Rikken1969 Skrevet 27. september 2008 Skrevet 27. september 2008 (endret) Hei! Takk for en glimrende oppskrift for å få fjernet malware på pc'n til kona. Legger ved loggene for å få videre veiledning på hva jeg bør gjøre: ComboFix 08-09-26.01 - Heidi 2008-09-27 11:45:45.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium GMT 2:00] Running from: C:\Users\Heidi\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\Windows\system32\lsprst7.dll C:\Windows\system32\ssprs.dll C:\Windows\system32\x64 C:\Windows\system32\x64\csnp2uvc.dll C:\Windows\system32\x64\rsnpvc64.dll C:\Windows\system32\x64\sncduvc.sys C:\Windows\system32\x64\snp2uvc.sys C:\Windows\system32\x64\vsnpvc64.dll . ((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))) . 2008-09-27 11:07 . 2008-09-27 11:07 <DIR> d-------- C:\Users\Heidi\AppData\Roaming\Malwarebytes 2008-09-27 11:07 . 2008-09-27 11:07 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-27 11:07 . 2008-09-27 11:07 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-27 11:07 . 2008-09-27 11:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-27 11:07 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-27 11:07 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-27 10:58 . 2008-09-27 10:58 <DIR> d-------- C:\Program Files\CCleaner 2008-09-26 17:18 . 2008-09-26 17:22 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-26 17:18 . 2008-09-26 17:22 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-26 17:18 . 2008-09-26 17:18 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-18 18:30 . 2008-09-18 18:30 <DIR> d-------- C:\Users\Heidi\AppData\Roaming\SunODFPluginforMicrosoftOffice1 2008-09-18 18:15 . 2008-09-18 18:15 <DIR> d-------- C:\Program Files\Sun 2008-09-15 17:30 . 2008-09-15 17:30 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-09-10 12:02 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 12:02 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-10 12:02 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 12:02 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 18:07 . 2008-09-09 18:07 48 --ah----- C:\Users\All Users\ezsidmv.dat 2008-09-09 18:07 . 2008-09-09 18:07 48 --ah----- C:\ProgramData\ezsidmv.dat 2008-09-09 18:00 . 2008-09-27 11:49 <DIR> d-------- C:\Users\Heidi\AppData\Roaming\Skype 2008-09-09 17:59 . 2008-09-09 17:59 <DIR> d-------- C:\Program Files\Skype 2008-09-09 17:59 . 2008-09-26 18:40 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-09-09 17:00 . 2008-09-09 17:00 <DIR> d-------- C:\Users\All Users\Apple 2008-09-09 17:00 . 2008-09-09 17:00 <DIR> d-------- C:\ProgramData\Apple 2008-09-09 17:00 . 2008-09-09 17:00 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-09 16:59 . 2008-09-09 16:59 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-09-09 16:59 . 2008-09-09 16:59 <DIR> d-------- C:\ProgramData\Apple Computer 2008-09-09 16:59 . 2008-09-09 16:59 <DIR> d-------- C:\Program Files\QuickTime 2008-09-09 16:57 . 2008-09-09 16:57 <DIR> d-------- C:\Users\All Users\Real 2008-09-09 16:57 . 2008-07-23 18:50 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll 2008-09-09 16:57 . 2008-07-30 21:09 38 --a------ C:\Windows\avisplitter.ini 2008-09-09 16:50 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-09 16:50 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-09 16:50 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-09 16:50 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-09 16:49 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-09 16:49 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-09 16:49 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-09 16:49 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-09 16:49 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-08 23:33 . 2008-09-08 23:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack(99) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 08:39 --------- d-----w C:\Program Files\Java 2008-09-27 08:27 27,335 ----a-w C:\Users\Heidi\AppData\Roaming\nvModes.dat 2008-09-27 08:16 --------- d-----w C:\Users\Heidi\AppData\Roaming\skypePM 2008-09-27 05:44 --------- d-----w C:\ProgramData\Symantec 2008-09-26 16:40 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-26 16:40 --------- d-----w C:\Program Files\Microsoft Works 2008-09-26 15:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-15 15:23 --------- d-----w C:\Program Files\Opera 2008-09-12 18:35 --------- d-----w C:\Users\Heidi\AppData\Roaming\LimeWire 2008-09-11 19:47 382 ----a-w C:\Users\Heidi\AppData\Roaming\wklnhst.dat 2008-09-09 15:59 --------- d-----w C:\ProgramData\Skype 2008-09-09 14:57 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-15 01:13 --------- d-----w C:\Program Files\Windows Mail 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat 2008-07-29 08:22 --------- d-----w C:\ProgramData\Telenor 2008-07-29 08:16 --------- d-----w C:\ProgramData\Emotum 2008-07-29 08:16 --------- d-----w C:\Program Files\Telenor 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-22 13:31 15,610 ----a-w C:\Program Files\Furnish Lite uninstal.log 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 01:09 174 --sha-w C:\Program Files\desktop.ini 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-11-25 19:15 32 ----a-w C:\Users\All Users\ezsid.dat 2007-11-25 19:15 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-17 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-17 15:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-17 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "Telenorhjelpen"="C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 8470528] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 81920] "PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 94208] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552] "Telenorhjelpen"="C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{84A3DDA4-C771-4CC2-A62C-A8863BD91C31}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{EA66B9E0-4536-44F4-B980-18C7EA7F8D19}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{375A5AD5-B879-4AA2-8080-C3CB1A131D27}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{900BD267-A2B3-4CA8-9BB9-85AA720576D6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FF32D07C-A52A-44E1-8AF5-8579BE4BA46E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{562C4EC4-B346-4A6B-94BB-B768189757F6}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{FCDB29CF-F101-47B0-9E8C-61114F5A6440}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{CF90F17E-C53C-4BC0-AF46-5008580C6EA1}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{B458A3E6-92BE-4C5A-8FDF-81D510658529}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{68BAFA72-96DE-4928-BB43-6B98871B9330}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{AFA31976-113B-40E6-AABA-53819A4EF17C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{73DB33F5-5B46-4574-AC5F-1AA82098F0A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{DDA9AE31-1190-4F48-8DA6-8690A89E332F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5E081AA1-F9C1-4AAC-AB92-6B0571851E89}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{2B76DF19-1C80-4089-97D7-F69A382F2911}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{9E22E494-A7A7-4FA1-BBEC-0179635300C7}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{586BF611-6C27-4BDA-A281-2CC075207442}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{BD22883F-BF5A-4B0D-B6A3-6B4612144DB7}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{72D49565-DC32-49DE-A9B5-D4193DE23095}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{6D9F6D9F-3323-48F0-92EE-B9A981CC062D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B8D6FF31-DBBB-4B0F-8220-3D4EFA4579E0}"= %ProgramFiles%\Telenor\Online Start\Telenor.exe:Online Start "{B1AF8534-6C63-4D5B-A1F8-0CF333753755}"= %ProgramFiles%\Telenor\Telenorhjelpen\Telenor.exe:Telenorhjelpen "{998C296E-ECF3-4760-A080-73540D96CCD3}"= C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080923.001\IDSvix86.sys [2008-09-12 270384] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51 13560] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c693034-6248-11dd-a0da-b3ed90f1cce1}] \shell\AutoRun\command - F:\InstallTomTomHOME.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe HKLM-Run-SetPanel - C:\Acer\APanel\APanel.cmd HKLM-Run-Telenor Online Start - C:\Program Files\Telenor\Online Start\Telenor.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 11:49:22 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-09-27 11:52:19 ComboFix-quarantined-files.txt 2008-09-27 09:51:15 Pre-Run: 30 354 644 992 byte ledig Post-Run: 30,106,173,440 byte ledig 239 --- E O F --- 2008-09-11 01:06:18 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:12, on 27.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\Heidi\AppData\Local\Temp\Rar$EX02.977\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10010 bytes Malwarebytes' Anti-Malware 1.28 Database versjon: 1211 Windows 6.0.6000 27.09.2008 11:32:48 mbam-log-2008-09-27 (11-32-48).txt Skanntype: Rask Skann Objekter skannet: 43720 Tid tilbakelagt: 4 minute(s), 28 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 2 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\Users\Heidi\AppData\Local\Temp\urqQhIya.dll (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run814524f (Trojan.Vundo) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Heidi\AppData\Local\Temp\urqQhIya.dll (Trojan.Vundo) -> Delete on reboot. Beklager at jeg måtte klippe og lime inn i forumet. Fikk feilmelding når jeg prøvde å laste opp et vedlegg fra notisblokk. Håper dette får pc'n "frisk". På forhånd takk!! Hilsen Erik Endret 27. september 2008 av Rikken1969
r2d290 Skrevet 27. september 2008 Skrevet 27. september 2008 Hallo Erik Det ser ut til at Malwarebytes og Combofix fjernet det som var av rusk. Hvordan kjører PC-en? Husk at ukritisk bruk av LimeWire og BitLord lett kan føre til nye infeksjoner. Hvis du ikke bruker disse, bør du vurdere å avinstaller programmene...
Rikken1969 Skrevet 27. september 2008 Forfatter Skrevet 27. september 2008 Heisan! Pc'n kjører veldig bra. Ser ut til at alt er OK. Nok en gang: Takk for en flott side med god og seriøs hjelp!! Kona skal nok bli klar over ukritisk bruk av visse programmer ja... Hilsen Erik
r2d290 Skrevet 27. september 2008 Skrevet 27. september 2008 Fint å høre Litt opprydding: Adaware kan du fjerne fra legg til/fjern programmer, da Malwarebytes gjør en mye bedre jobb. Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis hvis du ønsker: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. Malwarebytes anbefaler jeg deg at du beholder, men hvis du ønsker å fjerne det kan du gjøre det fra legg til/fjern programmer. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt-
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå