlocker 2008-07-31 12:33 . 2008-07-31 12:33 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Desktopicon 2008-07-31 12:22 . 2006-11-01 13:06 162,616 --------- C:\RegDelNull.exe 2008-07-31 01:40 . 2008-07-31 01:40 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\BlackBean 2008-07-31 01:37 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-07-31 01:37 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-07-31 01:37 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-07-31 01:36 . 2008-07-31 01:36 <DIR> d-------- C:\WINDOWS\Logs 2008-07-31 01:36 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-31 01:36 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll 2008-07-31 01:36 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll 2008-07-31 01:36 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-07-31 01:15 . 2008-07-31 01:15 <DIR> d-------- C:\Program Files\Eidos 2008-07-29 11:36 . 2008-07-29 11:37 <DIR> d-------- C:\United 2008-07-29 11:35 . 2007-03-14 10:44 4,207 --a------ C:\tmu-dtn.nfo 2008-07-29 00:26 . 2008-07-31 15:20 23 --a------ C:\Documents and Settings\Tommy\jagex_runescape_preferences.dat 2008-07-29 00:25 . 2008-07-29 00:25 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2008-07-22 11:18 . 2008-07-22 11:24 <DIR> d-------- C:\Program Files\Dream Aquarium 2008-07-17 19:07 . 2008-07-17 19:07 0 --a------ C:\WINDOWS\system32\tBLK726v.exe.a_a 2008-07-17 16:50 . 2008-07-17 16:50 0 --a------ C:\WINDOWS\system32\7HT4c70J.exe.a_a 2008-07-17 13:04 . 2008-07-17 13:04 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Leadertech 2008-07-16 13:30 . 2008-07-16 13:30 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Atari 2008-07-16 13:24 . 2002-02-27 17:50 197,120 --a------ C:\WINDOWS\patchw32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 00:54 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Skype 2008-08-12 00:20 --------- d-----w C:\Program Files\Autodesk 2008-08-11 17:10 --------- d-----w C:\Documents and Settings\Tommy\Application Data\skypePM 2008-08-08 22:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-08 00:34 --------- d-----w C:\Documents and Settings\Tommy\Application Data\OpenOffice.org2 2008-08-06 21:07 --------- d-----w C:\Documents and Settings\Tommy\Application Data\LimeWire 2008-08-05 18:20 --------- d-----w C:\Program Files\rFactor 2008-08-01 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 20:28 --------- d-----w C:\Program Files\ZD Soft 2008-07-31 19:48 --------- d-----w C:\Documents and Settings\Tommy\Application Data\mIRC 2008-07-31 19:47 --------- d-----w C:\Program Files\mIRC 2008-07-21 22:23 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Pro Cycling Manager 2008 2008-07-18 10:58 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-16 11:22 --------- d-----w C:\Program Files\Atari 2008-07-06 20:39 3,468,904 ----a-w C:\WINDOWS\system32\drivers\appdrv01.sys 2008-07-06 18:31 --------- d-----w C:\Program Files\Cyanide 2008-07-06 14:09 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-07-06 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-07-04 18:56 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Autodesk 2008-07-04 18:45 --------- d-----w C:\Program Files\Turbo Squid Tentacles 2008-07-04 18:44 --------- d-----w C:\Program Files\Microsoft WSE 2008-07-04 08:48 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 08:47 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-01 21:50 --------- d-----w C:\Program Files\Trials 2 Second Edition 2008-07-01 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-01 21:47 --------- d-----w C:\Program Files\Ski Alpin Racing 2007 2008-07-01 21:45 --------- d-----w C:\Program Files\Guitar Pro 5 2008-07-01 21:40 --------- d-----w C:\Program Files\FreeTrack 2008-07-01 21:39 --------- d-----w C:\Program Files\eGames 2008-07-01 21:38 --------- d-----w C:\Program Files\MagicDVDRipper 2008-07-01 21:38 --------- d-----w C:\Program Files\EA SPORTS 2008-07-01 21:38 --------- d-----w C:\Program Files\Doom 3 2008-07-01 21:37 --------- d-----w C:\Program Files\Boxen Die Championship Simulation 2008-07-01 21:34 --------- d-----w C:\Program Files\BlueVoda Website Builder 2008-07-01 21:31 --------- d-----w C:\Program Files\RTL Racing Team Manager Demoversion 2008-06-26 11:30 --------- d-----w C:\Documents and Settings\Tommy\Application Data\SPORE Creature Creator 2008-06-22 22:44 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Xfire 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 11:02 --------- d-----w C:\Program Files\server_edition 2008-06-18 12:49 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Pro Cycling Manager 2007 2008-06-18 10:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-17 21:01 --------- d-----w C:\Program Files\PCM Dashboard 1.1 2008-06-17 16:48 --------- d-----w C:\Program Files\Electronic Arts 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-01 20:19 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-13 00:32 9,757,184 ----a-w C:\StepMania-3.9.exe 2008-03-19 22:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-08 18:57 22,328 ----a-w C:\Documents and Settings\Tommy\Application Data\PnkBstrK.sys 2006-10-28 11:27 1,979 ----a-w C:\Program Files\!!!readme!!!.txt . ------- Sigcheck ------- 2008-01-09 16:03 502272 32cc6d444728812f7c57f4800f779396 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "msnmsgr"="E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-18 12:58 1506544] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 17:07 617984] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 10:35 7110656] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 10:35 86016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-29 02:35 286720] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-24 10:50 1177368] "nwiz"="nwiz.exe" [2005-08-02 10:35 1519616 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Jensen AirLink Utility.lnk - C:\Program Files\Jensen\Common\JensenUI.exe [2007-12-27 16:07:12 684032] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 14:52:46 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-18 12:58 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZDSV"= scrvid.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Tommy^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2004-08-10 05:04 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-07 15:34 3739672 E:\Programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] --a------ 2007-09-25 16:03 93208 C:\Program Files\Logitech\Gaming Software\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 14:45 1271032 e:\Programfiler\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-07-18 12:58 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "E:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\j_stafsberg\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\LFS.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\data\\TVdirector.exe"= "E:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\update.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\C4LAN.EXE"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\team fortress 2\\hl2.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\race07 demo\\RaceDemo_Steam.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Sniper Elite [RIP] [dopeman]\\Sniper Elite\\SniperElite.exe"= "C:\\netkar\\nkServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"= "C:\\Program Files\\rFactor\\rFactor.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhah\\counter-strike source\\hl2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\henrix_horrible\\counter-strike source\\hl2.exe"= "E:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "C:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "C:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= "C:\\United\\Crack\\TmUnited.exe"= "E:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-07-06 22:39] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 10:47] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-24 10:50] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 10:50] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 10:48] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04] R3 rt2870;Jensen 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 14:47] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 ta1100;ta1100.sys S110 USB Infrared Controller;C:\WINDOWS\system32\DRIVERS\ta1100.sys [2004-12-01 09:43] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eb3bd12-3c64-11dd-9536-000e2ef45861}] \Shell\AutoRun\command - H:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5344a36-c06a-11dc-9462-000e2ef45861}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e26bbf2e-33d0-11dd-952a-000e2ef45861}] \Shell\AutoRun\command - G:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . - - - - ORPHANS REMOVED - - - - BHO-{ed7713e6-f09b-4d95-8617-383b5b8fced1} - C:\WINDOWS\system32\ebxygj.dll HKLM-Run-7095e985 - C:\WINDOWS\system32\cxilhkmm.dll Notify-__c0028284 - C:\WINDOWS\system32\__c0028284.dat MSConfigStartUp-ICQ - C:\Program Files\ICQ6\ICQ.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\766pj8c2.default\ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 13:28:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2008-08-12 13:36:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-12 11:36:12 Pre-Run: 44,591,304,704 bytes free Post-Run: 44,548,632,576 bytes free 286 --- E O F --- 2008-07-11 10:51:39 og til slutt Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:21, on 12.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Jensen\Common\JensenUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\Tommy\Desktop\test\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program Files\Jensen\Common\JensenUI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://72.236.138.36/activex/AMC.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7373 bytes -Mvh Tommy Lenke til kommentar
r2d290 Skrevet 12. august 2008 Del Skrevet 12. august 2008 (endret) Er litt usikker på en del filer, så for å være på den sikre siden, starter vi med at du sjekker noen filer med en online antivirus-scanner. Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\WINDOWS\unin0414.exe C:\Program Files\!!!readme!!!.txt C:\RegDelNull.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. C:\Documents and Settings\Tommy\Application Data\Desktopicon -> Bruk jotti til å finne en fil som er inni denne mappen. Hvis det virker som at filene i denne mappen er malware, sletter du hele mappen. C:\Documents and Settings\Tommy\Application Data\BlackBean -> Bruk jotti til å finne en fil som er inni denne mappen. Hvis det virker som at filene i denne mappen er malware, sletter du hele mappen. C:\United -> Kjenner du innholdet i mappen? C:\Program Files\Dream Aquarium -> En skjermsparer som kanskje inneholder virus? Har du selv installert denne, og MÅ du ha den? Hvis ikke, sletter vi den. Sjekk først om du finner noe med dette navnet under "legg til/fjern programmer". Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\WINDOWS\system32\tBLK726v.exe.a_a C:\WINDOWS\system32\7HT4c70J.exe.a_a Lagre det som CFScript Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Endret 12. august 2008 av r2d290 Lenke til kommentar
Tomhah Skrevet 12. august 2008 Forfatter Del Skrevet 12. august 2008 (endret) RegDelnull brukte jeg til å fjerne SecuROM. Skjermspareren er innstalert av meg og fungerer fint. Men trenger den ikke så den slettes! Denne posten blir redigert når jeg har fått gjort det som står i posten over ;D Jeg kjenner innholdet i mappen united. Men den kan godt slettes! ikke noe som trengs. EDIT: Fant ingenting på unin0414.exe Fant ingenting på !!!readme!!!.txt Fant ingenting på regdelnull.exe C:\Documents and Settings\Tommy\Application Data\Desktopicon: Her lå det teite eBay ikonet. Mappen er slettet! C:\Documents and Settings\Tommy\Application Data\BlackBean: dette er til superbike spillet Her er combofix logg: ComboFix 08-08-11.01 - Tommy 2008-08-12 18:09:32.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1555 [GMT 2:00] Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tommy\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\7HT4c70J.exe.a_a C:\WINDOWS\system32\tBLK726v.exe.a_a . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\7HT4c70J.exe.a_a C:\WINDOWS\system32\tBLK726v.exe.a_a . ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))) . 2008-08-12 13:50 . 2008-08-12 13:50 396,288 --a------ C:\HijackThis.exe 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Malwarebytes 2008-08-12 12:40 . 2008-08-12 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-12 12:40 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-12 12:40 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Levende 2008-08-10 23:02 . 1996-10-16 11:58 301,056 --a------ C:\WINDOWS\unin0414.exe 2008-07-31 12:33 . 2008-07-31 12:33 <DIR> d-------- C:\Program Files\Unlocker 2008-07-31 12:22 . 2006-11-01 13:06 162,616 --------- C:\RegDelNull.exe 2008-07-31 01:40 . 2008-07-31 01:40 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\BlackBean 2008-07-31 01:37 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-07-31 01:37 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-07-31 01:37 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-07-31 01:36 . 2008-07-31 01:36 <DIR> d-------- C:\WINDOWS\Logs 2008-07-31 01:36 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-31 01:36 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll 2008-07-31 01:36 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll 2008-07-31 01:36 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-07-31 01:15 . 2008-07-31 01:15 <DIR> d-------- C:\Program Files\Eidos 2008-07-29 11:35 . 2007-03-14 10:44 4,207 --a------ C:\tmu-dtn.nfo 2008-07-29 00:26 . 2008-07-31 15:20 23 --a------ C:\Documents and Settings\Tommy\jagex_runescape_preferences.dat 2008-07-29 00:25 . 2008-07-29 00:25 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2008-07-17 13:04 . 2008-07-17 13:04 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Leadertech 2008-07-16 13:30 . 2008-07-16 13:30 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Atari 2008-07-16 13:24 . 2002-02-27 17:50 197,120 --a------ C:\WINDOWS\patchw32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 00:54 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Skype 2008-08-12 00:20 --------- d-----w C:\Program Files\Autodesk 2008-08-11 17:10 --------- d-----w C:\Documents and Settings\Tommy\Application Data\skypePM 2008-08-08 22:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-08 00:34 --------- d-----w C:\Documents and Settings\Tommy\Application Data\OpenOffice.org2 2008-08-06 21:07 --------- d-----w C:\Documents and Settings\Tommy\Application Data\LimeWire 2008-08-05 18:20 --------- d-----w C:\Program Files\rFactor 2008-08-01 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-31 20:28 --------- d-----w C:\Program Files\ZD Soft 2008-07-31 19:48 --------- d-----w C:\Documents and Settings\Tommy\Application Data\mIRC 2008-07-31 19:47 --------- d-----w C:\Program Files\mIRC 2008-07-21 22:23 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Pro Cycling Manager 2008 2008-07-18 10:58 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-17 11:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-16 11:22 --------- d-----w C:\Program Files\Atari 2008-07-06 20:39 304,528 ----a-w C:\WINDOWS\system32\appdrvrem01.exe 2008-07-06 20:39 3,468,904 ----a-w C:\WINDOWS\system32\drivers\appdrv01.sys 2008-07-06 18:31 --------- d-----w C:\Program Files\Cyanide 2008-07-06 14:09 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-07-06 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-07-04 18:56 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Autodesk 2008-07-04 18:45 --------- d-----w C:\Program Files\Turbo Squid Tentacles 2008-07-04 18:44 --------- d-----w C:\Program Files\Microsoft WSE 2008-07-04 08:48 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 08:47 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-04 08:47 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-01 21:50 --------- d-----w C:\Program Files\Trials 2 Second Edition 2008-07-01 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-01 21:47 --------- d-----w C:\Program Files\Ski Alpin Racing 2007 2008-07-01 21:45 --------- d-----w C:\Program Files\Guitar Pro 5 2008-07-01 21:40 --------- d-----w C:\Program Files\FreeTrack 2008-07-01 21:39 --------- d-----w C:\Program Files\eGames 2008-07-01 21:38 --------- d-----w C:\Program Files\MagicDVDRipper 2008-07-01 21:38 --------- d-----w C:\Program Files\EA SPORTS 2008-07-01 21:38 --------- d-----w C:\Program Files\Doom 3 2008-07-01 21:37 --------- d-----w C:\Program Files\Boxen Die Championship Simulation 2008-07-01 21:34 --------- d-----w C:\Program Files\BlueVoda Website Builder 2008-07-01 21:31 --------- d-----w C:\Program Files\RTL Racing Team Manager Demoversion 2008-06-26 11:30 --------- d-----w C:\Documents and Settings\Tommy\Application Data\SPORE Creature Creator 2008-06-22 22:44 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Xfire 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 11:02 --------- d-----w C:\Program Files\server_edition 2008-06-18 12:49 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Pro Cycling Manager 2007 2008-06-18 10:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-17 21:01 --------- d-----w C:\Program Files\PCM Dashboard 1.1 2008-06-17 16:51 3,670 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg 2008-06-17 16:48 --------- d-----w C:\Program Files\Electronic Arts 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-07 23:58 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-01 20:19 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-14 20:49 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-14 20:49 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-14 20:49 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-05-14 01:28 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll 2008-05-13 00:32 9,757,184 ----a-w C:\StepMania-3.9.exe 2008-03-19 22:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-08 18:57 22,328 ----a-w C:\Documents and Settings\Tommy\Application Data\PnkBstrK.sys 2006-10-28 11:27 1,979 ----a-w C:\Program Files\!!!readme!!!.txt . ------- Sigcheck ------- 2008-01-09 16:03 502272 32cc6d444728812f7c57f4800f779396 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "msnmsgr"="E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-18 12:58 1506544] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 17:07 617984] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 10:35 7110656] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 10:35 86016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-29 02:35 286720] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-24 10:50 1177368] "nwiz"="nwiz.exe" [2005-08-02 10:35 1519616 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Jensen AirLink Utility.lnk - C:\Program Files\Jensen\Common\JensenUI.exe [2007-12-27 16:07:12 684032] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 14:52:46 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-18 12:58 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZDSV"= scrvid.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Tommy^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2004-08-10 05:04 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-07 15:34 3739672 E:\Programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] --a------ 2007-09-25 16:03 93208 C:\Program Files\Logitech\Gaming Software\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 14:45 1271032 e:\Programfiler\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-07-18 12:58 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "E:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\j_stafsberg\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\LFS.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\data\\TVdirector.exe"= "E:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\update.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\C4LAN.EXE"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\team fortress 2\\hl2.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\race07 demo\\RaceDemo_Steam.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Sniper Elite [RIP] [dopeman]\\Sniper Elite\\SniperElite.exe"= "C:\\netkar\\nkServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"= "C:\\Program Files\\rFactor\\rFactor.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhah\\counter-strike source\\hl2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\henrix_horrible\\counter-strike source\\hl2.exe"= "E:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "C:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "C:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= "E:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-07-06 22:39] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 10:47] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 10:48] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53] R3 rt2870;Jensen 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 14:47] S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [] S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-24 10:50] S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 10:50] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 ta1100;ta1100.sys S110 USB Infrared Controller;C:\WINDOWS\system32\DRIVERS\ta1100.sys [2004-12-01 09:43] . Contents of the 'Scheduled Tasks' folder 2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 18:10:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\Tommy\LOCALS~1\Temp\RGIE.tmp scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-08-12 18:11:51 ComboFix-quarantined-files.txt 2008-08-12 16:11:03 ComboFix2.txt 2008-08-12 15:51:48 ComboFix3.txt 2008-08-12 11:36:19 Pre-Run: 44,567,638,016 bytes free Post-Run: 44,557,647,872 bytes free 255 --- E O F --- 2008-07-11 10:51:39 Endret 12. august 2008 av Tomhah Lenke til kommentar
r2d290 Skrevet 12. august 2008 Del Skrevet 12. august 2008 Og hvordan fungerer maskinen nå? Lenke til kommentar
Tomhah Skrevet 12. august 2008 Forfatter Del Skrevet 12. august 2008 Og hvordan fungerer maskinen nå? Bedre tror jeg. Men verktøy linja har fremdeles blitt borte men kommet opp igjen, men jeg regner med at det er andre ting som gjør det For den blir bare borte i 1-5 sec maks. Men skal skrive her i morgen, og se om jeg har hørt/sett noe da Lenke til kommentar
r2d290 Skrevet 12. august 2008 Del Skrevet 12. august 2008 Ja, gjør det Men ver forsiktig med å bare redigere postene dine. Da kommer ikke tråden din opp som "nytt innlegg", og den blir fort borte i mengden. Skal du skrive noe nytt, eller legge ut nye logger (som du gjorde i innlegg #3 bør du legge det i en ny post Lenke til kommentar
Tomhah Skrevet 13. august 2008 Forfatter Del Skrevet 13. august 2008 nei, viruset er ikke borte! Sider klikker helt uten videre osv. Kommer opp feilmeldinger på en del sider. Lenke til kommentar
r2d290 Skrevet 14. august 2008 Del Skrevet 14. august 2008 Kan du sjekke denne med jotti: C:\WINDOWS\system32\appdrvrem01.exe Lenke til kommentar
Tomhah Skrevet 14. august 2008 Forfatter Del Skrevet 14. august 2008 found nothing Lenke til kommentar
r2d290 Skrevet 14. august 2008 Del Skrevet 14. august 2008 Da får ikke jeg til å gjøre mer. Får vente og se om noen av de andre har noen forslag Lenke til kommentar
Tomhah Skrevet 14. august 2008 Forfatter Del Skrevet 14. august 2008 ok Men det kan vell ta sin tid? Ettersom de ser at det er besvart i posten? Så tenker de vell "han får hjelp" eller? Lenke til kommentar
r2d290 Skrevet 14. august 2008 Del Skrevet 14. august 2008 Send dem en PM da Men la de få sjansen til å logge seg inn, og se litt. Har sett at de av og til går inn og sjekker det jeg har gjort... Lenke til kommentar
norbat Skrevet 14. august 2008 Del Skrevet 14. august 2008 Hvilken feilmelding er det du får på enkelte sider og har du eksempel på en side der denne feilmeldingen kommer? Lenke til kommentar
Tomhah Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 (endret) Det skjedde på VG. Det kom.. ja.. nå husker jeg ikke det, men akkuratt det skjer ikke ofte, men stemmen er her enda! Og ting er akkuratt før. Plutselig henger alle programmer seg! :S eBay iconet dukket jo opp, og det er der enda (snarveien ihvertfall). Endret 15. august 2008 av Tomhah Lenke til kommentar
Tomhah Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Har fremdeles ikke funnet ut av problemet, litt hjelp? Alt er som det var fremdeles =/ Lenke til kommentar
norbat Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hent ny combofix og post loggen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå