chewie2 Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 (endret) så klarte jeg kunststykket da - skulle jo såklart ikke klikka på fila, men dumbass did it anyway :I nå har jeg gått igennom Veiledning: Hjelp til å få fjernet malware (virus, ormer, trojanere, spyware...) og laget alle nødvendige logger - trur eg. HJT-loggen [Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:05, on 29.10.2008 End of file - 11243 bytes combofix-logg ComboFix 08-10-29.04 - chewie 2008-10-29 12:18:18.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.531 [GMT 1:00] 216 --- E O F --- 2008-10-24 01:02:52 også var det MBAM-loggen Malwarebytes' Anti-Malware 1.30 Database versjon: 1332 Windows 5.1.2600 Service Pack 3 29.10.2008 12:10:13 mbam-log-2008-10-29 (12-10-13).txt Skanntype: Rask Skann Objekter skannet: 51145 Tid tilbakelagt: 4 minute(s), 46 second(s) ja da takker jeg for all hjelp og håper det er noen smarte hoder som har tid å avse Endret 30. oktober 2008 av chewie2 Lenke til kommentar
Bruker-158599 Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 så klarte jeg kunststykket da - skulle jo såklart ikke klikka på fila, men dumbass did it anyway :I nå har jeg gått igennom Veiledning: Hjelp til å få fjernet malware (virus, ormer, trojanere, spyware...) og laget alle nødvendige logger - trur eg. HJT-loggen [Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:05, on 29.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam\Quickcam.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\Trillian\trillian.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\explorer.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\test\HijackThis.exe C:\Documents and Settings\chewie\Skrivebord\for seg selv\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/storefro...amp;SSLT=2& R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Programdata\file joy proc deaf\win htm.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [cast spam] C:\DOCUME~1\chewie\PROGRA~1\SKIPCH~1\byte htm.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Trillian.lnk = C:\Programfiler\Trillian\trillian.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: Trillian.lnk = C:\Programfiler\Trillian\trillian.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Trillian.lnk = C:\Programfiler\Trillian\trillian.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: kqbruz.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 11243 bytes combofix-logg ComboFix 08-10-29.04 - chewie 2008-10-29 12:18:18.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.531 [GMT 1:00] Running from: C:\Documents and Settings\chewie\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Defilnpo.ini C:\WINDOWS\system32\Defilnpo.ini2 . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))))) . 2008-10-29 12:03 . 2008-10-29 12:03 <DIR> dr-h----- C:\Documents and Settings\chewie\Siste 2008-10-29 10:29 . 2008-10-29 10:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-29 10:29 . 2008-10-29 10:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-28 14:56 . 2008-10-28 14:56 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-28 14:31 . 2008-10-28 14:39 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-28 14:31 . 2008-10-28 14:31 <DIR> d-------- C:\Documents and Settings\chewie\Programdata\Malwarebytes 2008-10-28 14:31 . 2008-10-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-28 14:31 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-28 14:31 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-28 14:24 . 2008-10-28 14:24 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-27 23:46 . 2008-10-27 23:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-10-27 23:46 . 2008-10-27 23:46 <DIR> d-------- C:\Documents and Settings\chewie\Programdata\SUPERAntiSpyware.com 2008-10-27 23:46 . 2008-10-27 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-10-27 23:45 . 2008-10-27 23:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-27 19:46 . 2008-10-27 19:46 <DIR> d-------- C:\Programfiler\Skipchinhelp 2008-10-27 19:46 . 2008-10-27 19:47 <DIR> d-------- C:\Documents and Settings\chewie\Programdata\Skipchinhelp 2008-10-27 19:46 . 2008-10-27 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\file joy proc deaf 2008-10-26 08:07 . 2008-08-25 11:42 327,704 --a------ C:\WINDOWS\system32\aipict8.hlp 2008-10-26 07:52 . 2008-10-26 08:24 <DIR> d-------- C:\keepers2 2008-10-23 23:02 . 2008-10-15 17:38 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-20 13:02 . 2008-09-15 16:29 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-20 13:02 . 2008-09-08 11:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-20 13:01 . 2008-08-14 14:27 2,190,976 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-20 13:01 . 2008-08-14 14:27 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-20 13:01 . 2008-08-14 14:27 2,067,840 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-20 13:01 . 2008-08-14 14:27 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-20 12:59 . 2008-04-11 20:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-20 12:59 . 2008-05-01 15:38 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 11:22 --------- d-----w C:\Programfiler\Trillian 2008-10-29 10:57 --------- d-----w C:\Documents and Settings\chewie\Programdata\AVG7 2008-10-29 07:18 --------- d-----w C:\Documents and Settings\chewie\Programdata\uTorrent 2008-10-26 07:45 --------- d-----w C:\Programfiler\BDViewer 2008-10-26 07:07 --------- d-----w C:\Programfiler\Applied_Insights 2008-10-20 20:40 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-16 05:11 --------- d-----w C:\Documents and Settings\chewie\Programdata\dvdcss 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-05-09 08:17 1 ----a-w C:\Documents and Settings\chewie\SI.bin 2004-07-22 09:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB 2004-07-19 21:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab 2004-07-19 21:53 976,020 ----a-w C:\Programfiler\BDAXP.cab 2004-07-09 13:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab 2004-07-09 08:13 703,080 ----a-w C:\Programfiler\BDA.cab 2004-07-09 08:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab 2004-07-09 03:08 472,576 ----a-w C:\Programfiler\dxsetup.exe 2004-07-09 03:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll 2004-07-09 02:03 62,976 ----a-w C:\Programfiler\DSETUP.dll 2007-08-24 22:06 80 --sh--r C:\WINDOWS\system32\F0B1491FAB.dll 2008-05-09 13:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050920080510\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-28_14.53.37,81 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE - 2008-10-28 13:46:56 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-29 11:17:29 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-10-28 13:46:56 60,714 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-10-29 11:17:29 60,714 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-10-28 13:46:56 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-29 11:17:29 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-10-28 13:46:56 385,330 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-10-29 11:17:29 385,330 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "cast spam"="C:\DOCUME~1\chewie\PROGRA~1\SKIPCH~1\byte htm.exe" [2008-10-27 579584] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-13 126976] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 159744] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-03-27 155648] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Programdata\file joy proc deaf\win htm.exe" [2008-10-29 3313664] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-13 219136] C:\Documents and Settings\chewie\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Trillian.lnk - C:\Programfiler\Trillian\trillian.exe [2007-12-10 1873280] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=kqbruz.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Utorrent\\utorrent.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 198336] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-27 13352] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800] . Contents of the 'Scheduled Tasks' folder 2008-10-29 C:\WINDOWS\Tasks\AEF7994D91C0164D.job - c:\docume~1\chewie\progra~1\skipch~1\modenounadmin.exe [2008-10-27 19:47] . - - - - ORPHANS REMOVED - - - - BHO-{37F5D8FF-2901-4A39-A339-09CFD75CE3DB} - C:\WINDOWS\system32\opnlifeD.dll ShellExecuteHooks-{62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\geBrolkI.dll Notify-geBrolkI - geBrolkI.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?NOS=471RSDVW5xVzirUGAAjiCCl0hoODmwckUPvDvAZxrRBD2Ur02dugBECA%2BvlKKCGV2F7DF8R&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F1009771%2FDE6AEIFBD6A8449396849&GUID=2552DD2069E63A0595B443CA9C614192&SSLT=2& R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 12:25:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?2?0??????? ???B???????????????B???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Apoint2K\ApntEx.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\HPQ\Shared\hpqwmi.exe C:\Programfiler\Fellesfiler\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2008-10-29 12:30:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-29 11:30:44 ComboFix2.txt 2008-10-28 14:06:45 ComboFix3.txt 2008-10-28 13:54:05 Pre-Run: 27 902 955 520 byte ledig Post-Run: 27,815,510,016 byte ledig 216 --- E O F --- 2008-10-24 01:02:52 også var det MBAM-loggen Malwarebytes' Anti-Malware 1.30 Database versjon: 1332 Windows 5.1.2600 Service Pack 3 29.10.2008 12:10:13 mbam-log-2008-10-29 (12-10-13).txt Skanntype: Rask Skann Objekter skannet: 51145 Tid tilbakelagt: 4 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 2 Registernøkler infisert: 9 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 4 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\jsqunxjg.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kqbruz.dll (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{898b4202-00c2-4ee1-8ecc-deedd02b64fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{898b4202-00c2-4ee1-8ecc-deedd02b64fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{898b4202-00c2-4ee1-8ecc-deedd02b64fc} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\778ef9cd (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\kqbruz.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jsqunxjg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gjxnuqsj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwkfdqgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. ja da takker jeg for all hjelp og håper det er noen smarte hoder som har tid å avse Etter du søkte med mbam, restarta du Pc'n da? Lenke til kommentar
norbat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\Tasks\AEF7994D91C0164D.job Folder:: C:\Programfiler\Skipchinhelp C:\Documents and Settings\chewie\Programdata\Skipchinhelp C:\Documents and Settings\All Users\Programdata\file joy proc deaf Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cast spam"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Proc Deaf Delete Peak"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Trenger ingen nye logger. Avinstaller fra legg til/fjern programmer: LiveUpdate Hvordan kjører pc'n? Lenke til kommentar
chewie2 Skrevet 29. oktober 2008 Forfatter Del Skrevet 29. oktober 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\Tasks\AEF7994D91C0164D.job Folder:: C:\Programfiler\Skipchinhelp C:\Documents and Settings\chewie\Programdata\Skipchinhelp C:\Documents and Settings\All Users\Programdata\file joy proc deaf Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cast spam"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Proc Deaf Delete Peak"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Trenger ingen nye logger. Avinstaller fra legg til/fjern programmer: LiveUpdate Hvordan kjører pc'n? det her var jævlig bra gutta. takk skal dere ha ser ut til at pcn kjører som før - veldig fornøyd eneste jeg kunne påpekt er det store antallet svchost.exe ( 7 stk - fire system, en lokal og to netterkstjeneste) som viser seg i taskmanageren - hva kommer de av Lenke til kommentar
norbat Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Helt normalt. Bak disse svchost'ene kjører det tjenester. Disse er det en del av, derfor flere svchost også. Du kan se hvilken tjenester som kjører bak de ulike svchost ved å gjøre følgende: Klikk: Start->Kjør Skriv: cmd Fra ledetekst, skriv: tasklist /svc Du kan også bruke ulike program som kan gi en mer detaljert oversikt (eks. Process Explorer fra Sysinternals) Lenke til kommentar
r2d290 Skrevet 29. oktober 2008 Del Skrevet 29. oktober 2008 Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java:http://java.com/en/download/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå