[LØST] Opera går tregt, og sender meg til suspekte sider

19 innlegg i emnet

Skrevet

Heisann

Jeg har en PC som bare har stått og gjort opptak av politiradio fra gamledager da politiradioen ikke var kryptert. Lånte den bort til ei venninne en stund, og nå som jeg har fått den tilbake og har brukt den litt, fant jeg ut at Opera går tregt og sender meg til rare sider når jeg klikker på linker i f.eks google.

Jeg har vært dum og ikke innstallert noen sikkerhetsprogram. McAfee er installert, men jeg kan ikke huske å ha gjort dette selv.

Når jeg starter opp PCen og kommer til Skrivebordet, får jeg opp følgende feilmeldinger:

---------------------------

RunDLL

---------------------------

Problem ved oppstart av c:\users\politi\appdata\local\temp\byvsss.dll

Den angitte modulen ble ikke funnet.

---------------------------

OK

---------------------------

---------------------------

RunDLL

---------------------------

Problem ved oppstart av c:\users\politi\appdata\local\temp\sstqnk.dll

Den angitte modulen ble ikke funnet.

---------------------------

OK

---------------------------

Da jeg kjører HijackThis før jeg under søket følgende beskjed:

---------------------------

HijackThis

---------------------------

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.

---------------------------

OK

---------------------------

Jeg klikker OK og da fortsetter den med jobben.

Når den er ferdig åpnes det et tomt notisblokk-program, og jeg får følgende beskjed:

---------------------------

Notisblokk

---------------------------

Finner ikke filen C:\Program Files\Trend Micro\HiJackThis\hijackthis.log.

Vil du opprette en ny fil?

---------------------------

Ja Nei Avbryt

---------------------------

Jeg trykker "Ja", men Notisklokka forblir tom.

Jeg prøver på nytt å kjøre programmet, men med samme resultat. Derfor velger jeg å lagre loggen på Skrivebordet istede, og da fungerer det. Her er loggen:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:41:41, on 14.01.2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\PN\Network Magic\nmapp.exe

C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\PN\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R

O4 - HKCU\..\Run: [mdply3d] C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

O4 - HKCU\..\Run: [dmnvmcDirect] rundll32.exe "C:\Users\Politi\AppData\Local\dmnvmcDirect\dmnvmcDirect.dll", DllInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Desktop Cleanup Wizard] rundll32.exe "C:\Users\Politi\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll", StartProt

O4 - HKCU\..\Run: [effcdcsys] rundll32.exe "c:\users\politi\appdata\local\temp\byvsss.dll",DllRegisterServer

O4 - HKCU\..\Run: [gebcyxdrv] rundll32.exe "c:\users\politi\appdata\local\temp\fcbaab.dll",s

O4 - HKCU\..\Run: [Adobe cleanup] rundll32.exe "C:\Users\Politi\Local Settings\Application Data\Adobe updater\mph.dll", StartProt

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Windows Dumper Host] rundll32.exe "C:\Users\Politi\AppData\Local\Temp\winbdm.dll", RepCmd

O4 - HKCU\..\Run: [CTF Products Updater] rundll32.exe "C:\Users\Politi\AppData\Local\Temp\winbdm.dll", RepCmd

O4 - HKCU\..\Run: [awuvuvaudio] rundll32.exe "c:\users\politi\appdata\local\temp\byvwwt.dll",s

O4 - HKCU\..\Run: [vttsrosys] rundll32.exe "c:\users\politi\appdata\local\temp\sstqnk.dll",s

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6910 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Legg merke til at alle instruksjonene som blir gitt i denne tråden er skreddersydd for denne maskinen, og at verktøyene som blir brukt her, kan forårsake skade på en annen maskin med andre typer infeksjoner.

Hvis du tror du har det samme problemet, bør du følge

Logganalyse på 1-2-3, og poste loggene i en ny tråd.

Hallo

Mitt navn er André, og jeg skal være med på å prøve å hjelpe deg med å fjerne alle infeksjoner du måtte ha på pc-en.

MERK: Jeg er under opplæring, og det vil derfor ta noe lenger tid enn normalt før du får respons. Vi ber om din tålmodighet.

  • Det kommer til å bli gitt en rekke instruksjoner som må bli fulgt i den rekkefølgen vi skriver dem i.

  • Ikke prøv å fjerne problemet på egenhånd. Når vi først er i gang med en prosess er det viktig at den blir gjort "uten avbrytelser".

  • Hvis det er en instruksjon du ikke forstår, du er usikker på noe, eller det skjer noe uventet, må du ikke gjette/gå videre, men skrive en post på forumet der du spør om det du lurer på.

  • Ikke start flere tråder (hverken her på Itpro.no eller på andre forum). Dette vil bare forvirre oss som driver support.

  • Det kan hende at opperasjonen vil gå i flere ledd, og det kan hende det tar litt tid før du får svar, men vi gir oss ikke hvis ikke du gjør det.

  • Ikke gi opp og formater PC-en (selvom noen sier at det er det eneste som hjelper). Det er svært sjelden at man må formatere grunnet virus.

  • I noen tilfeller hender det at tråder går oss hus forbi, så hvis du ikke har fått svar innen 24 timer kan det være lurt å skrive en liten "purre-post" så tråden din havner øverst på lista.

Hvis du følger disse instruksjonene, skal vi nok få fikset problemet med maskinen.

Vennligst følg veiledningen, og post ny logg fra Malwarebytes, ComboFix og HijackThis.

PS: Det kan hende at sikkerhetsprogrammene dine gir advarsler på noen av verktøyene vi ber deg om å bruke.

Sikkerhetsprogrammene kan ikke vite om verktøyene har gode eller dårlige hensikter. Verktøyene blir brukt av profesjonelle rundt om i hele verden, så du kan stole på at programmene er trygge.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei igjen.

Jeg fikk ikke til å kjøre MBAM. Det bare blinket en feilmelding om at den var i oppdatering versjon 25 eller noe sånt. Så jeg hoppet over MBAM, og gikk rett på ComboFix.

Her er loggen:

ComboFix 11-01-14.01 - Politi 14.01.2011 22:37:55.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.1534.864 [GMT 1:00]

Kjører fra: c:\users\Politi\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Politi\AppData\Local\Adobe updater

c:\users\Politi\AppData\Local\Adobe updater\mph.dll

c:\users\Politi\AppData\Local\Desktop Cleanup Wizard

c:\users\Politi\AppData\Local\Desktop Cleanup Wizard\dskclean.dll

c:\users\Politi\AppData\Local\dmnvmcDirect

c:\users\Politi\AppData\Local\dmnvmcDirect\dmnvmcDirect.dll

c:\users\politi\appdata\local\temp\byvwwt.dll

c:\users\Politi\AppData\Local\Temp\winbdm.dll

c:\users\Politi\Local Settings\Application Data\Adobe updater\mph.dll

c:\users\Politi\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll

c:\users\Politi\pod60.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-14 til 2011-01-14 )))))))))))))))))))))))))))))))))

.

2011-01-14 21:44 . 2011-01-14 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\users\Politi\AppData\Roaming\Malwarebytes

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-01-14 21:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 21:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-14 19:16 . 2011-01-14 19:16 388096 ----a-r- c:\users\Politi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-14 19:16 . 2011-01-14 19:16 -------- d-----w- c:\program files\Trend Micro

2011-01-14 11:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB99576-9DAE-4677-B44B-2A825C2D5FE1}\mpengine.dll

2011-01-14 02:03 . 2011-01-14 02:03 -------- d-----w- c:\program files\Microsoft.NET

2011-01-13 02:05 . 2011-01-13 02:05 -------- d-----w- c:\windows\system32\MpEngineStore

2011-01-12 20:35 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-01-12 20:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-07 23:35 . 2010-10-13 13:47 140288 ----a-w- c:\users\Politi\AppData\Local\pcre3.dll

2010-11-06 02:05 . 2010-11-06 02:05 111616 ----a-w- c:\users\Politi\pod312.exe

2010-10-19 09:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mdply3d"="c:\users\Politi\AppData\Roaming\mdply2d\mdply2d.exe" [2010-03-12 373553]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-14 328568]

"opqpnkaudio"="c:\users\politi\appdata\local\temp\byvwwt.dll" [2011-01-14 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\PN\Network Magic\nmapp.exe" [2010-09-20 472112]

"MRT"="c:\windows\system32\MRT.exe" [2011-01-04 37403080]

c:\users\Politi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-7-30 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R1 dnvwcnrr;dnvwcnrr;c:\windows\system32\drivers\dnvwcnrr.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Politi\AppData\Roaming\Mozilla\Firefox\Profiles\xm3sdogg.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-dmnvmcDirect - c:\users\Politi\AppData\Local\dmnvmcDirect\dmnvmcDirect.dll

HKCU-Run-Desktop Cleanup Wizard - c:\users\Politi\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(5968)

c:\users\politi\appdata\local\temp\byvwwt.dll

c:\program files\PN\Network Magic\nmrsrc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\sppsvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\WTouch\WTouchUser.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2011-01-14 22:49:43 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2011-01-14 21:49

Pre-Run: 57 592 168 448 byte ledig

Post-Run: 57 919 238 144 byte ledig

- - End Of File - - CFE89E133433F6AF4F4F5417C5A27F0D

Og HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:06:43, on 14.01.2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\PN\Network Magic\nmapp.exe

C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\PN\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R

O4 - HKCU\..\Run: [mdply3d] C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [opqpnkaudio] rundll32.exe "c:\users\politi\appdata\local\temp\byvwwt.dll",s

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 5555 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Det kan være virus som hindrer deg i å kjøre Malwarebytes, og loggene dine indikerer at der er, eller har

vært malware på maskinen din. Prøv å kjøre Malwarebytes igjen ettersom ComboFix fjernet litt malware.

Om det ikke funker kan du gjøre følgende:

  • Last ned SUPERAntiSpyware Free Edition fra følgende side: http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
  • Lagre fila på Skrivebordet
  • Dobbelklikk på fila SUPERAntiSpyware.exe for å starte installasjonen. Følg vanlig prossedyre for installasjon av program.
    • Trykk på "Yes" når du blir spurt om å se etter de nyeste oppdateringene.
    • Vær tolmodig mens programmet laster ned oppdateringene.
    • I det neste vinduet som spretter opp, trykker du "Next"
    • Fortsett å trykke på "Next" til du ser ordet "Finish"; da skal du trykke på "Finish".
    • Trykk på "Protect Home Page (recommended)".
    • Når programmet starter opp, velger du Scan Your Computer.
    • Sett en hake i feltet der det står "Perform A Complete System Scan" og trykk "Next".
    • Den vil nå søke gjennom maskinen etter malware.
    • Når søket er ferdig, fjerner du alt den har funnet. Når alt er fjernet, avslutter du programmet.

    Post SUPERAntiSpyware loggen. Den finner du på følgende måte:

    [*] Start programmet, Velg: Preferences->Statistics/logs

    PS: Du kan godt la være å kopiere inn cookiene. Disse forteller ingenting om malware er fjernet, men avslører bl.a hvilke internettsider du har vært inne på i det siste.

    Post også nye logger fra ComboFix og HijackThis etter SAS har kjørt.

    Merk: Om SAS ikke vil kjøre, gi meg tilbakemelding.

Endret av andrey
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kremt. Skulle akkurat til å poste loggene, og da jeg trykket på "Legg til svar" ble jeg redirected til en random side, og fikk posten slettet. Dette gjaldt i FireFox. Så problemet er åpenbart ikke over. Vi prøver på nytt.

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/15/2011 at 00:53 AM

Application Version : 4.48.1000

Core Rules Database Version : 6205

Trace Rules Database Version: 4017

Scan type : Complete Scan

Total Scan Time : 00:25:59

Memory items scanned : 803

Memory threats detected : 0

Registry items scanned : 8349

Registry threats detected : 0

File items scanned : 20222

File threats detected : 28

Adware.Tracking Cookie

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@serving-sys[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@atdmt[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@imrworldwide[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@adform[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@bs.serving-sys[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@pro-market[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@track.adform[2].txt

bc.youporn.com [ C:\Users\Politi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6YMAQZWF ]

cdn5.specificclick.net [ C:\Users\Politi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6YMAQZWF ]

media.scanscout.com [ C:\Users\Politi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6YMAQZWF ]

secure-us.imrworldwide.com [ C:\Users\Politi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6YMAQZWF ]

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@adtech[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@ad.yieldmanager[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@cdn5.specificclick[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@doubleclick[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@microsoftwga.112.2o7[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@track.adform[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@tradedoubler[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@specificclick[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@atdmt[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@eyewonder[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@content.yieldmanager[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@adviva[2].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@xiti[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@track.adform[3].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\Low\politi@msnportal.112.2o7[1].txt

C:\Users\Politi\AppData\Roaming\Microsoft\Windows\Cookies\politi@atdmt[2].txt

Trojan.Agent/Gen

C:\QOOBOX\QUARANTINE\C\USERS\POLITI\APPDATA\LOCAL\TEMP\WINBDM.DLL.VIR

ComboFix

ComboFix 11-01-14.01 - Politi 15.01.2011 1:30.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.1534.872 [GMT 1:00]

Kjører fra: c:\users\Politi\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Politi\AppData\Local\Temp\byvwwt.dll

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-15 til 2011-01-15 )))))))))))))))))))))))))))))))))

.

2011-01-15 00:36 . 2011-01-15 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\users\Politi\AppData\Roaming\SUPERAntiSpyware.com

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-01-14 23:15 . 2011-01-14 23:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-14 21:51 . 2011-01-14 21:51 14808 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-01-14 21:51 . 2011-01-14 21:51 718296 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\users\Politi\AppData\Roaming\Malwarebytes

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-01-14 21:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 21:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-14 19:16 . 2011-01-14 19:16 388096 ----a-r- c:\users\Politi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-14 19:16 . 2011-01-14 19:16 -------- d-----w- c:\program files\Trend Micro

2011-01-14 11:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB99576-9DAE-4677-B44B-2A825C2D5FE1}\mpengine.dll

2011-01-14 02:03 . 2011-01-14 02:03 -------- d-----w- c:\program files\Microsoft.NET

2011-01-13 02:05 . 2011-01-13 02:05 -------- d-----w- c:\windows\system32\MpEngineStore

2011-01-12 20:35 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-01-12 20:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-07 23:35 . 2010-10-13 13:47 140288 ----a-w- c:\users\Politi\AppData\Local\pcre3.dll

2010-11-06 02:05 . 2010-11-06 02:05 111616 ----a-w- c:\users\Politi\pod312.exe

2010-10-19 09:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mdply3d"="c:\users\Politi\AppData\Roaming\mdply2d\mdply2d.exe" [2010-03-12 373553]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-14 328568]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

"efdecaaudio"="c:\users\politi\appdata\local\temp\byvwwt.dll" [2011-01-15 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\PN\Network Magic\nmapp.exe" [2010-09-20 472112]

"MRT"="c:\windows\system32\MRT.exe" [2011-01-04 37403080]

c:\users\Politi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-7-30 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R1 dnvwcnrr;dnvwcnrr;c:\windows\system32\drivers\dnvwcnrr.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Politi\AppData\Roaming\Mozilla\Firefox\Profiles\xm3sdogg.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(5996)

c:\program files\PN\Network Magic\nmrsrc.dll

c:\users\politi\appdata\local\temp\byvwwt.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\WTouch\WTouchUser.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2011-01-15 01:44:28 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2011-01-15 00:44

ComboFix2.txt 2011-01-14 21:49

Pre-Run: 57 494 212 608 byte ledig

Post-Run: 57 432 698 880 byte ledig

- - End Of File - - BFF17C1B1B8C78719B82A888DD6ED9E3

HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:59:56, on 15.01.2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\PN\Network Magic\nmapp.exe

C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\PN\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R

O4 - HKCU\..\Run: [mdply3d] C:\Users\Politi\AppData\Roaming\mdply2d\mdply2d.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [efdecaaudio] rundll32.exe "c:\users\politi\appdata\local\temp\byvwwt.dll",s

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 5649 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei igjen.

Flott, det ser bedre ut, men det er fortsatt mer igjen å gjøre

Merk: Loggen viser desverre at du har en farlig trojaner på PCen din. Dette kan føre til at f.eks. bank og finansiell informasjon blir stjelt.

Selv om trojaneren blir identifisert og fjernet, er datamaskinen sannsynligvis fortsatt utsatt, og det er ingen måte å være sikker på at datamaskinen vil bli klarert. Mange eksperter mener at når man bli infisert av denne typen trojaner, er det beste alternativet å reformatere og reinstallere operativsystemet.

Hvis du likevel ønsker det, vil vi fortsette å gjøre vårt beste for å rense systemet.

Det at du ikke har instalert McAfee frivillig er suspekt, vi vil legge inn ett nytt og tryggere program senere.

Men for nå kan du avinstallere McAfee på denne måten.:

  • Klikk på Start-knappen 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.png
  • Åpne opp Kontrollpanel
  • Velge Avinstaller et program
  • Velg McAfee Security Scan, og trykk Avinstaller/endre

*****************

Vennligst skriv ut disse instruksene, eller kopier dem til en Notisblokk-fil. Det vil gjøre det enklere for deg å følge instruksjonene og gjøre alle de nødvendige stegene.

Combofix:

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i spoileren nedenfor, inn i Notisblokken:

File::

c:\users\politi\appdata\local\temp\byvwwt.dll

Folder::

C:\Users\Politi\AppData\Roaming\mdply2d\

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mdply3d"=-

"efdecaaudio"=-

Driver::

dnvwcnrr

DirLook::

c:\users\politi\appdata\local\temp\

Lagre det som CFScriptSkrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

CFScriptB-4.gif

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

HijackThis:

Start HijackThis

Velg: Do a systemscan only

Sett en hake i boksen foran denne linjen(hvis den finnes):

O4 - HKCU\..\Run: [efdecaaudio] rundll32.exe "c:\users\politi\appdata\local\temp\byvwwt.dll",s

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

Post denne loggen sammen med den nye ComboFix loggen, og gi tilbakemelding om du fortsatt har problemer med PCen.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg har ikke merket noen problemer enda, men det tar gjerne litt tid før de kommer frem.

Tror jeg satser på at det går fint å fjerne trojaneren =)

ComboFix spurte om jeg ville oppdatere programmet før jeg kjørte, og det svarte jeg ja til.

Her CF er loggen:

ComboFix 11-01-16.02 - Politi 17.01.2011 0:02.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.1534.765 [GMT 1:00]

Kjører fra: c:\users\Politi\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Politi\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\users\politi\appdata\local\temp\byvwwt.dll"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\politi\appdata\local\temp\byvwwt.dll

c:\users\Politi\AppData\Roaming\mdply2d\

c:\users\Politi\AppData\Roaming\mdply2d\\config.ini

c:\users\Politi\AppData\Roaming\mdply2d\\mdply2d.exe

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_dnvwcnrr

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-16 til 2011-01-16 )))))))))))))))))))))))))))))))))

.

2011-01-16 23:09 . 2011-01-16 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-16 17:44 . 2011-01-16 17:45 -------- d-----w- c:\users\Politi\.netbeans

2011-01-16 17:43 . 2011-01-16 17:43 -------- d-----w- c:\users\Politi\.netbeans-registration

2011-01-16 17:38 . 2011-01-16 17:42 -------- d-----w- c:\program files\NetBeans 6.9.1

2011-01-16 17:29 . 2011-01-16 17:29 -------- d-----w- c:\program files\Common Files\Java

2011-01-16 17:28 . 2011-01-16 17:28 -------- d-----w- c:\program files\Sun

2011-01-16 17:16 . 2011-01-16 17:46 -------- d-----w- c:\users\Politi\.nbi

2011-01-15 13:11 . 2011-01-15 13:11 -------- d-----w- c:\program files\InstallShield Installation Information

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\windows\tiinst

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\program files\TIVistadriver

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\users\Politi\AppData\Roaming\SUPERAntiSpyware.com

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-01-14 23:15 . 2011-01-14 23:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-14 21:51 . 2011-01-15 15:24 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-01-14 21:51 . 2011-01-15 15:24 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\users\Politi\AppData\Roaming\Malwarebytes

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-01-14 21:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 21:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-14 19:16 . 2011-01-14 19:16 388096 ----a-r- c:\users\Politi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-14 19:16 . 2011-01-14 19:16 -------- d-----w- c:\program files\Trend Micro

2011-01-14 11:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB99576-9DAE-4677-B44B-2A825C2D5FE1}\mpengine.dll

2011-01-14 02:03 . 2011-01-14 02:03 -------- d-----w- c:\program files\Microsoft.NET

2011-01-13 02:05 . 2011-01-13 02:05 -------- d-----w- c:\windows\system32\MpEngineStore

2011-01-12 20:35 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-01-12 20:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-16 17:27 . 2010-07-03 15:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-14 21:55 . 2010-11-14 21:55 10240 ----a-w- c:\windows\system32\kbddvp.dll

2010-11-07 23:35 . 2010-10-13 13:47 140288 ----a-w- c:\users\Politi\AppData\Local\pcre3.dll

2010-11-06 02:05 . 2010-11-06 02:05 111616 ----a-w- c:\users\Politi\pod312.exe

2010-10-19 09:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\politi\appdata\local\temp\ ----

2011-01-16 23:02 . 2011-01-16 23:02 53248 ----a-w- c:\users\politi\appdata\local\temp\\catchme.dll

2011-01-16 22:49 . 2010-02-02 22:22 85618 ----a-w- c:\users\politi\appdata\local\temp\\~nsu.tmp\Au_.exe

2011-01-16 22:21 . 2011-01-16 22:21 4459 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\rtfuyNRsvE2L+gFeOq82F2FB0X3dI=

2011-01-16 22:05 . 2011-01-16 22:05 1653 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\L8DR+XJwNFGLeauv2FNW2hjXd8LU=

2011-01-16 22:03 . 2010-10-08 11:59 20480 ----a-w- c:\users\politi\appdata\local\temp\\CProgram FilesOpera\OUniAnsi.dll

2011-01-16 22:03 . 2011-01-16 22:03 836464 ----a-w- c:\users\politi\appdata\local\temp\\CProgram FilesOpera\OperaUpgrader.exe

2011-01-16 22:03 . 2011-01-16 22:03 948 ----a-w- c:\users\politi\appdata\local\temp\\CProgram FilesOpera\autoupdate.txt

2011-01-16 22:03 . 2011-01-16 22:03 12610048 ----a-w- c:\users\politi\appdata\local\temp\\CProgram FilesOpera\Opera_1100_int_Setup.msi

2011-01-16 21:56 . 2011-01-16 21:56 1552 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\dqZvQqmNYrNj2F8StsEp1IsFPShg=

2011-01-16 21:29 . 2011-01-16 21:29 41451 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\GRrOW4WoRgFcVs1GiRsIA6zCkuQ=

2011-01-16 21:29 . 2011-01-16 21:29 1023 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\k0StgduQLUdjG9IZm12FRCaKRKkE=

2011-01-16 21:14 . 2011-01-16 21:14 1286 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\2VcGAnKO2eQaIIJO7CbZ2FDnQLcg=

2011-01-16 19:47 . 2011-01-16 19:47 180 ------w- c:\users\politi\appdata\local\temp\\output1295207241656

2011-01-16 19:45 . 2011-01-16 19:45 196 ------w- c:\users\politi\appdata\local\temp\\output1295207109790

2011-01-16 19:32 . 2011-01-16 19:32 2999 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Q9tuWQLOp7k0fcrCzzLdDnJmg6Y=

2011-01-16 18:38 . 2011-01-16 18:38 2241 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\LBIRC3aZZcsJ6LOEVnY2FAy+7loM=

2011-01-16 17:48 . 2011-01-16 17:48 2728 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\T2OT1jzbJYIgItUWft06pSC3iiE=

2011-01-16 17:40 . 2011-01-16 17:40 27219 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\h6GIY0giHwcIfliripSpOYJ5mD0=

2011-01-16 17:29 . 2011-01-16 17:29 1612 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\aFO2Fy40C2Fb+hiOyTutdINijiEKg=

2011-01-16 17:29 . 2011-01-16 17:29 183 ----a-w- c:\users\politi\appdata\local\temp\\AUCHECK_PARSER.txt

2011-01-16 17:29 . 2011-01-16 17:29 160 ----a-w- c:\users\politi\appdata\local\temp\\JAUReg.log

2011-01-16 17:27 . 2011-01-16 17:28 28997 ----a-w- c:\users\politi\appdata\local\temp\\java_install.log

2011-01-16 17:26 . 2011-01-16 17:26 133 ----a-w- c:\users\politi\appdata\local\temp\\jusched.log

2011-01-16 17:25 . 2011-01-16 17:28 3763 ----a-w- c:\users\politi\appdata\local\temp\\java_install_reg.log

2011-01-16 17:16 . 2011-01-16 17:16 16384 ----a-w- c:\users\politi\appdata\local\temp\\nbi-8992929064340233153.tmp

2011-01-16 16:56 . 2011-01-16 16:57 5816 ----a-w- c:\users\politi\appdata\local\temp\\lpksetup-20110116-175609-0.log

2011-01-16 15:11 . 2011-01-16 15:11 102 ----a-w- c:\users\politi\appdata\local\temp\\plugtmp-2\plugin-crossdomain.xml

2011-01-16 14:30 . 2011-01-16 15:34 24040 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\WliJzSCj1p0+9+BOKoKSC2FcHKMk=

2011-01-16 14:25 . 2011-01-16 16:58 139019 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\RCMu0ajUqP5A1WpSwllMLAgwghk=

2011-01-16 14:24 . 2011-01-16 14:24 2595 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\u4yWmN51KoAPfB4UfWoS493jorE=

2011-01-16 14:09 . 2011-01-16 22:28 26876 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Ru62ozMpnfMvsUg4h93joUffoV4=

2011-01-16 13:28 . 2011-01-16 13:28 3283 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Kq2F4uA2FbjotF2FBvGN45brKK27Ec=

2011-01-16 11:27 . 2011-01-16 11:27 2338 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\8gb14tEFebnJau+JJwzWPQRP1hc=

2011-01-16 02:40 . 2011-01-16 02:40 1962 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\LoJ2Ff9i6TtjfdcX5CB76w49q8dQ=

2011-01-15 21:58 . 2011-01-16 14:54 11840 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\mW7MfHUhXfGj2FMzw2GAHWck7kvM=

2011-01-15 21:55 . 2011-01-16 22:40 2998 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\PFsDZMmVayfovUgfXieDjREJpYA=

2011-01-15 21:43 . 2011-01-16 14:10 2712 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Bjx0c5aiLgIqAy6OqscV8PFPd6E=

2011-01-15 20:04 . 2011-01-16 06:36 2635 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\LT+2FglGaIujIEzqsotgR7AIUEbo=

2011-01-15 19:52 . 2011-01-16 08:57 23792 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\7eWBsRFUnAws3Ij80eXiPNaAm6w=

2011-01-15 19:52 . 2011-01-16 18:26 12077 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\zUDQF2GYYeEDDU3q+c7W0n2Fp2jw=

2011-01-15 19:43 . 2011-01-16 12:22 2659 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\2Fk2pHi8nQvNTtaN92Ym4S2GayyE=

2011-01-15 19:38 . 2011-01-16 18:49 2330 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\FoHum0Jp9j2FoKKFzeg2Foj17Ak3A=

2011-01-15 19:29 . 2011-01-16 01:25 2053 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\eH6NzDWCbOXTrvL6Q9q0YzQUnd8=

2011-01-15 19:08 . 2011-01-16 10:30 27644 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\4uQmdlebZ32FBqpIL+aUBBF3ScpY=

2011-01-15 18:57 . 2011-01-16 21:23 2658 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\KuHmNaBO3eAXgn+JgqAUb8N5rkY=

2011-01-15 18:12 . 2011-01-15 18:12 2693 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\rfkIAbx2F3gusL0vQdzXrHfevGgQ=

2011-01-15 17:20 . 2011-01-16 11:08 1720 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\r6ogOLY8YllAZNP2nPyZzbS2WTg=

2011-01-15 17:00 . 2011-01-15 17:00 2525 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\AS1GEAIqxTBTdErJJ1nB2FeLwwoY=

2011-01-15 16:58 . 2011-01-15 16:58 29254 ----a-w- c:\users\politi\appdata\local\temp\\plugtmp-1\plugin-konalayer.swf

2011-01-15 16:43 . 2011-01-16 00:38 3193 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Qp8U7Kpj82F8q0shszuNEwRPbnjQ=

2011-01-15 16:10 . 2011-01-16 21:25 653 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\69d7hxPWrZDS8+Suty3uWJv8224=

2011-01-15 15:40 . 2011-01-15 15:40 134060 ----a-w- c:\users\politi\appdata\local\temp\\svddi.tmp\svde1.tmp

2011-01-15 15:38 . 2011-01-15 15:38 64690 ----a-w- c:\users\politi\appdata\local\temp\\svddi.tmp\svde0.tmp

2011-01-15 15:38 . 2011-01-15 15:38 0 ----a-w- c:\users\politi\appdata\local\temp\\svddi.tmp\svddp.tmp

2011-01-15 15:38 . 2011-01-15 15:38 133934 ----a-w- c:\users\politi\appdata\local\temp\\svddi.tmp\svddo.tmp

2011-01-15 15:38 . 2011-01-15 15:38 64564 ----a-w- c:\users\politi\appdata\local\temp\\svddi.tmp\svddl.tmp

2011-01-15 15:38 . 2011-01-15 15:37 262656 ----a-r- c:\users\politi\appdata\local\temp\\Mappe 1 (frist 26.januar)

2011-01-15 15:16 . 2011-01-16 13:45 8527 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\TyAPNDJB7Rk6xVLOySivUgPxUCM=

2011-01-15 14:51 . 2011-01-16 16:54 2705 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\Cilqpgu+2F3dSnj6kuYf9cOR1eSw=

2011-01-15 14:40 . 2011-01-16 22:37 936 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\0gjc408L7MDZr8LxQ7lCVdhOoVk=

2011-01-15 14:39 . 2011-01-16 22:28 787 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\tQJLpPJJa6MsFcJDR6ZAJu2UJyY=

2011-01-15 14:38 . 2011-01-16 22:20 2082 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\KqqSNrpoid9QzFzhtGv3yJjumsA=

2011-01-15 14:38 . 2011-01-15 14:38 2605 ----a-w- c:\users\politi\appdata\local\temp\\MessengerCache\alP42aTGqWoYx0e7rnmEv0dqrzg=

2011-01-15 00:56 . 2010-06-29 17:48 355056 ----a-w- c:\users\politi\appdata\local\temp\\SSUPDATE.EXE

2011-01-15 00:41 . 2011-01-15 00:41 0 ----a-w- c:\users\politi\appdata\local\temp\\FXSAPIDebugLogFile.txt

2011-01-13 01:26 . 2011-01-15 00:41 126976 ---ha-w- c:\users\politi\appdata\local\temp\\byvwwt.dll

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-14 328568]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\PN\Network Magic\nmapp.exe" [2010-09-20 472112]

"MRT"="c:\windows\system32\MRT.exe" [2011-01-04 37403080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Politi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-7-30 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Politi\AppData\Roaming\Mozilla\Firefox\Profiles\xm3sdogg.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-iiihfcaudio - c:\users\politi\appdata\local\temp\byvwwt.dll

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(5212)

c:\program files\PN\Network Magic\nmrsrc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\sppsvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\WTouch\WTouchUser.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\consent.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Tidspunkt ferdig: 2011-01-17 00:16:21 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2011-01-16 23:16

ComboFix2.txt 2011-01-15 00:44

ComboFix3.txt 2011-01-14 21:49

Pre-Run: 57 498 451 968 byte ledig

Post-Run: 56 998 318 080 byte ledig

- - End Of File - - 69A217B2DE14860224841D48D8822FA5

Og HijackThis (Jeg fant ikke den oppføringen):

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:36:36, on 17.01.2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\WTouch\WTouchUser.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\PN\Network Magic\nmapp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\mspaint.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\PN\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 5604 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei igjen

Loggene ser mye bedre ut, men er noe jeg fortsatt er litt usikker på, så derfor laster vi

opp filen til Virustotal hvor de sier ifra om den er trygg eller ikke.

  • Gå til Virustotal
  • Klikk Choose .
  • Bla deg frem til filen i fet skrift:
    • c:\users\Politi\pod312.exe

    [*] Klikk Send file .

    [*] Kopier og lim inn resultatene til forumet når VirusTotal er ferdig med å skanne filen.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Antivirus Version Last update Result

AhnLab-V3 2011.01.16.00 2011.01.16 Trojan/Win32.CSon

AntiVir 7.11.1.163 2011.01.17 TR/Kazy.2687.17

Antiy-AVL 2.0.3.7 2011.01.17 -

Avast 4.8.1351.0 2011.01.17 Win32:MalOb-DQ

Avast5 5.0.677.0 2011.01.17 Win32:MalOb-DQ

AVG 10.0.0.1190 2011.01.17 Generic19.CLID

BitDefender 7.2 2011.01.17 Gen:Variant.Kazy.2687

CAT-QuickHeal 11.00 2011.01.17 Trojan.Vundo

ClamAV 0.96.4.0 2011.01.17 -

Command 5.2.11.5 2011.01.16 -

Comodo 7420 2011.01.17 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.01.17 Trojan.Popuper.37689

Emsisoft 5.1.0.1 2011.01.17 Trojan-Dropper.Win32.Vundo!IK

eSafe 7.0.17.0 2011.01.17 Win32.GenVariant.Kaz

eTrust-Vet 36.1.8104 2011.01.17 Win32/ASuspect.HOOZJ

F-Prot 4.6.2.117 2011.01.16 -

F-Secure 9.0.16160.0 2011.01.17 Gen:Variant.Kazy.2687

Fortinet 4.2.254.0 2011.01.16 -

GData 21 2011.01.17 Gen:Variant.Kazy.2687

Ikarus T3.1.1.97.0 2011.01.17 Trojan-Dropper.Win32.Vundo

Jiangmin 13.0.900 2011.01.17 -

K7AntiVirus 9.77.3565 2011.01.17 Riskware

Kaspersky 7.0.0.125 2011.01.17 -

McAfee 5.400.0.1158 2011.01.17 Generic Obfuscated.g

McAfee-GW-Edition 2010.1C 2011.01.17 Artemis!19F69A4796C7

Microsoft 1.6402 2011.01.17 TrojanDropper:Win32/Vundo.J

NOD32 5795 2011.01.17 a variant of Win32/Adware.Virtumonde.NHB

Norman 6.06.12 2011.01.17 W32/Suspicious_Gen2.ELTWD

nProtect 2011-01-17.01 2011.01.17 Gen:Variant.Kazy.2687

Panda 10.0.2.7 2011.01.17 Trj/CI.A

PCTools 7.0.3.5 2011.01.17 Trojan.Vundo!rem

Prevx 3.0 2011.01.17 Medium Risk Malware

Rising 22.83.00.03 2011.01.17 -

Sophos 4.61.0 2011.01.17 Mal/EncPK-UP

SUPERAntiSpyware 4.40.0.1006 2011.01.17 -

Symantec 20101.3.0.103 2011.01.17 Trojan.Vundo

TheHacker 6.7.0.1.115 2011.01.14 -

TrendMicro 9.120.0.1004 2011.01.17 TROJ_VUNDO.BTM

TrendMicro-HouseCall 9.120.0.1004 2011.01.17 TROJ_VUNDO.BTM

VBA32 3.12.14.2 2011.01.17 -

VIPRE 8101 2011.01.17 Trojan.Win32.Vundo.j (v)

ViRobot 2011.1.17.4259 2011.01.17 -

VirusBuster 13.6.151.0 2011.01.17 Adware.Virtumonde!9rqERR5Ntqo

MD5: 19f69a4796c728d28d23cede3f1e6bf3

SHA1: 853e953a0515e6a98883b63e9afc54bfacb0438c

SHA256: f8a201dc2c907ccaa7f1ca438de395a6a9727dca5adbffdf2a4707a22aec3c79

File size: 111616 bytes

Scan date: 2011-01-17 17:38:30 (UTC)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Som du sikkert ser viser Virustotal loggen at den filen ikke er trygg så den kan du fjerne på denne måten:

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:


File::

c:\users\Politi\pod312.exe


Lagre det som CFScriptSkrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

CFScriptB-4.gif

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Etter omstart gjør du følgende:

Konfigurere Windows 7 til å vise skjulte filer og mapper:

  1. Åpne mappealternativer ved å klikke Start-knappen, klikke Kontrollpanel, klikke Utseende og personalisering og deretter klikke Mappealternativer.
  2. Klikk kategorien Vis.
  3. Klikk Vis skjulte filer, mapper og stasjoner under Avanserte innstillinger, og klikk deretter OK.

Nå kan du navigere til følgende mappe og slette innholdet i den:

c:\users\politi\appdata\local\temp

Post den nye ComboFix loggen og gi ny tilbakemelding om du fortsatt har problemer i din neste post.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Heisann.

Fikk ikke til å slette de 3 filene som lå i temp-mappen. Klager over at den er åpen i Windows Utforsker.

Filene heter:

ddbyay.dll

FXSAPIDebugLogFile.txt

urpmli.dll

Det ser ut til at maskinen oppfører seg knirkefritt nå.

Er det noe mer som må gjøres nå?

Her er loggen:

ComboFix 11-01-16.04 - Politi 17.01.2011 23:26:29.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.1534.900 [GMT 1:00]

Kjører fra: c:\users\Politi\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Politi\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\users\Politi\pod312.exe"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Politi\pod312.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-17 til 2011-01-17 )))))))))))))))))))))))))))))))))

.

2011-01-17 22:33 . 2011-01-17 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-16 17:44 . 2011-01-16 17:45 -------- d-----w- c:\users\Politi\.netbeans

2011-01-16 17:43 . 2011-01-16 17:43 -------- d-----w- c:\users\Politi\.netbeans-registration

2011-01-16 17:38 . 2011-01-16 17:42 -------- d-----w- c:\program files\NetBeans 6.9.1

2011-01-16 17:29 . 2011-01-16 17:29 -------- d-----w- c:\program files\Common Files\Java

2011-01-16 17:28 . 2011-01-16 17:28 -------- d-----w- c:\program files\Sun

2011-01-16 17:16 . 2011-01-16 17:46 -------- d-----w- c:\users\Politi\.nbi

2011-01-15 13:11 . 2011-01-15 13:11 -------- d-----w- c:\program files\InstallShield Installation Information

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\windows\tiinst

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\program files\TIVistadriver

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\users\Politi\AppData\Roaming\SUPERAntiSpyware.com

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-01-14 23:15 . 2011-01-14 23:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-14 21:51 . 2011-01-15 15:24 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-01-14 21:51 . 2011-01-15 15:24 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\users\Politi\AppData\Roaming\Malwarebytes

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-01-14 21:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 21:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-14 19:16 . 2011-01-14 19:16 388096 ----a-r- c:\users\Politi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-14 19:16 . 2011-01-14 19:16 -------- d-----w- c:\program files\Trend Micro

2011-01-14 11:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB99576-9DAE-4677-B44B-2A825C2D5FE1}\mpengine.dll

2011-01-14 02:03 . 2011-01-14 02:03 -------- d-----w- c:\program files\Microsoft.NET

2011-01-12 20:35 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-01-12 20:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-16 17:27 . 2010-07-03 15:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-14 21:55 . 2010-11-14 21:55 10240 ----a-w- c:\windows\system32\kbddvp.dll

2010-11-07 23:35 . 2010-10-13 13:47 140288 ----a-w- c:\users\Politi\AppData\Local\pcre3.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-14 328568]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

"bywwtqsys"="c:\users\politi\appdata\local\temp\ddbyay.dll" [2011-01-17 111616]

"yabywwaudio"="c:\users\politi\appdata\local\temp\urpmli.dll" [2011-01-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\PN\Network Magic\nmapp.exe" [2010-09-20 472112]

"MRT"="c:\windows\system32\MRT.exe" [2011-01-04 37403080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Politi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-7-30 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CFcatchme;CFcatchme;c:\users\Politi\AppData\Local\Temp\CFcatchme.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Politi\AppData\Roaming\Mozilla\Firefox\Profiles\xm3sdogg.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(4072)

c:\users\politi\appdata\local\temp\urpmli.dll

c:\users\politi\appdata\local\temp\ddbyay.dll

c:\program files\PN\Network Magic\nmspce2.dll

c:\program files\PN\Network Magic\nmrsrc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\WTouch\WTouchUser.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2011-01-17 23:44:38 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2011-01-17 22:44

ComboFix2.txt 2011-01-16 23:16

ComboFix3.txt 2011-01-15 00:44

ComboFix4.txt 2011-01-14 21:49

Pre-Run: 56 987 672 576 byte ledig

Post-Run: 56 927 719 424 byte ledig

- - End Of File - - DE81613B14368812F7EB2BB1D9369C9C

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det ser ut til at det har kommet inn nye infiserte filer mellom du postet den forrige og den siste loggen.

Lag et nytt CFScript med følgende innhold, og gjenta prossedyren du har gjort tidligere:


File::

c:\users\politi\appdata\local\temp\urpmli.dll

c:\users\politi\appdata\local\temp\ddbyay.dll

c:\users\politi\appdata\local\temp\FXSAPIDebugLogFile.txt


Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"bywwtqsys"=-

"yabywwaudio"=-


Driver::

CFcatchme

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ny logg. Er det da noe mer som må gjøres? :D

ComboFix 11-01-17.01 - Politi 18.01.2011 0:35.5.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.1534.926 [GMT 1:00]

Kjører fra: c:\users\Politi\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Politi\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

FILE ::

"c:\users\politi\appdata\local\temp\ddbyay.dll"

"c:\users\politi\appdata\local\temp\FXSAPIDebugLogFile.txt"

"c:\users\politi\appdata\local\temp\urpmli.dll"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\politi\appdata\local\temp\ddbyay.dll

c:\users\politi\appdata\local\temp\FXSAPIDebugLogFile.txt

c:\users\politi\appdata\local\temp\urpmli.dll

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CFCATCHME

-------\Service_CFcatchme

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-18 til 2011-01-18 )))))))))))))))))))))))))))))))))

.

2011-01-17 23:42 . 2011-01-17 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-16 17:44 . 2011-01-16 17:45 -------- d-----w- c:\users\Politi\.netbeans

2011-01-16 17:43 . 2011-01-16 17:43 -------- d-----w- c:\users\Politi\.netbeans-registration

2011-01-16 17:38 . 2011-01-16 17:42 -------- d-----w- c:\program files\NetBeans 6.9.1

2011-01-16 17:29 . 2011-01-16 17:29 -------- d-----w- c:\program files\Common Files\Java

2011-01-16 17:28 . 2011-01-16 17:28 -------- d-----w- c:\program files\Sun

2011-01-16 17:16 . 2011-01-16 17:46 -------- d-----w- c:\users\Politi\.nbi

2011-01-15 13:11 . 2011-01-15 13:11 -------- d-----w- c:\program files\InstallShield Installation Information

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\windows\tiinst

2011-01-15 13:10 . 2011-01-15 13:10 -------- d-----w- c:\program files\TIVistadriver

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\users\Politi\AppData\Roaming\SUPERAntiSpyware.com

2011-01-14 23:16 . 2011-01-14 23:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-01-14 23:15 . 2011-01-14 23:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-14 21:51 . 2011-01-15 15:24 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-01-14 21:51 . 2011-01-15 15:24 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\users\Politi\AppData\Roaming\Malwarebytes

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-01-14 21:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-14 21:28 . 2011-01-14 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-14 21:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-14 19:16 . 2011-01-14 19:16 388096 ----a-r- c:\users\Politi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-14 19:16 . 2011-01-14 19:16 -------- d-----w- c:\program files\Trend Micro

2011-01-14 11:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEB99576-9DAE-4677-B44B-2A825C2D5FE1}\mpengine.dll

2011-01-14 02:03 . 2011-01-14 02:03 -------- d-----w- c:\program files\Microsoft.NET

2011-01-12 20:35 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-01-12 20:35 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-16 17:27 . 2010-07-03 15:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-14 21:55 . 2010-11-14 21:55 10240 ----a-w- c:\windows\system32\kbddvp.dll

2010-11-07 23:35 . 2010-10-13 13:47 140288 ----a-w- c:\users\Politi\AppData\Local\pcre3.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-14 328568]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\PN\Network Magic\nmapp.exe" [2010-09-20 472112]

"MRT"="c:\windows\system32\MRT.exe" [2011-01-04 37403080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Politi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-7-30 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-07-30 24645]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Politi\AppData\Roaming\Mozilla\Firefox\Profiles\xm3sdogg.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-iifdbasys - c:\users\politi\appdata\local\temp\ddbyay.dll

HKCU-Run-tutstraudio - c:\users\politi\appdata\local\temp\urpmli.dll

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(3948)

c:\program files\PN\Network Magic\nmrsrc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\WTouch\WTouchUser.exe

c:\windows\system32\conhost.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2011-01-18 13:38:11 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2011-01-18 12:38

ComboFix2.txt 2011-01-17 22:44

ComboFix3.txt 2011-01-16 23:16

ComboFix4.txt 2011-01-15 00:44

ComboFix5.txt 2011-01-17 23:33

Pre-Run: 57 007 493 120 byte ledig

Post-Run: 56 823 095 296 byte ledig

- - End Of File - - 57B64A085D78588FBEC237BCBB27612E

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Alt ser bra ut --- Loggene dine ser ut til å være rene. :)

Nedenfor er noen oppdateringer du bør gjennomføre. Oppdateringer bør gjennomføres fordi gamle versioner kan ha sikkerhetshull, og du kan bli infisert på nytt gjennom disse.

1)Det er viktig å holde Windows oppdatert, ettersom at dette kan forebygge mange sikkerhetshull som angripere kan bruke for å få tilgang til maskinen din. Det ser ut til at versjonen du bruker nå, er utdatert.

  • Klikk på Start-knappen 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.png
  • Klikk på Alle programmer
  • Klikk på Windows Update
  • Klikk på Installer oppdateringer for å laste ned alle Viktige oppdateringer


    select_all_programsWin7.gifselect_wuWin7.gif

    Vennligst enten slå på Automatisk oppdatering, eller gjør det til en vane å sjekke Windows Update regelmessig. Det vil vanligvis være sikkerhetsoppdateringer hver måned.

    Gjør følgende for å slå Automatisk oppdatering på.
    • Gå til "Windows update, som anvist ovenfor
    • Klikk på Endre innstillinger i venstre rute
    • Under Viktige oppdateringer velger du Installer oppdateringer automatisk (anbefales)
    • Klikk OK


      2)Du bør oppdatere Java og Abode Flash Player
      Det er viktig å bruke den seneste versjonen av Java og Flash, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen.

      Oppdatere Java:

      • Trykk på følgende link, og last ned nyeste versjon av Java
      • Gå til Start > Kontrollpanel > Avinstaller et program.
      • Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... )
        Alle disse versjonene bør ha dette bildet foran: javaicon.gif
        Velg alle du finner, og trykk på Fjern
      • Deretter installerer du den Java-versjonen som du lastet ned i starten.

      For å sikre at du har siste versjon av Adobe Flash Player installert:

      [*]Slik avinstallerer du en eldre versjon, last ned denne filen til skrivebordet: uninstall_flash_player.exe

      [*]Avslutt alle programmer som kjører, inkludert alle Internet Explorer eller andre nettleservinduer, og messenger-programmer (som AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

      [*]Dobbeltklikk på filen du har lastet ned for å avinstallere Flash.

      [*] Hvis avinstalleringen var vellykket, gå til denne siden: Installer Adobe Flash Player, og velg Godta og installer nå. Dette vil installere den nyeste versjonen av Flash for din nettleser (Merk: Flash plugins for IE og Firefox må installeres separat).

      Merk:Under installasjonen vil du få tilbud om å innstallere Free McAfee Security Scan og Free Google Toolbar (forhåndsvalgt). Jeg anbefaler deg på det sterkeste å fjerne haken, og dermed ikke innstallere disse programmene.

      Fortell hvordan det gikk med oppdateringene, da problemer med oppdatering kan være en indikasjon på at det er mer malware på systemet.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Heisann, oppdateringene gikk feilfritt :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Siden du ikke fikk noen problemer gjør vi oss ferdig her :D

Combofix må avinstalleres.

Gå til Start > Kjør

Skriv følgende i boksen:

  • combofix /uninstall

    PS: legg merke til mellomrommet mellom Combofix /Uninstall

    Du skal nå ha noe som tilsvarer bildet nedenfor:
    combofix_uninstall.jpg

    Trykk Enter.

    Denne kommandoen vil:
    • Fjerne følgende:

      • ComboFix og dets tilhørende filer og mapper.
      • VundoFix backups, hvis de eksisterer.
      • Mappen C:\Deckard, hvis den eksisterer
      • Mappen C:\OtMoveIt, hvis den eksisterer

      [*] Nullstille klokke-instillingene.

      [*] Skjule filetternavn hvis det er nødvendig.

      [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

      [*] Nullstille systemgjennoprettingspunkter.

      ------------

      Du kan avinstallere HijackThis hvis du ønsker:

      Start HijackThis, velg None of the above, just start the program.

      Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

      ------------

      Pass på å holde Malwarebytes oppdatert og kjør det regelmessig, siden dette kan beskytte mot en del spyware.

      Du trenger ett nytt antivirusprogram siden du nå ikke har ett.

      AntiVir er et utmerket gratis antivirusprogram. Det er også AVG og avast!.

      Viktig: Velg kun ett antivirusprogram. Å ha fler programmer samtidig, kan føre til at programmene begynner å arbeide mot hverandre, og vil kunne slippe igjennom mer virus..

      Du kan se en test over antivirusprogrammer her.

      Bruk den når du velger hvilket antivirusprogram du vil bruke.

      Pass på å kjøre antivirusprogrammet du velger regelmessig, og hold det oppdatert.

      Til slutt bør du få deg en brannmur. Noen gode brannmurer er:

      - Comodo Firewall

      - Tallemu Online Armor

      - Keiro Sunbelt Firewall

      - ZoneAlarm Firewall

      - Jetico Firewall -

      - PC Tools firewall Plus

      Sunbelt firewall, Online Armor og ZoneAlarm finnes også i betalte versjoner.

      Du kan se en test over brannmurer her.

      Bruk den når du velger hvilken brannmur du vil bruke.

      Merk at det er mange useriøse programmer der ute som ønsker å skremme deg til å gi dem pengene dine og, noe malware hevder faktisk å være sikkerhetsprogrammer. Hvis du får en popup fra et sikkerhetsprogram som du ikke har installert selv, ikke klikk på det og be om hjelp umiddelbart. Det er veldig viktig å kjøre et antivirusprogram og brannmur, men du kan ikke stole på alle tester og annonser som ligger på nettet. Spør på et sikkerhetsforum du stoler på hvis du er usikker på hvilke programmer du bør velge. Hvis du lurer på om programmet du bruker ikke er ekte, kan du sjekke det ut her.

      En tilsvarende kategori av programmer blir kalt "scareware." Scareware programmer er aktive infeksjoner som dukker opp på datamaskinen din og forteller deg at du er smittet. Hvis du ser nøye etter, vil det vanligvis være et navn som ser ut til å være legitimt, men det er ikke en av de programmene du har installert. Programmet ber deg til å klikke og installere det med en gang. Hvis du klikker på noe av det, inkludert krysset for å lukke det, vil du kunne bidra til å gjøre maskinen enda mer infisert. Å holde beskyttelsesprogrammene oppdatert og aktivere aktiv beskyttelse kan bidra til å unngå disse infeksjonene.

      Hvis det likevel skjer, gå offline så fort som mulig. Trekk ut internettkabelen eller slå av datamaskinen. Kontakt noen som kan hjelpe deg, ved å bruke en annen datamaskin eller en mobil hvis det er tilgjengelig. Hvis du ikke har tilgang på en annen maskin, bør du være særdeles forsiktig når du bruker den infiserte maskinen til å be om hjelp.

      Dette vil forhåpentligvis ta seg av fremtidige problemer. :D

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tusen takk :wub:

Maskinen fungerer knirkefritt nå :D

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Meget grundig dere går til verks, må jeg si! Imponert! ;)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Man må jo følge opp når vi har vært så heldige og fått et eget MST på forumet :D

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive