[Løst]Virus via msn link

bearss · 23. november 2008

hei

Klarte da å klikke på en link fra en venn på MSN og faktisk åpne innholdet. Sliter nå med at jeg driver å sender linker til alle vennene mine. Har kjørt programmene, men kjørte combofix før mbam (vet ikke om dette har noe å si).

MBAM:

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 6.0.6001 Service Pack 1

23.11.2008 23:38:21

mbam-log-2008-11-23 (23-38-21).txt

Skanntype: Rask Skann

Objekter skannet: 52685

Tid tilbakelagt: 6 minute(s), 21 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 3

Filer infisert: 2

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70 85.255.112.201 -> Quarantined and deleted successfully.

Mapper infisert:

C:\Users\Bjørnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program Files\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Filer infisert:

C:\Program Files\EZVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZVideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Combofix:

ComboFix 08-11-23.01 - Bjørnar 2008-11-24 11:47:11.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.242 [GMT 1:00]

Running from: c:\users\Bjørnar\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))

.

2008-11-24 03:19 . 2008-11-24 11:23 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-24 01:40 . 2008-11-24 01:40 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-24 01:40 . 2008-11-24 01:40 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-24 01:39 . 2008-11-24 01:44 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\users\All Users\avg8

2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\programdata\avg8

2008-11-24 01:39 . 2008-11-24 01:39 <DIR> d-------- c:\program files\AVG

2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\Bjørnar\AppData\Roaming\Malwarebytes

2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-23 23:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-23 23:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-23 15:13 . 2008-11-23 15:13 <DIR> d-------- c:\program files\SopCast

2008-11-21 10:49 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-21 10:49 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-21 10:49 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-21 10:49 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-21 10:48 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-21 10:48 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-21 10:48 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-21 10:48 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-21 10:48 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\users\All Users\ezsidmv.dat

2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\programdata\ezsidmv.dat

2008-11-20 00:53 . 2008-11-20 00:53 <DIR> d-------- c:\program files\Common Files\Skype

2008-11-12 19:06 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 19:06 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 19:06 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\users\All Users\NOS

2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\programdata\NOS

2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\program files\NOS

2008-10-29 10:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll

2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll

2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll

2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax

2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 10:53 3,145,728 --sha-w c:\users\Bjørnar\ntuser.dat

2008-11-24 00:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs

2008-11-24 00:26 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Skype

2008-11-23 23:08 --------- d-----w c:\users\Bjørnar\AppData\Roaming\skypePM

2008-11-23 22:30 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Malwarebytes

2008-11-16 20:32 --------- d-----w c:\users\Bjørnar\AppData\Roaming\dvdcss

2008-11-13 11:38 --------- d-----w c:\programdata\Microsoft Help

2008-11-13 01:41 --------- d-----w c:\programdata\Rosetta Stone

2008-11-10 19:03 --------- d-----w c:\program files\DivX

2008-11-06 12:18 --------- d-----w c:\programdata\Installations

2008-11-05 18:47 --------- d-s---w c:\users\Bjørnar\AppData\Roaming\Microsoft

2008-10-22 23:33 --------- d-----w c:\program files\Flock

2008-10-22 19:43 --------- d-----w c:\program files\Free Music Zilla

2008-09-29 09:30 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-09-28 17:15 174 --sha-w c:\program files\desktop.ini

2008-09-28 17:02 --------- d-----w c:\program files\Windows Sidebar

2008-09-28 17:02 --------- d-----w c:\program files\Windows Photo Gallery

2008-09-28 17:02 --------- d-----w c:\program files\Windows Mail

2008-09-28 17:02 --------- d-----w c:\program files\Windows Journal

2008-09-28 17:02 --------- d-----w c:\program files\Windows Defender

2008-09-28 17:02 --------- d-----w c:\program files\Windows Collaboration

2008-09-28 17:02 --------- d-----w c:\program files\Windows Calendar

2008-04-10 22:37 32 ----a-w c:\users\All Users\ezsid.dat

2008-04-10 22:37 32 ----a-w c:\programdata\ezsid.dat

2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-10 22:34 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-02-04 16:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-02-04 16:31 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-08-07 06:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-11-23_22.02.06,04 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-23 19:28:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-11-23 19:28:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-11-23 21:00:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-11-24 00:56:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

- 2008-11-23 21:00:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-11-24 00:57:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

- 2008-11-23 19:28:08 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-11-24 01:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-11-23 19:28:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-24 01:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-11-23 19:28:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-24 01:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-11-23 20:52:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-24 10:46:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

- 2007-12-20 18:49:31 26,952 ----a-w c:\windows\System32\drivers\avgmfx86.sys

+ 2008-11-24 00:40:11 26,824 ----a-w c:\windows\System32\drivers\avgmfx86.sys

- 2008-11-23 19:34:58 102,094 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-24 01:02:48 102,094 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-23 19:34:58 77,322 ----a-w c:\windows\System32\perfc014.dat

+ 2008-11-24 01:02:48 77,322 ----a-w c:\windows\System32\perfc014.dat

- 2008-11-23 19:34:58 590,082 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-24 01:02:48 590,082 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-23 19:34:58 455,238 ----a-w c:\windows\System32\perfh014.dat

+ 2008-11-24 01:02:48 455,238 ----a-w c:\windows\System32\perfh014.dat

- 2008-11-23 19:30:13 14,090 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin

+ 2008-11-24 00:57:36 14,468 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin

- 2008-11-23 19:30:11 105,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-24 00:57:35 106,840 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-23 19:30:14 60,842 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-24 00:57:35 61,318 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-21 77824]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-28 1540096]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-24 1234712]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 50688]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-19 784912]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6638B658-9DC4-41AF-BE53-78D871DC70A7}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{68674C66-98B7-4308-B8B6-31494E8FF685}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"TCP Query User{F3BCF4AD-518D-48E3-991B-A7DFEBD5EE7F}g:\\program\\utorrent.exe"= UDP:g:\program\utorrent.exe:utorrent

"UDP Query User{EB590807-D8C8-4701-AF78-98BD5725838A}g:\\program\\utorrent.exe"= TCP:g:\program\utorrent.exe:utorrent

"TCP Query User{902A435B-52D6-42E9-8066-09A09EC34B33}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{70F30DBD-1F1B-40A1-8AB4-D4F139106AD3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{A1823AB3-23FF-47C2-9B56-60BF30DCBB51}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{6D96E84D-4978-4FDF-B0ED-85FAFF8C62E9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{75D502FC-9F90-4E4C-B077-20A69826415C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{A6CBECC7-4D21-4F96-A2F2-BECA4A33707F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{FE6EE234-E1D1-4CC2-925C-4C709C37ACD9}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{C96EBA87-F2B8-42CA-B172-6D06ED84D5B6}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{9F7DA078-5E09-4F38-BA37-E17B90975A71}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime

"UDP Query User{A6BA1848-B8A7-4424-AAB3-9B729A196976}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime

"TCP Query User{A7806049-1CDF-4214-BDFD-0582DE27E7CD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{D91EDC8E-3605-4435-94A4-19A5F97AE104}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{9746BFB0-E0C7-4D3B-A277-A17102266045}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{0D96E119-0077-4BE9-BAA7-29B6ACC83A28}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{E569D57E-08A7-4EB3-A4B2-6EFCD3E6240C}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"UDP Query User{92BB8A51-5006-440B-B201-9E0A9657F5F9}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"TCP Query User{E74C5E5A-ED62-427C-8B49-1729CBEBB870}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"UDP Query User{45D79512-56E5-440C-8563-1CCB85751376}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"TCP Query User{624EFE15-63AE-448D-9D6E-07ED2F1AF4D4}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

"UDP Query User{DEC222A5-7F31-4F70-8AC7-A0A299260549}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

"{5F6B366E-46CA-4220-BDF3-E0106448F78A}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)

"{F7CEA839-5A56-4A50-BC78-A2B43F820FB8}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)

"{0B5E5EC5-F928-45A3-8137-C384EEDEAA71}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)

"{8ED58BF6-A4FC-41E0-9830-C7A029378F65}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)

"{8F7030C7-99BC-472C-B40A-D514101DBD3C}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)

"{62DCF891-69BC-4478-85CC-AE00A347857D}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)

"{9BEF03E2-8E0B-4892-BB4F-D5B275BBB702}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{FD1F12BF-E160-4ED1-91D2-58922FE7FD14}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound)

"{EAEAC692-9B46-4289-8B30-DBDEEBDE3FA1}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound)

"TCP Query User{4D474214-A0A6-4376-BE5A-2C542D0CDB55}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{77140CF2-8BE3-4A7D-947F-DB7EEFCCB732}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{AD0E5BC3-B433-4FF7-B86C-3C4BA2FE378E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{7D1A1B81-4A5A-47A9-8EC4-110EAF861EF2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{162572AC-A606-452F-956D-1D5F9CF33DF9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{72175D47-9DB1-4E0E-83F2-E33A271703F5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D3F6120B-3333-4352-AF69-95815307CFBB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{87DB582F-2E5E-4668-B3EF-B4F0CE636C13}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= UDP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe

"UDP Query User{2AC9D4E5-2624-4849-8182-E43E09441EDA}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= TCP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe

"TCP Query User{E45C5609-C01C-4703-A15C-DB10C3F6A558}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client

"UDP Query User{38277DFF-7567-432C-B6F2-C45146D4145B}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client

"TCP Query User{B1C658D1-E796-4EAF-B249-AF07AD3C312A}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client

"UDP Query User{95E2DF44-F9E0-468A-A5A4-3ECEA8BED1A2}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client

"TCP Query User{B0C2D114-31FC-4E51-8AA0-6C67D6CDB828}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{9B6B9CD1-F1FC-43B1-A60D-0954D21633DD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{64F5CF45-46DB-4380-AF76-7DC04D1F2932}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{47FF9BF1-E8DE-4996-8DE0-0C3DD8ADF6CC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A1AB92D2-4B6F-4001-8517-7C6837B7749E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C656BAD9-2BD9-4385-906F-9B18BD01FF19}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{6F8465C3-1086-42D6-B0AA-7A0592AFF0CE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{967808B6-00BD-4FFF-81B7-DC74AD539CAB}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"TCP Query User{EC0E47FE-A48A-411B-AEB5-D1A39C15FB3C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{F838EB9E-A1BE-4BA9-8A42-4B08D187AF90}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"TCP Query User{8151F053-8DFD-43E0-875F-33374199D620}c:\\program files\\esvnc\\winvnc.exe"= UDP:c:\program files\esvnc\winvnc.exe:WinVNC

"UDP Query User{659AA287-347D-4E35-A2D0-F42CD1EA0B58}c:\\program files\\esvnc\\winvnc.exe"= TCP:c:\program files\esvnc\winvnc.exe:WinVNC

"{3F334A57-02C6-4317-AA93-797333A6832F}"= c:\windows\system32\ntrplugin124.exe:NTR Plugin 1.2.4

"{9A623898-D21E-452B-BB61-A76CC6E1A848}"= c:\windows\system32\ntrplugin124a.exe:NTR Plugin 1.2.4 a

"{56039665-3F87-42D8-992C-F652700B99EA}"= c:\windows\system32\ntrplugin124h.exe:NTR Plugin 1.2.4 h

"TCP Query User{E93FAAC7-2C00-4B55-9C29-A3C15D41822D}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe

"UDP Query User{E6149C1B-B09D-48F6-8DE8-4C8F6F055AFB}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe

"TCP Query User{CF8CEFC0-BC0B-4EAC-9940-87C315F2F9BC}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe

"UDP Query User{14491C9A-796F-4160-8ED9-D965E5EF0311}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe

"TCP Query User{C869E600-FB26-4A93-93F2-68A42B9047C0}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe

"UDP Query User{C0DB102B-8FA8-4867-8072-59DDB82F4043}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe

"TCP Query User{51A7C1AE-BC89-47C2-859A-A3CD2D216FAE}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe

"UDP Query User{63B75723-D4A6-4926-80DE-DB2EC73CE5FF}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe

"TCP Query User{B4396115-7336-4970-802F-4AC67081C522}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe

"UDP Query User{85D9BBCE-0B02-4BC9-8CB7-B7976AE63CB3}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe

"TCP Query User{14C16883-D550-45AD-B8E2-5B6435288A57}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"UDP Query User{8253E887-58E6-407F-9840-A6E405BA87A8}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"TCP Query User{5C1FA67D-9DCD-477E-933F-FE46FF22B550}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{D5631BDF-FC50-438B-B7C8-26CC413C57CF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{63760C9A-C192-4DD9-A227-F251F30B78AE}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

"UDP Query User{EEA8CFA6-34A1-4A39-B5DB-918FAC211121}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

"{2472FB19-5452-48D7-AE39-43F53FD78769}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{8DBA2D22-E32D-4243-8B64-13729E0A75E6}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{1F79565A-3512-4263-886C-8F776F1086A2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{AC03B4DB-DF86-4BC8-8EE3-B0F8015D99A6}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{84C0D566-1916-4EB7-A373-F159E90532F5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{764FF062-50B8-4776-BB9E-80D234317C30}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{8F0405D0-5195-4D47-A301-A54D0C7BC65A}c:\\program files\\azureus\\azureus.exe"= Disabled:UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4A0EACA7-BD4C-4C2B-870F-510F870F559A}c:\\program files\\azureus\\azureus.exe"= Disabled:TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{8CEB7B51-C736-4F98-A994-C7DB4E09B956}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{F0E9765F-A9E7-42AF-81C8-2D4EDDC0573A}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{6F30DA2E-027B-4C04-854E-37B8B2A1F397}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-24 97928]

S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-09-18 627864]

S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

S3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-09-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Bjørnar\AppData\Roaming\Mozilla\Firefox\Profiles\dd9irgxi.default\

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npoctoshape.dll

FF -: plugin - c:\users\BjÃ¸rnar\AppData\Local\myVRnpapi\npmyvr.dll

FF -: plugin - c:\users\BjÃ¸rnar\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-N00-U00-C00_0712211_000\npoctoshape.dll

FF -: plugin - c:\users\BjÃ¸rnar\AppData\Roaming\Mozilla\Firefox\Profiles\dd9irgxi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 11:52:52

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(760)

c:\windows\system32\avgrsstx.dll

- - - - - - - > 'Explorer.exe'(5888)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

Completion time: 2008-11-24 11:56:12

ComboFix-quarantined-files.txt 2008-11-24 10:56:05

ComboFix2.txt 2008-11-23 21:03:36

Pre-Run: 33 817 571 328 byte ledig

Post-Run: 33,783,402,496 byte ledig

302 --- E O F --- 2008-11-21 09:57:45

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:01, on 24.11.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Windows\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Bjørnar\Desktop\HJT\test.exe.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hials.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {7BABCBE7-ECFF-4EA0-A344-1DC32458A6ED} (NTR Plugin 1.2.4) - http://www.ntrsupport.com/inquiero/mod/set...ugin124v_30.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11103 bytes

Har da kjørt programmene i riktig rekkefølge. Kjørte også virusscan med AVG som fant en trojaner med navn Agent.AMQR

Endret 24. november 2008 av bearss

r2d290 · 24. november 2008

Hmm. du har postet HijackThis-logg der du skriver at du har postet MBAM-logg

Du har postet MBAM-logg der du sier du har postet Combofix-logg

Og, jeg ser ingen combofix-logg.

MBAM må kjøres først, deretter Combofix, og til sultt: HijackThis.

Du er ferdig med å kjøre MBAM, nå kjører du Combofix, og til slutt HijackThis

bearss · 24. november 2008

Takk for hjelpen så langt.

Da har jeg kjørt programmene og oppdatert loggene ovenfor. Skal jeg bare slette trojaneren med AVG eller trengs det noen andre triks til også?

Pizzaen · 24. november 2008

Vent litt så kommer det en og analyserer loggene dine, også gir han/hun videre instrukser.

raWrz · 24. november 2008

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
c:\windows\system32\drivers\lvuvc.hs

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

bearss · 24. november 2008

Da er det gjort. Ble ikke bedt om reboot.

Ny Combofix logg:

ComboFix 08-11-23.02 - Bjørnar 2008-11-24 17:56:59.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.359 [GMT 1:00]

Running from: c:\users\Bjørnar\Desktop\ComboFix.exe

Command switches used :: c:\users\Bjørnar\Desktop\CFScript.txt

FILE ::

c:\windows\system32\drivers\lvuvc.hs

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\lvuvc.hs

.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))

.

2008-11-24 03:19 . 2008-11-24 11:23 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-24 01:40 . 2008-11-24 01:40 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-24 01:40 . 2008-11-24 01:40 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-24 01:39 . 2008-11-24 15:19 <DIR> d-------- c:\windows\System32\drivers\Avg