MysticoN Skrevet 17. november 2008 Del Skrevet 17. november 2008 Merker at pc'en har blitt en del tregere, tar mye lengre tid å starte program og spill en før. og opera vil ikke starte lengre. Kan heller ikke bruke ALT TAB lengre for å bla i åpne programmer. Har tatt en ful scan med panda antivirus uten å finne noe. kan noen ta en titt på Hijackthis log, skal også nevnes at jeg fikk en feil melding når jeg kjørte hijackthis (se vedlegg) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:44:18, on 15.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe C:\Windows\System32\oodtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Razer\Lycosa\razerhid.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Opera\opera.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://www.skandiabanken.no O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\Windows\CBTWlanSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6332 bytes Lenke til kommentar
raWrz Skrevet 17. november 2008 Del Skrevet 17. november 2008 (endret) trykk på ctrl + shift + esc finn Hijakthis i prosessor og avslutt den høyere klikk på hijak this og klikk kjør som administrator edit: og følg denne guiden: https://www.diskusjon.no/index.php?showtopic=691246 Endret 17. november 2008 av Submit Lenke til kommentar
MysticoN Skrevet 17. november 2008 Forfatter Del Skrevet 17. november 2008 (endret) Malwarebytes' Anti-Malware 1.30 Database versjon: 1404 Windows 6.0.6001 Service Pack 1 17.11.2008 17:42:52 mbam-log-2008-11-17 (17-42-52).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 131534 Tid tilbakelagt: 44 minute(s), 27 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Mysticon\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Mysticon\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Mysticon\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Mysticon\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\Mysticon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Combofix log: ComboFix 08-11-16.05 - Mysticon 2008-11-17 17:44:31.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2350 [GMT 1:00] Running from: c:\users\Mysticon\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Mysticon\AppData\Roaming\.# . ((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 ))))))))))))))))))))))))))))))) . 2008-11-17 16:53 . 2008-11-17 16:53 <DIR> d-------- c:\users\Mysticon\AppData\Roaming\Malwarebytes 2008-11-17 16:53 . 2008-11-17 16:53 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-17 16:53 . 2008-11-17 16:53 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-17 16:53 . 2008-11-17 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-17 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-17 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-14 16:38 . 2008-11-14 16:38 <DIR> d-------- c:\windows\System32\xlive 2008-11-14 16:38 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll 2008-11-14 16:38 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\System32\D3DCompiler_33.dll 2008-11-14 16:38 . 2007-03-15 16:57 443,752 --a------ c:\windows\System32\d3dx10_33.dll 2008-11-14 16:38 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll 2008-11-13 18:57 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-13 18:57 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-13 18:57 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-13 18:57 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-13 18:56 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-13 18:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-13 18:56 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-13 18:56 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-13 18:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-13 05:59 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-13 05:58 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-13 05:58 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-06 16:29 . 2008-11-06 16:29 <DIR> d-------- c:\users\Mysticon\AppData\Roaming\Red Kawa 2008-11-05 17:28 . 2008-11-06 07:35 <DIR> d-------- c:\users\Mysticon\AppData\Roaming\Red Alert 3 2008-11-05 17:21 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll 2008-11-05 17:21 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll 2008-11-05 17:21 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll 2008-11-05 17:21 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll 2008-11-05 17:21 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll 2008-11-05 17:21 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll 2008-11-04 19:07 . 2008-11-04 19:07 <DIR> d-------- c:\users\Mysticon\AppData\Roaming\AVS4YOU 2008-11-04 19:07 . 2008-11-04 19:07 <DIR> d-------- c:\users\All Users\AVS4YOU 2008-11-04 19:07 . 2008-11-04 19:07 <DIR> d-------- c:\programdata\AVS4YOU 2008-11-04 19:07 . 2008-11-04 19:11 <DIR> d-------- c:\program files\Common Files\AVSMedia 2008-11-04 19:07 . 2008-11-04 19:11 <DIR> d-------- c:\program files\AVS4YOU 2008-11-04 19:07 . 2007-02-27 19:36 974,848 --a------ c:\windows\System32\mfc70.dll 2008-11-04 19:07 . 2007-02-27 19:36 487,424 --a------ c:\windows\System32\msvcp70.dll 2008-11-04 19:07 . 2007-02-27 19:36 344,064 --a------ c:\windows\System32\msvcr70.dll 2008-11-04 19:07 . 2007-02-27 19:36 24,576 --a------ c:\windows\System32\msxml3a.dll 2008-10-30 03:11 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-30 03:11 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-30 03:11 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-30 03:11 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-30 03:11 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-29 09:59 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-29 09:59 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-29 09:59 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-18 23:21 . 2008-10-18 23:21 <DIR> d-------- c:\program files\Ventrilo 2008-10-18 23:04 . 2008-10-18 23:08 <DIR> d-------- c:\users\Mysticon\AppData\Roaming\Ventrilo 2008-10-18 23:03 . 2008-10-18 23:04 <DIR> d-------- c:\program files\VentriloMIX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 01:54 --------- d-----w c:\program files\Common Files\Steam 2008-11-17 01:23 --------- d-----w c:\users\Mysticon\AppData\Roaming\uTorrent 2008-11-14 15:39 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-04 18:11 --------- d-----w c:\program files\Red Kawa 2008-10-30 09:35 --------- d-----w c:\program files\Opera 2008-10-18 22:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-16 02:40 --------- d-----w c:\program files\Windows Mail 2008-10-15 21:44 --------- d-----w c:\program files\Trend Micro 2008-10-15 20:42 --------- d-----w c:\programdata\NVIDIA 2008-10-10 14:20 --------- d-----w c:\program files\AGEIA Technologies 2008-10-10 14:14 91,159,752 ----a-w c:\users\Public\178.13_geforce_winvista_32bit_english_whql.exe 2008-10-10 13:54 --------- d-----w c:\program files\Siemens 2008-10-10 06:05 --------- d-----w c:\program files\CCleaner 2008-10-10 06:01 --------- d-----w c:\users\Mysticon\AppData\Roaming\VSRevoGroup 2008-10-10 06:00 --------- d-----w c:\program files\MagicISO 2008-10-10 05:57 --------- d-----w c:\program files\VS Revo Group 2008-10-08 16:25 --------- d-----w c:\program files\AviSynth 2.5 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-10-01 10:55 --------- d-----w c:\programdata\Razer 2008-09-22 17:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-20 21:09 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-09-20 21:08 --------- d-----w c:\program files\Common Files\Adobe 2008-09-20 16:50 --------- d-----w c:\users\Mysticon\AppData\Roaming\InstallShield 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-17 21:38 --------- d-----w c:\users\Mysticon\AppData\Roaming\Apple Computer 2008-09-17 03:52 --------- d-----w c:\programdata\Apple Computer 2008-09-17 03:52 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-17 03:52 --------- d-----w c:\program files\iTunes 2008-09-17 03:52 --------- d-----w c:\program files\iPod 2008-09-17 03:51 --------- d-----w c:\program files\QT Lite 2008-09-17 03:51 --------- d-----w c:\program files\Common Files\Apple 2008-09-17 03:51 --------- d-----w c:\program files\Bonjour 2008-09-17 03:51 --------- d-----w c:\program files\Apple Software Update 2008-09-17 03:50 --------- d-----w c:\programdata\Apple 2008-09-16 19:27 453,152 ----a-w c:\windows\System32\NVUNINST.EXE 2008-09-07 18:54 174 --sha-w c:\program files\desktop.ini 2008-09-07 17:59 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-09-07 17:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-09-04 07:31 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe 2008-09-02 18:45 269,312 ----a-w c:\windows\System32\es.dll 2008-09-02 18:44 988,216 ----a-w c:\windows\System32\winload.exe 2008-09-02 18:44 927,288 ----a-w c:\windows\System32\winresume.exe 2008-09-02 18:44 615,992 ----a-w c:\windows\System32\ci.dll 2008-09-02 18:44 6,656 ----a-w c:\windows\System32\kbd106n.dll 2008-09-02 18:44 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2008-09-02 18:44 40,960 ----a-w c:\windows\System32\srclient.dll 2008-09-02 18:44 378,368 ----a-w c:\windows\System32\srcore.dll 2008-09-02 18:44 318,464 ----a-w c:\windows\System32\rstrui.exe 2008-09-02 18:44 19,000 ----a-w c:\windows\System32\kd1394.dll 2008-09-02 18:44 14,848 ----a-w c:\windows\System32\srdelayed.exe 2008-09-02 18:41 24,064 ----a-w c:\windows\autoload.exe 2008-09-02 14:47 61,440 ----a-w c:\windows\System32\winipsec.dll 2008-09-02 14:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2008-09-02 14:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2008-09-02 14:47 272,896 ----a-w c:\windows\System32\polstore.dll 2008-09-02 14:42 2,048 ----a-w c:\windows\System32\tzres.dll 2008-09-02 14:20 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll 2008-09-02 14:16 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-09-02 14:16 295,936 ----a-w c:\windows\System32\gdi32.dll 2008-09-02 14:16 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-09-02 14:14 14,848 ----a-w c:\windows\System32\wshrm.dll 2008-09-02 14:14 1,695,744 ----a-w c:\windows\System32\gameux.dll 2008-09-02 14:13 84,480 ----a-w c:\windows\System32\INETRES.dll 2008-09-02 14:13 738,304 ----a-w c:\windows\System32\inetcomm.dll 2008-09-02 14:13 1,314,816 ----a-w c:\windows\System32\quartz.dll 2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-08-29 06:57 70,936 ----a-w c:\windows\System32\PhysXLoader.dll 2008-08-29 06:40 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-08-29 06:40 315,392 ----a-w c:\windows\HideWin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2008-05-21 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-18 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-13 c:\windows\SkyTel.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 c:\windows\KHALMNPR.Exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 18:02 50736 c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0FEF58D7-1D39-40B3-914D-8DBC3F8524D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5C59A4EF-F70D-4BB8-B72C-01A5AD23A938}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{36B81747-AFFA-41E6-A2DF-E88ACD7799BF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{CCD7D739-C37D-477F-80D5-B9A9E6ABD25C}d:\\steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"= UDP:d:\steam\steamapps\the real mysticon\team fortress 2\hl2.exe:hl2 "UDP Query User{F558FBBE-26FC-4359-9129-B0C3C065A590}d:\\steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"= TCP:d:\steam\steamapps\the real mysticon\team fortress 2\hl2.exe:hl2 "TCP Query User{BE7DDF7E-EA33-4E23-B9A2-3F4F3E72DA6A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{3C63A299-786D-43AA-8A74-3EA97A5B007B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{CDBA6981-4AEA-439A-B821-E99595AF6D35}d:\\games\\steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"= UDP:d:\games\steam\steamapps\the real mysticon\team fortress 2\hl2.exe:hl2 "UDP Query User{7D493E23-71CF-4076-9FCA-56A71EA52F81}d:\\games\\steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"= TCP:d:\games\steam\steamapps\the real mysticon\team fortress 2\hl2.exe:hl2 "TCP Query User{0D9584AC-49FC-4E47-9BAB-B749842C9848}c:\\users\\mysticon\\desktop\\war europe downloader.exe"= UDP:c:\users\mysticon\desktop\war europe downloader.exe:war europe downloader.exe "UDP Query User{EE9A5589-6AC9-4D6E-AA81-762473902F20}c:\\users\\mysticon\\desktop\\war europe downloader.exe"= TCP:c:\users\mysticon\desktop\war europe downloader.exe:war europe downloader.exe "TCP Query User{27E4E4F7-6895-4F26-9160-8D27C840FEBF}d:\\war europe downloader.exe"= UDP:D:\war europe downloader.exe:Warhammer Downloader "UDP Query User{EF17D6C5-7993-463C-81CE-CC8A3026D666}d:\\war europe downloader.exe"= TCP:D:\war europe downloader.exe:Warhammer Downloader "TCP Query User{B0060FD3-2A3C-4BD5-A340-81EB37C99671}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{3494A762-2CAE-43B1-8082-21F56ED70403}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{E052F78E-E89C-4A46-8D75-8F87151BCDC5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4B81EB52-1EE1-4F97-86A7-7814B64236B7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{792AA248-126D-4EA2-B2FB-5266D64DE71D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{2B5D522A-C6EF-4CD5-9388-D54B53B7AA09}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{F65BF67A-9D53-4543-ABBB-0CE501928677}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{0893BE12-6F14-4D23-A029-455B1AF1416E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-09-02 38968] R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2008-09-02 46648] R2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2008-09-20 106496] R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-09-02 178872] R2 PskSvcRetail;Panda PSK service;"c:\program files\Panda Security\Panda Antivirus 2008\PskSvc.exe" [2008-09-02 27696] R3 athrusb6;Siemens Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2008-09-20 873472] R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772.sys [2008-08-20 48128] R3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-09-02 104944] R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\Drivers\UT_FPRd.sys [2007-07-06 16000] S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2008-09-20 20096] S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-09-28 16896] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8427a5ba-834a-11dd-be5c-0019fd4ccc80}] \shell\AutoRun\command - F:\FalloutLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9a66da-8ee5-11dd-954d-0019fd4ccc80}] \shell\AutoRun\command - G:\Speed-Link.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 17:46:40 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... c:\windows\System32\dllhost.exe [24728] 0xAD52C020 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-17 17:47:52 ComboFix-quarantined-files.txt 2008-11-17 16:47:48 Pre-Run: 3 663 220 736 bytes free Post-Run: 3,772,350,464 bytes free 233 --- E O F --- 2008-11-14 02:01:19 hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:58, on 17.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe C:\Windows\System32\oodtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Razer\Lycosa\razerhid.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://www.skandiabanken.no O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\Windows\CBTWlanSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5947 bytes Etter combofix var ferdig fant plutselig panda et par ting: rootkit/kednld i nuclab.sys og sks2drvr.sys ( hacktool/rootkit.d) valgte å slette disse. systemet mitt er no mer stabilt og litt raskere, men føler enda at det er litt treghet her. Endret 17. november 2008 av MysticoN Lenke til kommentar
MysticoN Skrevet 18. november 2008 Forfatter Del Skrevet 18. november 2008 så regner med at log'ene mine ser bra ut siden ingen har kommet med noen tilbake melding?! Lenke til kommentar
r2d290 Skrevet 18. november 2008 Del Skrevet 18. november 2008 Etter å ha sett lynraskt over, så ser det ikke så verst ut... Prøve å defragmentere og bruke CCleaner for å fjerne temp-filer, ellers så tror jeg vi sier oss ferdig for denne gangen. Du kan heller komme tilbake hvis du mener det trengs Hvis du mener problemet er løst, kan du rapportere tråden din til moderator, og si at du har fått svar på problemet ditt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå