Rockna Skrevet 1. februar 2010 Skrevet 1. februar 2010 Hei. Har tydeligvis fått et virus av noe slag, det popper opp så vinduer som feks denne: Her er DDS loggen min: DDS (Ver_09-12-01.01) - NTFSX64 Run by Tom at 18:37:50,05 on 01.02.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2163 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Voddler\service\voddler.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Tom\AppData\Roaming\WinServ\Win.exe C:\Users\Tom\AppData\Roaming\Microsoft\winscv.exe C:\Program Files (x86)\Voddler\service\VNetManager.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\SysWOW64\explorer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Games\World of Warcraft\WoW.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Tom\AppData\Local\Temp\winsys.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Tom\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll uRun: [xqkxSqu] c:\users\tom\appdata\local\temp\activex.exe uRun: [winscv.exe] c:\users\tom\appdata\roaming\microsoft\winscv.exe uRun: [cujS85T3l] \windows.exe uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [winsys32] c:\users\tom\appdata\local\temp\activex.exe uRun: [HKCU] c:\users\tom\appdata\roaming\win32\server.exe uRun: [Windews] c:\users\tom\appdata\roaming\hydra\Important.exe mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [VoddlerNet Manager] c:\program files (x86)\voddler\service\VNetManager.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ed5qqf9w.default\ FF - component: c:\program files (x86)\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264] R2 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-1-26 1235664] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-2 135664] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr6164.sys [2009-6-2 438784] =============== Created Last 30 ================ 2010-02-01 17:18:06 0 d-sh--r- c:\users\tom\appdata\roaming\Hydra 2010-02-01 17:09:18 0 d-----w- c:\users\tom\appdata\roaming\Malwarebytes 2010-02-01 17:09:12 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 17:09:12 0 d-----w- c:\programdata\Malwarebytes 2010-02-01 17:09:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-02-01 14:50:56 3288 ------w- C:\bootsqm.dat 2010-01-31 10:41:53 0 d-----w- c:\users\tom\appdata\roaming\WinServ 2010-01-30 17:05:00 0 d-----w- c:\program files (x86)\SystemRequirementsLab 2010-01-28 19:03:36 0 d-----w- c:\program files (x86)\Canon 2010-01-28 19:03:35 0 d-----w- c:\program files\Canon 2010-01-28 18:58:50 258560 ----a-w- c:\windows\system32\CNMLM93.DLL 2010-01-28 18:58:49 92672 ----a-w- c:\windows\system32\CNC610I.DLL 2010-01-28 18:58:49 246272 ----a-w- c:\windows\system32\CNC610L.DLL 2010-01-28 18:58:49 229888 ----a-w- c:\windows\system32\CNC610O.DLL 2010-01-28 18:58:49 1439744 ----a-w- c:\windows\system32\CNC610C.DLL 2010-01-28 18:58:37 0 d--h--w- c:\program files\CanonBJ 2010-01-28 18:54:44 0 d--h--w- c:\programdata\CanonBJ 2010-01-28 15:58:29 496640 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-01-28 15:26:58 0 d-----w- c:\programdata\Voddler 2010-01-28 15:26:56 0 d-----w- C:\Voddler 2010-01-28 15:26:45 0 d-----w- c:\program files (x86)\Voddler 2010-01-27 12:45:59 2870272 ----a-w- c:\windows\explorer.exe 2010-01-27 12:45:58 2614272 ----a-w- c:\windows\syswow64\explorer.exe 2010-01-27 12:45:57 389632 ----a-w- c:\windows\system32\winlogon.exe 2010-01-27 12:45:53 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys 2010-01-27 12:45:53 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2010-01-26 12:32:22 0 d-----w- c:\users\tom\appdata\roaming\winsys32 2010-01-22 12:05:49 5961728 ----a-w- c:\windows\syswow64\mshtml.dll 2010-01-22 12:05:49 10976768 ----a-w- c:\windows\syswow64\ieframe.dll 2010-01-22 12:05:48 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-01-22 12:05:48 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-01-22 12:05:48 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-22 12:05:48 1224704 ----a-w- c:\windows\syswow64\urlmon.dll 2010-01-22 12:05:48 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-01-18 18:25:45 0 d-----w- c:\programdata\Blizzard Entertainment 2010-01-18 14:36:20 0 d-----w- c:\programdata\Blizzard 2010-01-18 14:12:58 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment 2010-01-14 15:19:54 0 d-----w- c:\program files (x86)\Activision 2010-01-13 15:34:25 0 d-----w- c:\programdata\PopCap Games 2010-01-13 14:13:56 70656 ----a-w- c:\windows\syswow64\fontsub.dll 2010-01-13 14:13:56 148480 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 14:13:56 108544 ----a-w- c:\windows\syswow64\t2embed.dll 2010-01-13 14:13:56 100864 ----a-w- c:\windows\system32\fontsub.dll 2010-01-12 16:21:40 0 d-----w- c:\program files\DivX 2010-01-12 16:21:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\DivX 2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\common files\DivX Shared 2010-01-12 14:00:17 0 d-----w- c:\windows\pss 2010-01-07 16:06:36 0 d-----w- c:\program files (x86)\AnalogX 2010-01-06 20:25:50 0 d-----w- c:\users\tom\appdata\roaming\mIRC 2010-01-06 20:25:50 0 d-----w- c:\program files (x86)\mIRC 2010-01-06 18:21:53 0 d-----w- c:\users\tom\appdata\roaming\MozillaControl 2010-01-06 18:21:40 0 d-----w- c:\program files (x86)\Mozilla ActiveX Control v1.7.12 2010-01-06 18:20:59 0 d-----w- c:\program files (x86)\Graboid 2010-01-05 17:26:17 288 ----a-w- c:\windows\ODBC.INI 2010-01-05 17:26:17 1644 ----a-w- c:\windows\ODBCINST.INI 2010-01-05 17:26:06 0 d-----w- c:\program files (x86)\Mutify 2010-01-05 17:25:15 286720 ------w- c:\windows\Setup1.exe 2010-01-05 17:25:12 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-05 17:25:11 1706 ----a-w- c:\windows\ST6UNST.000 ==================== Find3M ==================== 2010-02-01 17:36:34 1702 ---ha-w- c:\users\tom\appdata\roaming\logs.dat 2010-02-01 17:21:55 73930 ----a-w- c:\windows\system32\perfc014.dat 2010-02-01 17:21:55 447984 ----a-w- c:\windows\system32\perfh014.dat 2010-01-14 10:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe 2009-11-30 17:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll 2009-11-30 17:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe 2009-11-19 15:37:59 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll 2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll 2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll 2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll 2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll 2009-11-09 19:55:14 36156 ----a-w- c:\windows\system32\perfd014.dat 2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat 2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\system32\perfi014.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat 2009-11-06 09:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll 2009-11-06 09:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:40:00,32 ===============
norbat Skrevet 1. februar 2010 Skrevet 1. februar 2010 Hent Malwarebytes anti-malware (se veilendingen) og kjør en rask skann. Post loggen sammen med ny dds-logg.
Rockna Skrevet 1. februar 2010 Forfatter Skrevet 1. februar 2010 Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.02.2010 19:23:59 mbam-log-2010-02-01 (19-23-59).txt Scan type: Quick Scan Objects scanned: 98026 Time elapsed: 4 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Tom\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\Users\Tom\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Tom\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Tom\AppData\Roaming\win32\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully. __________________________________________________________________________________________ __________ DDS (Ver_09-12-01.01) - NTFSX64 Run by Tom at 19:24:38,16 on 01.02.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2146 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Voddler\service\voddler.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Tom\AppData\Roaming\WinServ\Win.exe C:\Users\Tom\AppData\Roaming\Microsoft\winscv.exe C:\Program Files (x86)\Voddler\service\VNetManager.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\SysWOW64\explorer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\SysWOW64\notepad.exe C:\Windows\SysWOW64\notepad.exe C:\Users\Tom\AppData\Local\Temp\winsys.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Public\Games\World of Warcraft\WoW.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Tom\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files (x86)\torrentman\tbTor0.dll uRun: [xqkxSqu] c:\users\tom\appdata\local\temp\activex.exe uRun: [winscv.exe] c:\users\tom\appdata\roaming\microsoft\winscv.exe uRun: [cujS85T3l] \windows.exe uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [winsys32] c:\users\tom\appdata\local\temp\activex.exe uRun: [Windews] c:\users\tom\appdata\roaming\hydra\Important.exe uRun: [HKCU] c:\users\tom\appdata\roaming\win32\server.exe mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [VoddlerNet Manager] c:\program files (x86)\voddler\service\VNetManager.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ed5qqf9w.default\ FF - component: c:\program files (x86)\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264] R2 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-1-26 1235664] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-2 135664] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr6164.sys [2009-6-2 438784] =============== Created Last 30 ================ 2010-02-01 18:24:33 247 ----a-w- c:\users\tom\appdata\roaming\logs.dat 2010-02-01 17:18:06 0 d-sh--r- c:\users\tom\appdata\roaming\Hydra 2010-02-01 17:09:18 0 d-----w- c:\users\tom\appdata\roaming\Malwarebytes 2010-02-01 17:09:12 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 17:09:12 0 d-----w- c:\programdata\Malwarebytes 2010-02-01 17:09:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-02-01 14:50:56 3288 ------w- C:\bootsqm.dat 2010-01-31 10:41:53 0 d-----w- c:\users\tom\appdata\roaming\WinServ 2010-01-30 17:05:00 0 d-----w- c:\program files (x86)\SystemRequirementsLab 2010-01-28 19:03:36 0 d-----w- c:\program files (x86)\Canon 2010-01-28 19:03:35 0 d-----w- c:\program files\Canon 2010-01-28 18:58:50 258560 ----a-w- c:\windows\system32\CNMLM93.DLL 2010-01-28 18:58:49 92672 ----a-w- c:\windows\system32\CNC610I.DLL 2010-01-28 18:58:49 246272 ----a-w- c:\windows\system32\CNC610L.DLL 2010-01-28 18:58:49 229888 ----a-w- c:\windows\system32\CNC610O.DLL 2010-01-28 18:58:49 1439744 ----a-w- c:\windows\system32\CNC610C.DLL 2010-01-28 18:58:37 0 d--h--w- c:\program files\CanonBJ 2010-01-28 18:54:44 0 d--h--w- c:\programdata\CanonBJ 2010-01-28 15:58:29 496640 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-01-28 15:26:58 0 d-----w- c:\programdata\Voddler 2010-01-28 15:26:56 0 d-----w- C:\Voddler 2010-01-28 15:26:45 0 d-----w- c:\program files (x86)\Voddler 2010-01-27 12:45:59 2870272 ----a-w- c:\windows\explorer.exe 2010-01-27 12:45:58 2614272 ----a-w- c:\windows\syswow64\explorer.exe 2010-01-27 12:45:57 389632 ----a-w- c:\windows\system32\winlogon.exe 2010-01-27 12:45:53 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys 2010-01-27 12:45:53 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2010-01-26 12:32:22 0 d-----w- c:\users\tom\appdata\roaming\winsys32 2010-01-22 12:05:49 5961728 ----a-w- c:\windows\syswow64\mshtml.dll 2010-01-22 12:05:49 10976768 ----a-w- c:\windows\syswow64\ieframe.dll 2010-01-22 12:05:48 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-01-22 12:05:48 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-01-22 12:05:48 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-22 12:05:48 1224704 ----a-w- c:\windows\syswow64\urlmon.dll 2010-01-22 12:05:48 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-01-18 18:25:45 0 d-----w- c:\programdata\Blizzard Entertainment 2010-01-18 14:36:20 0 d-----w- c:\programdata\Blizzard 2010-01-18 14:12:58 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment 2010-01-14 15:19:54 0 d-----w- c:\program files (x86)\Activision 2010-01-13 15:34:25 0 d-----w- c:\programdata\PopCap Games 2010-01-13 14:13:56 70656 ----a-w- c:\windows\syswow64\fontsub.dll 2010-01-13 14:13:56 148480 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 14:13:56 108544 ----a-w- c:\windows\syswow64\t2embed.dll 2010-01-13 14:13:56 100864 ----a-w- c:\windows\system32\fontsub.dll 2010-01-12 16:21:40 0 d-----w- c:\program files\DivX 2010-01-12 16:21:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\DivX 2010-01-12 16:21:13 0 d-----w- c:\program files (x86)\common files\DivX Shared 2010-01-12 14:00:17 0 d-----w- c:\windows\pss 2010-01-07 16:06:36 0 d-----w- c:\program files (x86)\AnalogX 2010-01-06 20:25:50 0 d-----w- c:\users\tom\appdata\roaming\mIRC 2010-01-06 20:25:50 0 d-----w- c:\program files (x86)\mIRC 2010-01-06 18:21:53 0 d-----w- c:\users\tom\appdata\roaming\MozillaControl 2010-01-06 18:21:40 0 d-----w- c:\program files (x86)\Mozilla ActiveX Control v1.7.12 2010-01-06 18:20:59 0 d-----w- c:\program files (x86)\Graboid 2010-01-05 17:26:17 288 ----a-w- c:\windows\ODBC.INI 2010-01-05 17:26:17 1644 ----a-w- c:\windows\ODBCINST.INI 2010-01-05 17:26:06 0 d-----w- c:\program files (x86)\Mutify 2010-01-05 17:25:15 286720 ------w- c:\windows\Setup1.exe 2010-01-05 17:25:12 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-05 17:25:11 1706 ----a-w- c:\windows\ST6UNST.000 ==================== Find3M ==================== 2010-02-01 17:21:55 73930 ----a-w- c:\windows\system32\perfc014.dat 2010-02-01 17:21:55 447984 ----a-w- c:\windows\system32\perfh014.dat 2010-01-14 10:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe 2009-11-30 17:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll 2009-11-30 17:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe 2009-11-19 15:37:59 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-11-14 00:47:32 90112 ----a-w- c:\windows\syswow64\dpl100.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll 2009-11-14 00:47:28 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll 2009-11-14 00:47:28 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll 2009-11-14 00:47:28 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll 2009-11-14 00:47:28 696320 ----a-w- c:\windows\syswow64\DivX.dll 2009-11-09 19:55:14 36156 ----a-w- c:\windows\system32\perfd014.dat 2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfd.dat 2009-11-09 19:55:14 36156 ----a-w- c:\windows\inf\perflib414\perfc.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\system32\perfi014.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfi.dat 2009-11-09 19:55:14 298300 ----a-w- c:\windows\inf\perflib414\perfh.dat 2009-11-06 09:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll 2009-11-06 09:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:24:56,45 ===============
norbat Skrevet 1. februar 2010 Skrevet 1. februar 2010 Sørg for at du kan se skjulte filer og mapper, samt skjulte operativsystemfiler. Start MBAM igjen, velg Flere Verktøy->Kjør verktøy (FileAssassin). Finn og velg følgende fil: C:\Users\Tom\AppData\Local\Temp\winsys.exe Last deretter ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå