Mr.Anki Skrevet 3. april 2008 Skrevet 3. april 2008 Hei. Jeg har et stk. Malware og et stk. Adware på maskinen som ikke XoftSpy får fjernet. Nanvene er: FunWebProducts - Adware Aornum - Malware Legger ved en hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:25, on 03.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TouchKit\xTouchMon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\XoftSpy\XoftSpy.exe C:\Users\Andreas\Desktop\Test.exe C:\Windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClearTKHandle] C:\Program Files\TouchKit\ClearTKHandle.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user') O4 - Global Startup: LaunchTouchMon.lnk = C:\Program Files\TouchKit\LaunchTouchMon.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 6991 bytes Mvh Mr.Anki
norbat Skrevet 3. april 2008 Skrevet 3. april 2008 Se i legg til/fjern programmer om du har noe relatert til: My Web Search Aornum Post en combofix-logg: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt)
Mr.Anki Skrevet 3. april 2008 Forfatter Skrevet 3. april 2008 Ingen tegn til de nevnte tingene i legg til/fjern programmer. combofix-logg: ComboFix 08-04-03.3 - Andreas 2008-04-03 21:27:27.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.1154 [GMT 2:00] Running from: C:\Users\Andreas\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\npf.sys C:\Windows\system32\packet.dll C:\Windows\system32\pthreadVC.dll C:\Windows\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))) . 2008-03-27 17:09 . 2008-03-27 17:09 <DIR> d-------- C:\Program Files\TouchKit 2008-03-27 17:09 . 2007-01-10 17:30 93,568 -r------- C:\Windows\System32\drivers\EGXFilter.sys 2008-03-27 17:09 . 2007-02-11 13:00 88,192 -ra------ C:\Windows\System32\drivers\xTouch.sys 2008-03-27 17:09 . 2007-02-11 13:01 82,304 -r------- C:\Windows\System32\drivers\SerTouch.sys 2008-03-27 17:09 . 2006-11-26 14:43 1,108 -r------- C:\Windows\System32\Touchkit_reg.ini 2008-03-27 17:00 . 2008-03-27 17:00 <DIR> d-------- C:\Users\All Users\AppData 2008-03-27 17:00 . 2008-03-27 17:00 <DIR> d-------- C:\ProgramData\AppData 2008-03-26 13:12 . 2008-03-26 13:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Users\All Users\Apple 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\ProgramData\Apple Computer 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\ProgramData\Apple 2008-03-20 15:57 . 2008-03-20 15:58 <DIR> d-------- C:\Program Files\QuickTime 2008-03-20 15:57 . 2008-03-20 15:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-15 00:48 . 2008-04-03 09:25 <DIR> d-------- C:\Users\Andreas\AppData\Roaming\AVG7 2008-03-15 00:46 . 2008-03-15 00:46 9,216 --a------ C:\Windows\System32\avgwlntf.dll 2008-03-15 00:45 . 2008-03-15 00:45 <DIR> d-------- C:\Users\All Users\Grisoft 2008-03-15 00:45 . 2008-04-01 15:16 <DIR> d-------- C:\Users\All Users\avg7 2008-03-15 00:45 . 2008-03-15 00:45 <DIR> d-------- C:\ProgramData\Grisoft 2008-03-15 00:45 . 2008-04-01 15:16 <DIR> d-------- C:\ProgramData\avg7 2008-03-14 19:46 . 2008-03-14 19:46 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-14 19:14 . 2008-03-14 19:48 <DIR> d-------- C:\Program Files\ESET 2008-03-12 11:51 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 11:51 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 19:02 --------- d-----w C:\ProgramData\OrdnettPluss 2008-04-01 10:28 192,425 ----a-w C:\Users\Andreas\AppData\Roaming\nvModes.dat 2008-03-29 23:21 --------- d-----w C:\Users\Andreas\AppData\Roaming\mIRC 2008-03-29 17:16 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-29 17:16 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-27 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 14:07 --------- d-----w C:\Users\Andreas\AppData\Roaming\Skype 2008-03-26 14:04 --------- d-----w C:\Users\Andreas\AppData\Roaming\skypePM 2008-03-17 11:00 --------- d-----w C:\Program Files\Java 2008-03-16 10:58 --------- d-----w C:\Program Files\Net Tools 2008-03-12 15:29 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 13:55 --------- d-----w C:\Program Files\Yahoo! 2008-03-10 09:42 --------- d-----w C:\Users\Andreas\AppData\Roaming\OpenOffice.org2 2008-02-29 07:00 --------- d-----w C:\ProgramData\Symantec 2008-02-28 13:10 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-26 13:41 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-26 13:41 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-26 13:37 --------- d-----w C:\ProgramData\Skype 2008-02-26 13:37 --------- d-----w C:\Program Files\Skype 2008-02-26 13:37 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-25 10:38 --------- d-----w C:\Program Files\AMIS 2008-02-24 04:52 --------- d-----w C:\Program Files\oDC 2008-02-23 20:16 --------- d-----w C:\ProgramData\DAEMON Tools Pro 2008-02-23 20:16 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-02-23 20:15 --------- d-----w C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro 2008-02-23 20:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-23 20:02 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-02-22 22:51 --------- d-----w C:\Program Files\Lavasoft 2008-02-22 15:18 --------- d-----w C:\Users\Andreas\AppData\Roaming\Leadertech 2008-02-22 15:14 --------- d-----w C:\Program Files\NovaLogic 2008-02-20 16:30 --------- d-----w C:\Users\Andreas\AppData\Roaming\Hamachi 2008-02-14 17:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-14 10:00 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 10:00 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 09:56 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 09:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 09:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 09:56 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 09:56 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 09:56 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 09:56 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 09:55 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 09:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 09:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 09:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 09:55 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 09:55 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 09:55 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 09:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 09:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 09:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 09:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 09:52 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 09:52 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 09:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 09:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-06 20:22 --------- d-----w C:\Program Files\DivX 2008-02-06 20:12 --------- d-----w C:\Program Files\CCleaner 2008-02-06 17:38 --------- d-----w C:\Program Files\SpeedFan 2008-02-05 15:07 --------- d-----w C:\ProgramData\NVIDIA 2008-02-05 13:39 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-04 11:52 --------- d-----w C:\Users\Andreas\AppData\Roaming\Mathsoft 2008-02-04 11:52 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-04 11:19 --------- d-----w C:\Program Files\Mathcad 2008-02-02 12:45 11,167,560 ----a-w C:\Users\Public\CoD4MW-1.4-1.5MP-PatchSetup.exe 2008-01-29 21:15 73,216 ----a-w C:\Windows\ST6UNST.EXE 2008-01-29 21:15 249,856 ------w C:\Windows\Setup1.exe 2008-01-20 12:59 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-01-20 12:59 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-01-18 08:42 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-01-18 08:31 22,328 ----a-w C:\Users\Andreas\AppData\Roaming\PnkBstrK.sys 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-09 20:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-08-29 19:28 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104] "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-08-27 18:05 33136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 14:19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 14:19 8478720] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 14:19 81920] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 00:52 579072] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "ClearTKHandle"="C:\Program Files\TouchKit\ClearTKHandle.exe" [2007-04-01 12:35 118784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 00:46 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 13:04 190696] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ LaunchTouchMon.lnk - C:\Program Files\TouchKit\LaunchTouchMon.exe [2008-03-27 17:09:33 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-03-15 00:46 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiSpywareOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{E6CEB5E1-CFAD-4FE2-B2D4-B1B9D6762146}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{77E952ED-E73F-457F-91E2-1718AC82A6B0}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{2C769A7B-38A1-4D28-98F7-186BB44CC263}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{AEDCDBF5-B41D-4681-9DCF-00F189C56C96}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{380B96A4-4514-4BC1-8C32-039B7B5BE37A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{266B4B39-5B9B-43BF-A659-6F278BC1FC5F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{CB7CC546-D9F0-4439-BAFA-2FEADD3958E0}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{794E8BC9-49DF-4731-AEA7-8BD1FB20B25D}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{B3595B26-EAFB-4CAA-ACEF-996030B4CDF9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{BD0143A9-293A-4C6A-8760-2692DE507474}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{06D7F0CA-3D64-4572-9755-213A93407B1B}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{363F2F45-D24A-4611-AE5E-163E306D2AA8}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{8EB7DCEA-AC32-487E-B6EA-0BFE1BFF163F}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited "UDP Query User{B9BABC52-0441-40DF-A9B9-CAB54BC07EB1}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited "TCP Query User{3DFC63FA-0288-432B-BE65-725E9B4147EE}D:\\nedlasting\\tmu-dtn\\crack\\tmunited.exe"= UDP:D:\nedlasting\tmu-dtn\crack\tmunited.exe:TmUnited "UDP Query User{3A1DDB8D-CD73-4852-A505-F2CCD0128EB5}D:\\nedlasting\\tmu-dtn\\crack\\tmunited.exe"= TCP:D:\nedlasting\tmu-dtn\crack\tmunited.exe:TmUnited "TCP Query User{7418C933-2D37-4F16-8C0B-65FE13FE1702}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E32A8C73-309B-4527-80D5-EE117CB396A3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{6085FE74-A4B7-4AF7-B767-1F0C36E4301D}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{FECE0D53-CB82-4400-9F2B-8B4112F4382B}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{A56C213E-938E-4F03-865E-6D233179B455}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{5DDC93A1-1983-4638-A750-D1CCD7D4D3A0}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "{9109F058-D910-494E-A54E-B584CCFB59FB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{E481644F-0491-4A0F-ADC7-6874CED9A70C}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood "UDP Query User{CF27548B-2EA2-411B-A26B-7A27E53EC5CE}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood "TCP Query User{2A0E1FA2-46C1-4C02-BC8E-4C38618B1A10}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{F8AC05BA-F63F-4694-BA37-4A1C874928F8}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{9A9CBE1C-4FCE-41FC-AFEC-8FEEF006F18B}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe: "UDP Query User{0B7571FA-228F-4EA8-AB76-721BB6C5D90A}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe: "TCP Query User{4A8A56EF-80FD-474F-8A23-FC477C37026D}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{A301C07F-36DB-4E57-92E1-59EBA8A53FE0}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{DE9C3E79-7422-4204-B276-A8C599D438F2}D:\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:D:\lierox v0.56 pack 1.9\lierox.exe:LieroX "UDP Query User{D40A1C7B-C564-4B3C-BB57-B7635D4D1A45}D:\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:D:\lierox v0.56 pack 1.9\lierox.exe:LieroX "TCP Query User{7A7AF514-0EF2-4ECD-AF3D-B94389095468}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{ADBA0000-C37A-45D4-9F36-765D04905D66}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{A8985AC8-FAF4-406C-89D3-6BDA32BA6B97}D:\\wormsarm\\worms armageddon.exe"= UDP:D:\wormsarm\worms armageddon.exe:Worms Armageddon "UDP Query User{0D6E52F5-99F3-45DF-BEBB-8EBA2F908E68}D:\\wormsarm\\worms armageddon.exe"= TCP:D:\wormsarm\worms armageddon.exe:Worms Armageddon "TCP Query User{58AA335D-4571-4409-8050-5379EDA15460}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{30183503-84FE-44DA-B709-A6A82350D7C8}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9EA2B16F-16EC-484D-89AF-4D1E403B4D9A}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{AB458E5B-593A-4C34-BA65-8EE27F5DA401}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{E4A4A147-CEDC-4381-B6DA-15AA15BC9B9A}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{BA4C88CF-43B8-4D00-94D1-0FC111F664DE}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{6D46F997-90BF-4835-B6F3-A1D11B0BBD9A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{ED80860C-51A6-4EB3-B974-5A41C26C04D4}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "{F2D52E06-64CF-4A9E-A6FB-63BEB64DF761}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{DEA5B7EE-DD09-402F-AB14-27A4F99E9DCE}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{0379555C-4D2A-4AD7-80C3-27222D38AC1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9355EBD1-B9A8-44AD-992D-BD7CA13B0CC0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{37924614-9FA8-4391-BD4D-771CCF97C6D2}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{FEA3237A-D281-4B7D-9E6C-FC5F4397B0F0}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{8CF25352-26DB-459F-8CD9-DE77495CC8B0}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{5318C7DD-2711-4E27-B7AF-2AC543917087}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{1D077765-204D-4EB3-8DC1-92233B9C4F31}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "UDP Query User{1C7E0BFE-3277-4DE6-8C94-41F68C1B088E}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "TCP Query User{F137FE86-BE12-4787-A1E0-488F08F82C85}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{9111A37B-2939-40F7-A210-426E11AEA4E8}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{105690E6-1A09-48D5-9DD5-FE8EF31DF12C}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server "UDP Query User{AF5FD973-2D1B-4D41-BF15-F17423A2E12D}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server "{E2528FA5-9A35-49F7-9DD7-961D4606B7A6}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{81FCB046-35DF-47B7-B92C-162614183A10}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{E0755A38-11EF-418D-8F96-D04025AC6ACD}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited "UDP Query User{42096DD4-DA50-4519-A1C8-C37A8C8E04AA}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited "{9253BB6B-8137-493A-9A47-19594C05C5D9}"= UDP:D:\SPILL\Battlefield 2\BF2.exe:Battlefield 2 "{E5FCC8AC-EA6C-4E5E-807E-BCDA985C146E}"= TCP:D:\SPILL\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{592876B2-99AF-4F70-9086-C925854E709D}D:\\spill\\joint ops\\jointops.exe"= UDP:D:\spill\joint ops\jointops.exe:Jointops "UDP Query User{73E18206-522C-4FB9-8EAA-F2E845431AB2}D:\\spill\\joint ops\\jointops.exe"= TCP:D:\spill\joint ops\jointops.exe:Jointops "TCP Query User{04A3A259-7902-41BC-9C78-81BFE7B505B7}C:\\program files\\odc\\odc.exe"= UDP:C:\program files\odc\odc.exe:oDC "UDP Query User{98D5ACE9-FD6B-4B8A-A5B3-4D8FA011FBEE}C:\\program files\\odc\\odc.exe"= TCP:C:\program files\odc\odc.exe:oDC "TCP Query User{00F1430E-16EB-4DCD-8B8E-FA18705401C2}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{F288E471-34FF-4437-A004-9E65757039FE}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{4B2CFFB9-F2FD-4517-A23D-19EE461ECF10}D:\\spill\\far cry\\bin32\\farcry.exe"= UDP:D:\spill\far cry\bin32\farcry.exe:Far Cry "UDP Query User{706939BC-F527-42AD-B272-E6095FDA6B08}D:\\spill\\far cry\\bin32\\farcry.exe"= TCP:D:\spill\far cry\bin32\farcry.exe:Far Cry "TCP Query User{6B5D19B5-E21A-490E-B95E-EB3827992B37}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{9DFB351D-10A5-40E0-A61B-B3000600A852}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{3AF9BF46-E672-4B8B-8B6E-CFBDB52641EE}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{DD880BFF-2AD0-4839-8B5F-C8319F9F3AF6}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-15 18:14] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40] R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 15:37] S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStrap.sys [2007-10-30 20:05] S3 EGXFilter;EGXFilter;C:\Windows\system32\drivers\egxfilter.sys [2007-01-10 17:30] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 01:00] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19] S3 xTouch;xTouch;C:\Windows\system32\DRIVERS\xtouch.sys [2007-02-11 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98af368e-e24a-11dc-8e6f-d3e593a73710}] \shell\AutoRun\command - F:\autorun\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c028baa1-54b0-11dc-a77c-806e6f6e6963}] \shell\AutoRun\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-04-03 08:10:00 C:\Windows\Tasks\Oppdater Ordnett Pluss.job" - C:\Program Files\Kunnskapsforlaget\Ordnett Pluss\updater.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 21:31:59 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\PnkBstrA.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TouchKit\xTouchMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2008-04-03 21:35:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-03 19:35:25 Pre-Run: 6,035,673,088 byte ledig Post-Run: 6,508,433,408 byte ledig . 2008-04-02 16:10:30 --- E O F ---
norbat Skrevet 3. april 2008 Skrevet 3. april 2008 Kjør en ny scan med XoftSpy, og se om det fortsatt finner malwaren. Hvis, hvor i såfall skal dette ligge?
Mr.Anki Skrevet 3. april 2008 Forfatter Skrevet 3. april 2008 Har kjørt en runde med XoftSpy nå, og da fant den ingenting
Gjest medlem-105082 Skrevet 3. april 2008 Skrevet 3. april 2008 http://www.adwarereport.com/mt/archives/000014.html http://www.spywaredaily.com/rogue_antispyware/index.html Verdt å slese litt om.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå