cfx86 Skrevet 25. oktober 2008 Del Skrevet 25. oktober 2008 NIS 2009 søker gjennom 3986 filer før den sier søket er ferdig (full scan) Super Anti Spyware SUPERAntiSpyware encountered an error using direct disk scanning.Please uncheck the 'Use direct disk scanning' option in the scanning control preferences. Dette skjedde etter jeg lastet ned et spill. *føler seg jævlig dum* Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:55:37, on 25.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\FRYDIS~1\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Opera\opera.exe C:\Users\Frøydis\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: qnflkotm - {7FF0C7E8-DF07-4550-A65B-C367791C512A} - (no file) O21 - SSODL: vwnskbot - {1FBFC521-02EE-4D12-81BA-2E0A5EBCB348} - (no file) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6101 bytes Lenke til kommentar
Tosha0007 Skrevet 25. oktober 2008 Del Skrevet 25. oktober 2008 (endret) Følg resten av veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246 Endret 25. oktober 2008 av tosha0007 Lenke til kommentar
cfx86 Skrevet 25. oktober 2008 Forfatter Del Skrevet 25. oktober 2008 ComboFix 08-10-24.02 - Frøydis 2008-10-25 17:34:09.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1448 [GMT 2:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\TS-2009 C:\Program Files\TS-2009\scan.exe C:\Program Files\TS-2009\totalsecure.s2 C:\Program Files\TS-2009\totalsecure.s3 C:\Windows\system32\djenxlnl.ini C:\Windows\system32\drivers\TDSScrrx.sys C:\Windows\system32\drivers\TDSSnbcb.sys C:\Windows\system32\TDSScrrx.dll C:\Windows\system32\TDSSdotf.dll C:\Windows\system32\TDSSfopt.dll C:\Windows\system32\TDSSntlv.dll C:\Windows\system32\TDSSnyfn.log C:\Windows\system32\TDSSpone.log C:\Windows\system32\TDSSqycx.dll C:\Windows\system32\TDSSrfpp.dll C:\Windows\system32\TDSSsbxq.log C:\Windows\system32\TDSStmei.dll C:\Windows\system32\TDSSwqsc.dat C:\Windows\system32\TDSSwqsc.dll C:\Windows\system32\x64 C:\Windows\System32\YIhOqBeg.ini C:\Windows\System32\YIhOqBeg.ini2 ----- BITS: Possible infected sites ----- hxxp://lovelypornovideo.net hxxp://www.lovelypornovideo.net . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv -------\Legacy_TDSSserv -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 ))))))))))))))))))))))))))))))) . 2008-10-25 07:02 . 2008-10-25 07:02 <DIR> d-------- C:\Program Files\Symantec 2008-10-25 07:02 . 2008-10-25 07:02 124,464 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-10-25 07:02 . 2008-10-25 07:01 25,136 -ra------ C:\Windows\System32\drivers\SymIMV.sys 2008-10-25 07:02 . 2008-10-25 07:02 10,635 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT 2008-10-25 07:02 . 2008-10-25 07:02 806 --a------ C:\Windows\System32\drivers\SYMEVENT.INF 2008-10-25 07:01 . 2008-10-25 07:01 <DIR> d-------- C:\Windows\System32\drivers\NIS 2008-10-25 07:01 . 2008-10-25 07:02 <DIR> d-------- C:\Users\All Users\Norton 2008-10-25 07:01 . 2008-10-25 07:01 <DIR> d-------- C:\Program Files\Norton Internet Security 2008-10-25 07:01 . 2008-10-25 07:02 <DIR> d-------- C:\PROGRA~2\Norton 2008-10-25 06:54 . 2008-10-25 06:54 <DIR> d-------- C:\Users\All Users\NortonInstaller 2008-10-25 06:54 . 2008-10-25 07:01 <DIR> d-------- C:\Program Files\NortonInstaller 2008-10-25 06:54 . 2008-10-25 06:54 <DIR> d-------- C:\PROGRA~2\NortonInstaller 2008-10-25 05:47 . 2008-10-25 05:47 0 --a------ C:\ARK6AE4.tmp 2008-10-25 04:51 . 2008-10-25 04:51 0 --a------ C:\ARK2F4B.tmp 2008-10-25 04:25 . 2008-10-25 04:25 0 --a------ C:\ARKE974.tmp 2008-10-25 03:50 . 2008-10-25 03:50 0 --a------ C:\ARKFB69.tmp 2008-10-25 03:49 . 2008-10-25 03:49 0 --a------ C:\ARK2D6F.tmp 2008-10-25 03:48 . 2008-10-25 03:48 0 --a------ C:\ARKE91F.tmp 2008-10-25 03:48 . 2008-10-25 03:48 0 --a------ C:\ARKB0CF.tmp 2008-10-19 02:32 . 2008-10-19 02:32 <DIR> d-------- C:\Users\Frøydis\AppData\Roaming\Livestation 2008-10-19 02:30 . 2008-10-19 02:30 <DIR> d-------- C:\Users\Frøydis\Livestation 2008-10-19 02:30 . 2008-10-19 02:30 <DIR> d-------- C:\Users\Frøydis\Livestation 2008-10-19 02:30 . 2008-10-19 02:30 <DIR> d-------- C:\Program Files\OpenAL 2008-10-19 02:30 . 2008-10-19 02:30 <DIR> d-------- C:\Program Files\Livestation 2008-10-19 02:30 . 2008-10-19 02:30 413,696 --a------ C:\Windows\System32\wrap_oal.dll 2008-10-19 02:30 . 2008-10-19 02:30 110,592 --a------ C:\Windows\System32\OpenAL32.dll 2008-10-18 03:06 . 2008-10-18 03:06 <DIR> d-------- C:\Program Files\VS Revo Group 2008-10-16 22:09 . 2008-10-16 22:09 <DIR> d-------- C:\Program Files\MetaGeek 2008-10-16 08:01 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-16 08:01 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-15 13:59 . 2008-10-15 13:59 <DIR> d-------- C:\Users\Frøydis\AppData\Roaming\WinBatch 2008-10-15 13:59 . 2008-10-15 14:59 <DIR> d-------- C:\Users\All Users\Atheros 2008-10-15 13:59 . 2008-10-15 14:59 <DIR> d-------- C:\PROGRA~2\Atheros 2008-10-15 13:54 . 2008-10-15 13:54 <DIR> d-------- C:\Atheros Utility.temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-25 15:43 2,883,584 ----a-w C:\Users\Frøydis\NTUSER.DAT 2008-10-25 15:43 2,883,584 ----a-w C:\Users\Frøydis\NTUSER.DAT 2008-10-25 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-25 05:02 --------- d-----w C:\Users\Frøydis\AppData\Roaming\uTorrent 2008-10-25 05:02 --------- d-----w C:\PROGRA~2\Symantec 2008-10-25 04:52 --------- d-----w C:\Program Files\Launch Manager 2008-10-25 04:51 --------- d-----w C:\PROGRA~2\Avira 2008-10-25 04:35 --------- d-----w C:\Users\Frøydis\AppData\Roaming\SUPERAntiSpyware.com 2008-10-25 04:35 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-10-25 04:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-25 04:34 --------- d-----w C:\Program Files\Acer GameZone 2008-10-23 12:35 --------- d-----w C:\Program Files\Opera 2008-10-22 14:59 --------- d-----w C:\Users\Frøydis\AppData\Roaming\Adobe 2008-10-22 01:49 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-10-19 00:32 --------- d-----w C:\Users\Frøydis\AppData\Roaming\Livestation 2008-10-16 20:46 --------- d-s---w C:\Users\Frøydis\AppData\Roaming\Microsoft 2008-10-16 06:07 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 06:04 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-10-15 13:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 11:59 --------- d-----w C:\Users\Frøydis\AppData\Roaming\WinBatch 2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys 2008-09-17 07:31 --------- d-----w C:\Users\Frøydis\AppData\Roaming\JLC's Software 2008-09-17 07:31 --------- d-----w C:\Program Files\JLC's Software 2008-09-10 12:56 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 13:48 --------- d-----w C:\Program Files\VistaCodecPack 2008-08-27 13:47 --------- d-----w C:\PROGRA~2\VistaCodecs 2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys 2008-08-25 18:27 --------- d-----w C:\PROGRA~2\Apple Computer 2008-08-25 18:24 --------- d-----w C:\Program Files\QuickTime 2008-08-25 18:24 --------- d-----w C:\Program Files\Apple Software Update 2008-08-25 18:24 --------- d-----w C:\PROGRA~2\Apple 2008-08-09 06:30 1,007,616 ----a-w C:\Windows\System32\VSFilter.dll 2008-08-05 11:33 27,525 ----a-w C:\Users\Frøydis\AppData\Roaming\nvModes.dat 2008-08-05 09:49 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-08-05 09:49 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-06 17:33 174 --sha-w C:\Program Files\desktop.ini 2008-01-18 13:43 0 ----a-w C:\Users\Frøydis\AppData\Roaming\wklnhst.dat 2007-11-29 09:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-29 09:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-29 09:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 8470528] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --a------ 2008-05-19 15:24 91432 C:\Program Files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1357929854-795771713-1899119225-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= Disabled:C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CB0DE544-9952-4BAA-A3F5-DCAACE515783}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{5FDB47DF-FFEE-4F0B-BCAB-D271382ABA82}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{ED051172-EAD2-4839-96AC-C11528B10FC2}"= Disabled:Profile=Public|C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{3583A868-EC59-4CC1-8E89-2CE3337147B8}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{CD626850-DF7C-46B7-B3B4-BDF57E2ED4CB}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{AF1EC0DA-6D93-4DEC-99B3-AFD7D2E63103}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{23340C95-3CF0-4A09-8D74-40C8E07BB77D}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{EEED3B27-F41B-42D8-947D-30F529A1B29D}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{6F0E532F-CACA-4249-80AC-91D2E7EA103F}"= Disabled:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{92817D66-DF37-41CD-B247-03D1427D0000}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{FDE1A683-1FF6-4222-9588-0EE262A464FF}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{0B6FD70B-28E7-42A8-B44F-395CC7569192}"= Disabled:C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{E6BD5475-451D-48E5-B33B-F896972E035A}"= Disabled:C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{028C0614-D12C-4D15-9BE6-C2B5EA1D5F09}"= Disabled:C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "TCP Query User{876BEBB3-FA39-442C-992F-5C78FB533C66}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{72E66B77-BE9A-450A-B7B3-696448965C75}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-25 309296] R1 BHDrvx86;Symantec Heuristics Driver;C:\Windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-25 254512] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-25 362544] R1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081023.001\IDSvix86.sys [2008-10-25 289840] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51 13560] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07 61424] R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-10-25 40496] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-30 355584] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe ShellExecuteHooks-{224933BF-1890-44F7-96FA-0A41B1F55F76} - (no file) SSODL-qnflkotm-{7FF0C7E8-DF07-4550-A65B-C367791C512A} - (no file) SSODL-vwnskbot-{1FBFC521-02EE-4D12-81BA-2E0A5EBCB348} - (no file) SafeBoot-TDSSnbcb.sys . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-25 17:42:54 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Windows\System32\drivers\XAudio.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Windows\System32\conime.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\ApntEx.exe C:\Windows\System32\wbem\unsecapp.exe C:\Users\FRYDIS~1\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2008-10-25 17:52:28 - machine was rebooted [Frøydis] ComboFix-quarantined-files.txt 2008-10-25 15:52:14 Pre-Run: 47,455,522,816 byte ledig Post-Run: 47,224,479,744 byte ledig 274 --- E O F --- 2008-10-23 17:22:57 Lenke til kommentar
cfx86 Skrevet 25. oktober 2008 Forfatter Del Skrevet 25. oktober 2008 Fikk beskjed av combofix at jeg hadde rootkit.. Burde jeg formatere eller kan jeg stole på det er fjernet? 2006-11-02 15:04:06 A------- 4,194,304 C:\Qoobox\Quarantine\C\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat.vir2006-11-02 15:04:06 A------- 4,194,304 C:\Qoobox\Quarantine\C\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat.vir 2007-08-10 07:44:21 A------- 10 C:\Qoobox\Quarantine\C\DRV\Tuner\Yuan\Resources\_desktop.ini.vir 2008-10-21 23:26:14 A------- 1,997 C:\Qoobox\Quarantine\C\Program Files\TS-2009\totalsecure.s2.vir 2008-10-21 23:26:14 A------- 145,994 C:\Qoobox\Quarantine\C\Program Files\TS-2009\totalsecure.s3.vir 2008-10-21 23:27:50 A------- 2,246,656 C:\Qoobox\Quarantine\C\Program Files\TS-2009\scan.exe.vir 2008-10-25 03:46:39 A------- 60,416 C:\Qoobox\Quarantine\C\Windows\System32\drivers\TDSSnbcb.sys.vir 2008-10-25 03:47:00 A------- 36,864 C:\Qoobox\Quarantine\C\Windows\System32\TDSScrrx.dll.vir 2008-10-25 03:47:04 A------- 164 C:\Qoobox\Quarantine\C\Windows\System32\TDSSwqsc.dat.vir 2008-10-25 03:47:08 A------- 29,696 C:\Qoobox\Quarantine\C\Windows\System32\TDSStmei.dll.vir 2008-10-25 03:47:10 A------- 31,232 C:\Qoobox\Quarantine\C\Windows\System32\TDSSrfpp.dll.vir 2008-10-25 03:47:11 A------- 77,824 C:\Qoobox\Quarantine\C\Windows\System32\TDSSntlv.dll.vir 2008-10-25 03:47:13 A------- 2,760 C:\Qoobox\Quarantine\C\Windows\System32\TDSSfopt.dll.vir 2008-10-25 03:47:13 A------- 30,720 C:\Qoobox\Quarantine\C\Windows\System32\TDSSdotf.dll.vir 2008-10-25 03:47:15 A------- 3,121 C:\Qoobox\Quarantine\C\Windows\System32\TDSSnyfn.log.vir 2008-10-25 03:47:15 A------- 3,617 C:\Qoobox\Quarantine\C\Windows\System32\TDSSpone.log.vir 2008-10-25 03:53:01 A------- 2,295 C:\Qoobox\Quarantine\C\Windows\System32\YIhOqBeg.ini.vir 2008-10-25 03:53:21 A------- 2,295 C:\Qoobox\Quarantine\C\Windows\System32\YIhOqBeg.ini2.vir 2008-10-25 03:57:07 A------- 1,399,974 C:\Qoobox\Quarantine\C\Windows\System32\djenxlnl.ini.vir 2008-10-25 04:23:31 A------- 35,328 C:\Qoobox\Quarantine\C\Windows\System32\TDSSwqsc.dll.vir 2008-10-25 17:28:40 A------- 162 C:\Qoobox\Quarantine\catchme.log 2008-10-25 17:30:38 A------- 1,135 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.reg.dat 2008-10-25 17:30:39 A------- 468 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.sys).reg.dat 2008-10-25 17:38:49 A------- 6,120 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2008-10-25 17:39:09 A------- 1,044 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.reg.dat 2008-10-25 17:46:16 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat 2008-10-25 17:46:16 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat 2008-10-25 17:46:16 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat 2008-10-25 17:46:55 A------- 138 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Acer Tour Reminder.reg.dat 2008-10-25 17:47:00 A------- 146 C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{224933BF-1890-44F7-96FA-0A41B1F55F76}.reg.dat 2008-10-25 17:47:02 A------- 155 C:\Qoobox\Quarantine\Registry_backups\SSODL-qnflkotm-{7FF0C7E8-DF07-4550-A65B-C367791C512A}.reg.dat 2008-10-25 17:47:02 A------- 155 C:\Qoobox\Quarantine\Registry_backups\SSODL-vwnskbot-{1FBFC521-02EE-4D12-81BA-2E0A5EBCB348}.reg.dat 2008-10-25 17:48:41 A------- 558 C:\Qoobox\Quarantine\Registry_backups\SafeBoot-TDSSnbcb.sys.reg.dat Lenke til kommentar
norbat Skrevet 25. oktober 2008 Del Skrevet 25. oktober 2008 (endret) Du kan være trygg på at Combofix fjerner det den finner av malware. Bruk utforsker til å slette disse filene: C:\ARK6AE4.tmp ... C:\ARKB0CF.tmp Oppdater og kjør en quick scan med SAS Endret 25. oktober 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå