dj_vega Skrevet 11. oktober 2008 Del Skrevet 11. oktober 2008 Hei, har en del problemer med muligens virus for tiden. Avast mener bl.a at "C:\WINDOWS\System32\drivers\etc\hosts.msn" filen er en Trojansk hest. Litt Info: Malware Navn: BV:Qhost-C [Trj] Malware type: Trojansk hest VPS Versjon 081010-10, 10.10.2008 Er dette faktisk et skikkelig virus? Er ikke plaget med virus til vanlig, men dette sjedde etter at jeg uinstalerte AVG pga det sluttet å virke (Nektet å starte opp) og innstalerte avast. Lenke til kommentar
dj_vega Skrevet 11. oktober 2008 Forfatter Del Skrevet 11. oktober 2008 Update: Holder på å kjøre en Trend Micro HouseCall 6.5 Online Scan. Den sier at jeg bla har: HACKINGTOOLS_RARPASSWORDCRACKER Det stemmer forsåvidt at jeg har et program som heter noe slikt, men det er i tilfelle mine filer skal bli kryptert. Men er det noen andre tips? Jeg lurer på om jeg skal prøve noe annet et Avast da de få ukene jeg har hatt det så har jeg ikke blitt imponert. Lenke til kommentar
snippsat Skrevet 11. oktober 2008 Del Skrevet 11. oktober 2008 (endret) Hei, har en del problemer med muligens virus for tiden.Avast mener bl.a at "C:\WINDOWS\System32\drivers\etc\hosts.msn" filen er en Trojansk hest. Avast er ikke så god på falsk postetiv siden. Nå bør det være mulig og ta bort filer fra scann,guard. Her kan du scanne filer Virustotal Jeg lurer på om jeg skal prøve noe annet et Avast da de få ukene jeg har hatt det så har jeg ikke blitt imponert. Avira er det gratise programmet vi som er aktive i denne delen av forumet bruker og anbefale. Holder på å kjøre en Trend Micro HouseCall 6.5 Online Scan. https://www.diskusjon.no/index.php?showtopic=691246 Poster du logger vil du få et helt sikkert svar på om du har maleware eller ikke. Endret 11. oktober 2008 av SNIPPSAT Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Hei, har en del problemer med muligens virus for tiden.Avast mener bl.a at "C:\WINDOWS\System32\drivers\etc\hosts.msn" filen er en Trojansk hest. Avast er ikke så god på falsk postetiv siden. Nå bør det være mulig og ta bort filer fra scann,guard. Her kan du scanne filer Virustotal Jeg lurer på om jeg skal prøve noe annet et Avast da de få ukene jeg har hatt det så har jeg ikke blitt imponert. Avira er det gratise programmet vi som er aktive i denne delen av forumet bruker og anbefale. Holder på å kjøre en Trend Micro HouseCall 6.5 Online Scan. https://www.diskusjon.no/index.php?showtopic=691246 Poster du logger vil du få et helt sikkert svar på om du har maleware eller ikke. Jeg har lagt inn HJT log på den linken, om NOD32 koster noe? Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Hei, dette er min HJT log: Logfile of HijackThis v1.99.1 Scan saved at 15:23:31, on 12.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Last.fm\LastFM.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\EvilLyrics\EvilLyrics.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [speed Driver] sbthost.exe O4 - HKLM\..\RunServices: [speed Driver] sbthost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\puresp3.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe Lenke til kommentar
snippsat Skrevet 12. oktober 2008 Del Skrevet 12. oktober 2008 Du har noe grums. Kunne du kjørt MBAM og combofix fra guiden. Postet logger fra MBAM og combofix + en ny hijackthis logg etter og ha kjørt de 2. Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Kan nevne at pcen hr delvis restarta seg, og nå står avast å kjører full scan. Etter på det skal jeg poste logger og HJT. Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 combifix log_ "ComboFix 08-10-11.02 - Tor Erlend 2008-10-12 16:46:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.499 [GMT 2:00] Running from: C:\Documents and Settings\Tor Erlend\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\Memman.vxd C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\skinboxer43.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 ))))))))))))))))))))))))))))))) . 2008-10-12 19:13 . 2008-10-12 19:13 0 --a------ C:\WINDOWS\system32\wpcap.dll 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Documents and Settings\Tor Erlend\Programdata\Malwarebytes 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-12 16:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-12 16:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-12 15:23 . 2008-10-12 15:23 <DIR> d-------- C:\Program Files 2008-10-11 20:05 . 2008-10-11 21:52 <DIR> d-------- C:\Documents and Settings\Tor Erlend\.housecall6.6 2008-10-08 18:55 . 2008-10-08 18:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-07 12:45 . 2008-10-12 15:23 <DIR> dr-h----- C:\Documents and Settings\Tor Erlend\Siste 2008-10-07 12:42 . 2008-10-07 12:42 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-29 16:46 . 2008-10-12 19:14 <DIR> d-------- C:\Programfiler\Steam 2008-09-26 21:38 . 2008-09-26 21:40 <DIR> d-------- C:\Programfiler\Valve 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\system32\no 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-25 16:53 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-25 16:45 . 2008-09-25 16:45 <DIR> d-------- C:\WINDOWS\EHome 2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-09-25 16:25 . 2008-09-25 16:25 <DIR> d-------- C:\Programfiler\MagicISO 2008-09-24 21:16 . 2008-09-24 21:16 <DIR> d-------- C:\Programfiler\Alwil Software 2008-09-21 16:33 . 2008-09-25 23:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-21 16:33 . 2008-09-21 16:33 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-19 23:08 . 2008-09-19 23:08 244 --ah----- C:\sqmnoopt04.sqm 2008-09-19 23:08 . 2008-09-19 23:08 232 --ah----- C:\sqmdata04.sqm 2008-09-19 23:07 . 2008-09-19 23:07 <DIR> d-------- C:\Programfiler\ASIO4ALL v2 2008-09-19 23:06 . 2008-09-19 23:06 <DIR> d-------- C:\Programfiler\VstPlugins 2008-09-19 23:06 . 2008-09-19 23:06 <DIR> d-------- C:\Programfiler\Outsim 2008-09-19 23:06 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-09-19 23:06 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-09-19 23:04 . 2008-09-19 23:07 <DIR> d-------- C:\Programfiler\Image-Line 2008-09-19 21:44 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-09-19 20:05 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll 2008-09-19 20:05 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-09-19 20:05 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-09-19 20:05 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-09-19 20:05 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-09-19 20:05 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-12 17:13 42,512 ----a-w C:\WINDOWS\system32\drivers\npf.sys 2008-10-12 17:13 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-12 14:50 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\uTorrent 2008-10-12 14:43 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\SiteAdvisor 2008-10-11 19:27 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\OpenOffice.org2 2008-10-08 16:55 --------- d-----w C:\Programfiler\Rockstar Games 2008-10-07 11:08 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-07 10:55 --------- d-----w C:\Programfiler\Telenor 2008-10-07 10:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-09-27 15:00 --------- d-----w C:\Programfiler\Rigs of Rods 0.35 2008-09-25 21:55 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Winamp 2008-09-25 14:35 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-09-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-09-24 17:24 --------- d-----w C:\Programfiler\uTorrent 2008-09-21 16:03 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Hamachi 2008-09-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited 2008-09-19 22:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-09-19 21:16 --------- d-----w C:\Programfiler\EvilLyrics 2008-09-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-09-09 21:40 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Creative 2008-09-09 17:30 --------- d-----w C:\Programfiler\Creative 2008-08-31 12:53 --------- d-----w C:\Programfiler\VirtualDJ 2008-08-22 19:31 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-04-14 16:22 933,888 --sh--r C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2008-04-06 219952] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-10-12 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "Speed Driver"="sbthost.exe" [2008-04-14 C:\WINDOWS\system32\sbthost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Speed Driver"="sbthost.exe" [2008-04-14 C:\WINDOWS\system32\sbthost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\uTorrent\\utorrent.exe"= "C:\\Programfiler\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\hl.exe"= "C:\\Programfiler\\Steam\\steamapps\\hansfpsdog\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528] S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-10-12 42512] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-20 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfc12e1-c470-11dc-91f0-806d6172696f}] \Shell\AutoRun\command - E:\RunGame.exe . Contents of the 'Scheduled Tasks' folder 2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Programfiler\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tor Erlend\Programdata\Mozilla\Firefox\Profiles\8w25adp7.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nb-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 19:12:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\wpcap.dll 240240 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-10-12 19:17:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-12 17:17:37 Pre-Run: 117 976 010 752 byte ledig Post-Run: 117,927,735,296 byte ledig 181 --- E O F --- 2008-09-26 01:00:48 " Lenke til kommentar
snippsat Skrevet 12. oktober 2008 Del Skrevet 12. oktober 2008 Min datamskin >verktøy->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Scann denne filen her Virustotal C:\WINDOWS\system32\sbthost.exe Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 (endret) http://www.virustotal.com/analisis/0b35e11...6365b3ff2afaff0 Hjelper dette noe? Den sier vertfall at det er noe Backdoor av ett eller annet slag. Og vis jeg ikke tar helt feil så lager denne en "bakdør" på pcen slik at hackere kan ta seg inn.? Jeg fant ikke filen, men jeg fant en fil kalt "SBTHOST.EXE-1DA57CDC.pf" Hva er dette? Endret 12. oktober 2008 av dj_vega Lenke til kommentar
snippsat Skrevet 12. oktober 2008 Del Skrevet 12. oktober 2008 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\sbthost.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speed Driver"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Speed Driver"=- Logg fra MBAM og hijackthis. Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 ComboFix 08-10-11.02 - Tor Erlend 2008-10-12 23:32:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.631 [GMT 2:00] Running from: C:\Documents and Settings\Tor Erlend\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Tor Erlend\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\sbthost.exe C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 ))))))))))))))))))))))))))))))) . 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Documents and Settings\Tor Erlend\Programdata\Malwarebytes 2008-10-12 16:41 . 2008-10-12 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-12 16:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-12 16:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-12 15:23 . 2008-10-12 15:23 <DIR> d-------- C:\Program Files 2008-10-11 20:05 . 2008-10-11 21:52 <DIR> d-------- C:\Documents and Settings\Tor Erlend\.housecall6.6 2008-10-08 18:55 . 2008-10-08 18:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-07 12:45 . 2008-10-12 23:30 <DIR> dr-h----- C:\Documents and Settings\Tor Erlend\Siste 2008-10-07 12:42 . 2008-10-07 12:42 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-29 16:46 . 2008-10-12 19:14 <DIR> d-------- C:\Programfiler\Steam 2008-09-26 21:38 . 2008-09-26 21:40 <DIR> d-------- C:\Programfiler\Valve 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\system32\no 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-25 16:56 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-25 16:53 . 2008-09-25 16:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-25 16:45 . 2008-09-25 16:45 <DIR> d-------- C:\WINDOWS\EHome 2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-09-25 16:25 . 2008-09-25 16:25 <DIR> d-------- C:\Programfiler\MagicISO 2008-09-24 21:16 . 2008-09-24 21:16 <DIR> d-------- C:\Programfiler\Alwil Software 2008-09-21 16:33 . 2008-09-25 23:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-21 16:33 . 2008-09-21 16:33 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-19 23:08 . 2008-09-19 23:08 244 --ah----- C:\sqmnoopt04.sqm 2008-09-19 23:08 . 2008-09-19 23:08 232 --ah----- C:\sqmdata04.sqm 2008-09-19 23:07 . 2008-09-19 23:07 <DIR> d-------- C:\Programfiler\ASIO4ALL v2 2008-09-19 23:06 . 2008-09-19 23:06 <DIR> d-------- C:\Programfiler\VstPlugins 2008-09-19 23:06 . 2008-09-19 23:06 <DIR> d-------- C:\Programfiler\Outsim 2008-09-19 23:06 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-09-19 23:06 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-09-19 23:04 . 2008-09-19 23:07 <DIR> d-------- C:\Programfiler\Image-Line 2008-09-19 21:44 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-09-19 20:05 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll 2008-09-19 20:05 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-09-19 20:05 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-09-19 20:05 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-09-19 20:05 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-09-19 20:05 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-12 21:34 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\uTorrent 2008-10-12 21:29 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\SiteAdvisor 2008-10-12 17:13 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-11 19:27 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\OpenOffice.org2 2008-10-08 16:55 --------- d-----w C:\Programfiler\Rockstar Games 2008-10-07 11:08 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-07 10:55 --------- d-----w C:\Programfiler\Telenor 2008-10-07 10:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-09-27 15:00 --------- d-----w C:\Programfiler\Rigs of Rods 0.35 2008-09-25 21:55 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Winamp 2008-09-25 14:35 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-09-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-09-24 17:24 --------- d-----w C:\Programfiler\uTorrent 2008-09-21 16:03 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Hamachi 2008-09-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited 2008-09-19 22:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-09-19 21:16 --------- d-----w C:\Programfiler\EvilLyrics 2008-09-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-09-09 21:40 --------- d-----w C:\Documents and Settings\Tor Erlend\Programdata\Creative 2008-09-09 17:30 --------- d-----w C:\Programfiler\Creative 2008-08-31 12:53 --------- d-----w C:\Programfiler\VirtualDJ 2008-08-22 19:31 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2008-04-06 219952] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-10-12 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\uTorrent\\utorrent.exe"= "C:\\Programfiler\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\hl.exe"= "C:\\Programfiler\\Steam\\steamapps\\hansfpsdog\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-20 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfc12e1-c470-11dc-91f0-806d6172696f}] \Shell\AutoRun\command - E:\RunGame.exe . Contents of the 'Scheduled Tasks' folder 2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Programfiler\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 23:33:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-12 23:35:27 ComboFix-quarantined-files.txt 2008-10-12 21:34:59 ComboFix2.txt 2008-10-12 17:17:43 Pre-Run: 117 930 762 240 byte ledig Post-Run: 117,916,389,376 byte ledig 161 --- E O F --- 2008-09-26 01:00:48 Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Mbam kommer snart, HJT kommer også snart. Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Logfile of HijackThis v1.99.1 Scan saved at 23:45:37, on 12.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Last.fm\LastFM.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\HijackThis\HijackThis.exe C:\Programfiler\Winamp\winamp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\puresp3.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe Lenke til kommentar
dj_vega Skrevet 12. oktober 2008 Forfatter Del Skrevet 12. oktober 2008 Malwarebytes' Anti-Malware 1.28 Database versjon: 1261 Windows 5.1.2600 Service Pack 3 13.10.2008 00:20:31 mbam-log-2008-10-13 (00-20-31).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 159994 Tid tilbakelagt: 43 minute(s), 57 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
snippsat Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) Da er du ren Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. For og bedere sikkerhet som vi pratet om anbefaler jeg Avira. MBAM som du har nå bruker du en gang iblant. En brannmur kan være bra og ha her anbefaler jeg Comodo Da har du et bra oppsett og det beste er at det er gratis. Endret 13. oktober 2008 av SNIPPSAT Lenke til kommentar
dj_vega Skrevet 13. oktober 2008 Forfatter Del Skrevet 13. oktober 2008 Jeg skal prøve dette når jeg kommer hjem. Men har du hørt noe om at AVG slutter å fungere? Har brukt det i en del år, og jeg savner det. Det fungerte før... Jeg skal prøve dette når jeg kommer hjem. Men har du hørt noe om at AVG slutter å fungere? Har brukt det i en del år, og jeg savner det. Det fungerte før... Lenke til kommentar
dj_vega Skrevet 13. oktober 2008 Forfatter Del Skrevet 13. oktober 2008 Jeg skal prøve dette når jeg kommer hjem. Men har du hørt noe om at AVG slutter å fungere? Har brukt det i en del år, og jeg savner det. Det fungerte før... Lenke til kommentar
snippsat Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 Men har du hørt noe om at AVG slutter å fungere? Har jeg nevnt avg,jeg anbefaler avira. Avg free fungerer fint som bare det,viss du lurte på det. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå