Miisu
-
Innlegg
28 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Miisu
-
-
Det er malware, ja.
Kjør gjennom veiledningen i følgende tråd. Loggene det spørres etter, poster du her i din egen tråd.
Takker for hjelpen, her kommer loggene:
Malware
Malwarebytes' Anti-Malware 1.31
Databaseversjon: 1475
Windows 5.1.2600 Service Pack 3
08.12.2008 21:54:29
mbam-log-2008-12-08 (21-54-29).txt
Skanntype: Rask Skann
Objekter skannet: 60409
Tid tilbakelagt: 4 minute(s), 29 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 2
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 2
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcnnoj0etdj (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Combo:
ComboFix 08-12-07.01 - Trine Og Diana 2008-12-08 22:24:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1361 [GMT 1:00]
Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe
* Resident AV is active
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-08 til 2008-12-08 )))))))))))))))))))))))))))))))))
.
2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 21:18 . 2008-12-06 21:18 <DIR> d-------- c:\windows\LastGood
2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime
2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl
2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll
2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini
2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini
2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp
2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss
2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5
2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso
2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys
2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes
2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes
2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple
2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour
2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia
2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db
2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ
2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ
2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL
2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2008-11-18 03:48 . 2008-12-03 14:31 <DIR> d-------- c:\windows\myVRmfcax
2008-11-12 07:57 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft
2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard
2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group
2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll
2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-12-05 01:58 --------- d-----w c:\programfiler\Java
2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink
2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars
2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft
2008-11-30 04:22 --------- d-----w c:\programfiler\Canon
2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink
2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire
2008-11-27 23:59 --------- d-----w c:\programfiler\Opera
2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update
2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player
2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-19 19:05 --------- d-----w c:\programfiler\SUPERAntiSpyware
2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe
2008-11-12 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help
2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab
2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab
2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab
2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab
2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab
2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab
2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab
2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab
2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab
2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab
2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll
2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe
2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll
2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256]
"Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688]
"Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]
"COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-02 11:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Media Player\\wmplayer.exe"=
"c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7887:TCP"= 7887:TCP:BitComet 7887 TCP
"7887:UDP"= 7887:UDP:BitComet 7887 UDP
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504]
R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448]
R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912]
R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-08 38496]
R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512]
R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680]
R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S1 b768beaa;b768beaa;c:\windows\system32\drivers\b768beaa.sys []
S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712]
S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264]
S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848]
S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-05-14 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-05-14 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-05-14 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-05-14 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-05-14 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-05-14 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-05-14 90800]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys []
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344]
*Newly Created Service* - AAWSERVICE
*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.db.no/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FireFox -: Profile - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 22:26:11
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\guard32.dll
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\guard32.dll
.
Tidspunkt ferdig: 2008-12-08 22:27:10
ComboFix-quarantined-files.txt 2008-12-08 21:27:07
ComboFix2.txt 2008-12-08 21:19:00
Pre-Run: 293 627 006 976 byte ledig
Post-Run: 293,609,844,736 byte ledig
235 --- E O F --- 2008-11-13 12:01:54
Hij:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:13, on 08.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\TBPanel.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\Windows Media Player\WMPNSCFG.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\COMODO\Firewall\cmdagent.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programfiler\Windows Media Player\WMPNetwk.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Npm\bin\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trine Og Diana\Skrivebord\tavekk.exe\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.db.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Programfiler\SoIP-player\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programfiler\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190028706015
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programfiler\COMODO\Firewall\cmdagent.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9970 bytes
Takker for all hjelp jeg kan få her :-)
-
Som overskriften sier:
sysftray2 i mapåpen bolivar23 i oppstart. Virus?
Skal legge til at maskinen er uhorvelig treg etter at dette programmet la seg inn.
Kan jeg avinstalere eller må det fjernes på annet vis?
Takker for all hjelp jeg kan få!!
sysftray2 i mapåpen bolivar23 i oppstart. Virus?
i Maskinen fungerer ikke
Skrevet
Her er loggen.
Jeg vet ikke helt hva du mete med å lagre fila "som". At det sklulle være navnet på fila? Det gjore jeg, for valget på filformat var kun Alle-txt...
Får gjøre det igjen om det er feil :-)
Takk igjen!!
ComboFix 08-12-07.01 - Trine Og Diana 2008-12-09 10:42:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1357 [GMT 1:00]
Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Trine Og Diana\Skrivebord\CFScript.txt..txt
* Opprettet nytt gjenopprettingspunkt
* Resident AV is active
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-09 til 2008-12-09 )))))))))))))))))))))))))))))))))
.
2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 21:18 . 2008-12-06 21:18 <DIR> d-------- c:\windows\LastGood
2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod
2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime
2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl
2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll
2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini
2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini
2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp
2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss
2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5
2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso
2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys
2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes
2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes
2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple
2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour
2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia
2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db
2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ
2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ
2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL
2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2008-11-18 03:48 . 2008-12-03 14:31 <DIR> d-------- c:\windows\myVRmfcax
2008-11-12 07:57 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft
2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard
2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group
2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll
2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-12-05 01:58 --------- d-----w c:\programfiler\Java
2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink
2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars
2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft
2008-11-30 04:22 --------- d-----w c:\programfiler\Canon
2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink
2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire
2008-11-27 23:59 --------- d-----w c:\programfiler\Opera
2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update
2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player
2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-19 19:05 --------- d-----w c:\programfiler\SUPERAntiSpyware
2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe
2008-11-12 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help
2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab
2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab
2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab
2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab
2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab
2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab
2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab
2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab
2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab
2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab
2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll
2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe
2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll
2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\b768beaa.sys -- Invalid filepath or file no longer exist
---- Directory of c:\windows\myVRmfcax ----
2008-12-02 17:19 657952 --a------ c:\windows\myVRmfcax\myVRmfcax-1.00700.ocx
2008-11-18 03:48 32815 --a------ c:\windows\myVRmfcax\uninstall.exe
2008-11-04 20:35 560 --a------ c:\windows\myVRmfcax\uninstall.exe.manifest
2008-11-04 20:35 380 --a------ c:\windows\myVRmfcax\myVRmfcax.lic
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256]
"Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688]
"Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]
"COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-02 11:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Media Player\\wmplayer.exe"=
"c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7887:TCP"= 7887:TCP:BitComet 7887 TCP
"7887:UDP"= 7887:UDP:BitComet 7887 UDP
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504]
R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448]
R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912]
R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-08 38496]
R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512]
R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680]
R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S1 b768beaa;b768beaa;c:\windows\system32\drivers\b768beaa.sys []
S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712]
S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264]
S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848]
S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-05-14 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-05-14 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-05-14 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-05-14 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-05-14 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-05-14 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-05-14 90800]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys []
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344]
*Newly Created Service* - AAWSERVICE
*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.db.no/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FireFox -: Profile - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 10:43:59
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\guard32.dll
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\guard32.dll
.
Tidspunkt ferdig: 2008-12-09 10:44:56
ComboFix-quarantined-files.txt 2008-12-09 09:44:53
ComboFix2.txt 2008-12-08 21:27:11
ComboFix3.txt 2008-12-08 21:19:00
Pre-Run: 293 591 060 480 byte ledig
Post-Run: 293,575,409,664 byte ledig
246 --- E O F --- 2008-11-13 12:01:54