Mislykket Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 (endret) I et par uker eller tre har jeg hatt denne ormen liggende rundt på pc'en. Jeg trodde jeg hadde fått den fjernet etter en fullscan med fullversjon av Ad-aware 2009, men når jeg igjen tok fullscan (en gang i uka, tar quick scan daglig) var ormen tilbake på plass. Programmet finner ormen, jeg trykker på recommended og jeg restarter som programmet sier. Med ny fullscan dukker den opp igjen. Når jeg restarter kommer det tekst som sier noe om at den installerer, boot/booter, skal starte et program når pc'en kommer inn i windows. Adressa til "programmet som skal starte" er litt rar, en mappe i programfiler som jeg ikke har laget. Mappa i programfiler er "1196835429", undermappe "mitt navn", og så tre box filer, 1196835429.box1, .box2, .box3, og to andre filer med bare tall som har dato 01.10.2025. Synes dette er svært merkelig og antar det har sammenheng med denne ormen? Jeg har lastet ned a-squared anti-malware, malwarebytes anti-malvare og gjort deep scans uten at de finner ormen. Antivirusprogrammt mitt (Norton Internet Security 2009, fullversjon), finner heller ikke denne fila. Kun Ad-Aware. Har brukt en del tid på å søke rundt på google, men finner aldri noe svar på hvordan jeg får fjernet dritten. Noen som kan hjelpe meg, eller gi meg tips? EVIG TAKKNEMLIG! Endret 20. mai 2009 av Mislykket Lenke til kommentar
mago Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 combofix http://www.kvasir.no/alle?q=combofix og Regrun http://www.kvasir.no/alle?q=regrun er gode program Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 (endret) Hehe takk men trenger ikke link til flere programmer. a-squared er ett av de aller beste (om ikke det beste) anti-malware programmet som finnes, har trial nå i 30 dager, programmet holder seg hele tiden oppdatert på siste teknologi, så tviler på at combofix og regrun kommer i nærheten ja. Uansett linka du jo bare til søkeresultat i kvasir, skjønner ikke helt vitsen med å svare på innlegget mitt. Jeg tenkte mer på at det må være en måte å fjerne dritten manuelt på, i og med at ormen sikkert har spredd seg rundt for lengst... Endret 20. mai 2009 av Mislykket Lenke til kommentar
Theoneask Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Du bør uansett laste ned Combofix, og legge loggen opp her sånn at dei som veit kva dei skal sjå etter, kan gå gjennom loggen og komme med tilbakemelding på den. http://www.combofix.org/ Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 ComboFix 09-05-19.08 - Tomine 20.05.2009 17:51.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2045.1319 [GMT 2:00] Kjører fra: c:\users\Tomine\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Tomine\AppData\Roaming\inst.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-20 til 2009-05-20 ))))))))))))))))))))))))))))))))) . 2009-05-20 06:28 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 06:28 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 06:28 . 2009-05-20 06:28 -------- d-----w c:\programdata\Malwarebytes 2009-05-20 06:28 . 2009-05-20 06:28 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-20 06:27 . 2009-05-20 06:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 06:15 . 2009-05-20 14:30 -------- d-----w c:\program files\a-squared Anti-Malware 2009-05-11 15:42 . 2009-05-11 15:42 -------- d-----w c:\programdata\Sports Interactive 2009-05-11 15:42 . 2009-05-11 15:42 -------- d-----w c:\users\All Users\Sports Interactive 2009-05-02 16:21 . 2009-05-02 16:21 -------- d-----w c:\users\Tomine\AppData\Roaming\vlc 2009-05-02 11:45 . 2009-05-02 11:45 -------- d-----w c:\program files\1196835429 2009-05-02 10:43 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-05-02 10:43 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-05-02 10:43 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-05-02 10:43 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-05-02 10:43 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-05-02 10:43 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-05-02 10:43 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-05-02 10:35 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-05-02 10:35 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-05-02 10:35 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-05-02 10:35 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-05-02 10:34 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-05-02 10:32 . 2009-03-08 11:32 72704 ----a-w c:\windows\system32\admparse.dll 2009-05-02 10:32 . 2009-03-08 11:31 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-05-02 10:32 . 2009-03-08 11:22 156160 ----a-w c:\windows\system32\msls31.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-04-30 09:07 . 2008-07-31 08:41 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll 2009-04-30 09:07 . 2008-07-31 08:40 509448 ----a-w c:\windows\system32\XAudio2_2.dll 2009-04-30 09:07 . 2008-07-31 08:41 238088 ----a-w c:\windows\system32\xactengine3_2.dll 2009-04-30 09:07 . 2008-07-12 06:18 1493528 ----a-w c:\windows\system32\D3DCompiler_39.dll 2009-04-30 09:07 . 2008-07-12 06:18 467984 ----a-w c:\windows\system32\d3dx10_39.dll 2009-04-30 09:07 . 2008-07-12 06:18 3851784 ----a-w c:\windows\system32\D3DX9_39.dll 2009-04-27 18:32 . 2009-04-27 18:32 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-25 11:34 . 2009-04-25 11:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-04-24 08:27 . 2009-04-24 08:26 25136 ----a-r c:\windows\system32\drivers\SymIMV.sys 2009-04-24 08:27 . 2009-04-24 08:27 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-24 08:27 . 2009-04-24 17:23 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-24 08:27 . 2009-04-24 08:27 -------- d-----w c:\program files\Symantec 2009-04-24 08:26 . 2009-04-24 08:26 -------- d-----w c:\windows\system32\drivers\NIS 2009-04-24 08:26 . 2009-04-24 08:26 -------- d-----w c:\program files\Norton Internet Security 2009-04-24 08:26 . 2009-04-24 08:26 -------- d-----w c:\program files\NortonInstaller 2009-04-22 16:06 . 2009-04-22 16:15 -------- d-----w c:\program files\Common Files\Symantec Shared(174) 2009-04-22 16:05 . 2009-04-24 08:24 -------- d-----w c:\program files\Norton Internet Security(251) . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-20 15:40 . 2008-10-24 13:01 31966 ----a-w c:\users\All Users\nvModes.dat 2009-05-20 15:40 . 2008-10-24 13:01 31966 ----a-w c:\programdata\nvModes.dat 2009-05-20 13:56 . 2009-02-23 15:34 -------- d-----w c:\program files\Advanced Registry Fix 2009-05-20 07:22 . 2006-11-21 05:16 76478 ----a-w c:\windows\system32\perfc014.dat 2009-05-20 07:22 . 2006-11-21 05:16 452334 ----a-w c:\windows\system32\perfh014.dat 2009-05-13 12:42 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-11 15:24 . 2008-09-20 11:19 -------- d-----w c:\program files\Spill 2009-05-10 21:30 . 2008-12-29 13:21 -------- d-----w c:\program files\_Programmer 2009-05-04 06:26 . 2007-12-13 20:07 101856 ----a-w c:\users\Tomine\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-03 17:13 . 2007-12-05 06:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-02 17:03 . 2007-12-05 06:38 -------- d-----w c:\program files\Common Files\Adobe 2009-05-02 16:16 . 2009-01-13 00:11 -------- d-----w c:\program files\VLC 2009-05-02 11:06 . 2008-10-22 10:20 -------- d-----w c:\program files\Microsoft Works 2009-05-02 10:01 . 2007-12-13 21:33 -------- d-----w c:\program files\Winamp 2009-04-30 09:17 . 2009-04-06 23:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-27 18:32 . 2009-02-09 17:58 -------- d-----w c:\program files\Daemon Tools Lite 2009-04-27 18:19 . 2008-01-29 20:20 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-25 11:34 . 2009-02-04 23:18 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-24 09:07 . 2008-10-27 09:57 -------- d-----w c:\program files\Picasa2 2009-04-24 08:27 . 2009-04-24 08:27 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-24 08:27 . 2009-04-24 08:27 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-08 22:50 . 2009-04-08 22:50 1156 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-04-06 23:06 . 2009-04-06 23:06 -------- d-----w c:\program files\AGEIA Technologies 2009-03-25 10:59 . 2007-12-05 06:25 -------- d-----w c:\program files\Java 2009-03-17 03:38 . 2009-04-15 22:52 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-15 22:52 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-09 04:19 . 2009-02-15 12:51 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 11:34 . 2009-05-02 10:31 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-05-02 10:31 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-05-02 10:31 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-05-02 10:31 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-05-02 10:31 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-05-02 10:31 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-05-02 10:31 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-05-02 10:31 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-05-02 10:31 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-05-02 10:31 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-05-02 10:31 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-05-02 10:31 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-05-02 10:31 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-05-02 10:31 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-05-02 10:31 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-03 04:46 . 2009-04-15 22:52 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-15 22:52 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-15 22:52 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-15 22:52 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-15 22:52 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-15 22:52 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-15 22:52 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-15 22:52 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-15 22:52 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-15 22:52 17408 ----a-w c:\windows\system32\iashost.exe 2008-06-20 22:48 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2007-12-05 06:27 . 2007-12-05 06:27 76 --sha-r c:\windows\CT4CET.bin 2009-01-09 16:38 . 2009-01-09 16:38 2 --shatr c:\windows\winstart.bat 2007-12-05 14:09 . 2007-12-05 13:59 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "DAEMON Tools Lite"="c:\program files\Daemon Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-09 159744] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13736480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-05-10 2940048] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-5 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CD33D756-AC82-4643-902F-921FE5E5BF14}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{8350B7E4-A3B5-4EB1-A85F-AA6B639291B8}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{F1785B24-2AEE-4448-A694-B679455E55DC}c:\\program files\\macromedia\\dreamweaver mx 2004\\dreamweaver.exe"= UDP:c:\program files\macromedia\dreamweaver mx 2004\dreamweaver.exe:Dreamweaver MX 2004 "UDP Query User{BA5443A7-00E8-4050-A789-8721CDAC67F2}c:\\program files\\macromedia\\dreamweaver mx 2004\\dreamweaver.exe"= TCP:c:\program files\macromedia\dreamweaver mx 2004\dreamweaver.exe:Dreamweaver MX 2004 "{22A1178D-76E1-4BFD-AE00-2B0425CF2211}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{68472342-AE64-4D69-A3BC-CAC67656D8DF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{19F46D31-A4C9-4ADC-9230-17391610BE73}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{D56A259D-04E9-4240-B016-ED3C95B62761}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{24F9A920-B51B-47F4-9326-375ECA670A26}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{D6CFC7F3-F9F4-4C7C-A3ED-E9BDAC9C6F09}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C320D1D2-C4E0-40AA-A926-668F30024767}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{30F3B761-CE4B-4B98-A095-2E5E5F25903A}"= UDP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{5D2E7CEE-5009-4197-92B9-C3AF1A8A580D}"= TCP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{BE523FC9-08CD-489E-A0C0-1F093C54F5BF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{7DB4B8CF-44C6-46A9-B4DC-06C5B9A6B01D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{04D70E3A-2707-42D3-8EB0-A57706A4989C}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{C338ED4A-3F46-4E9E-AE90-9233DEB7A999}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{2B2160B5-6766-42A3-AA04-A1927B05B115}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{6F459CB4-D73B-4392-98AF-E468CC06AC5E}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{6E167E4B-67A1-4D23-8EAC-DBC075A94C3F}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{3D188BC1-D95C-491F-B919-129FAB46D2B2}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{40892957-1213-414B-AACC-4EB173139CAE}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{332F4E50-6C5F-4EFA-85D5-E6BBB47076CF}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{9F6DB605-D18B-4C69-B151-EC4C48EBA253}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{0B4B097B-68A5-4559-B321-D376BA6039B1}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{FCD4C9BB-7E1D-4DD2-9790-E112B0220C84}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System "{E842149E-122B-4A55-97E4-8446D85305D7}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System "{FD06F624-0E02-43F1-A8F4-5F5F25FEC6CC}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{7B803BE1-D5BE-4CDA-B4A6-4B0AB04C2E34}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{8884B436-E024-4A14-A113-7C867770EB14}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{C85551A3-7760-4D24-BEF9-C97D470A9B22}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{60CCC0A8-9BE1-4CDA-9A87-9ED30586823B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{078AFEF8-7BA9-46F3-8B3D-17887E83A3B9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{C5D361A0-6778-4147-98E7-7CCC9EB01A33}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface "{64D8C8D4-CE7F-4AD9-98E7-69640BB17029}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface "{FD038341-81F9-4F11-929B-B2AF99AF4CD2}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{FAE640C4-2F6E-49E7-9458-1DEFB8098403}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{60BA2335-4D79-40BB-AC57-F02B222FB5D1}"= UDP:c:\users\Tomine\AppData\Local\Temp\lxdi\wireless\NORWEGAN\lxdiwpss.exe: "{2F9F7E03-B911-40F2-B9A3-E736D9C3999F}"= TCP:c:\users\Tomine\AppData\Local\Temp\lxdi\wireless\NORWEGAN\lxdiwpss.exe: "{852552A4-F986-452B-8C89-DCFA3AADD7D2}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{3626C050-5B49-4968-AA33-5D848B251C28}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{ED850F5D-B2CD-4057-9B2F-FF15D6EBEB9F}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window "{B9C8009D-01F8-4D34-B216-E5F661960011}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window "{18890251-656D-411D-A923-EF59421C60FF}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{47500892-A9E5-4548-B872-8589F0F0DCFC}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{CA58A8F9-E16B-491C-BDB9-2970FBCC04B3}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{6C986217-D3F0-420E-8652-15795D379173}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{BE40BC90-EFC3-41C6-80C0-25D70784B604}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{F20E771B-9301-415C-8DCB-50B417F71D86}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A992268E-A0E3-46E2-8E3F-10CEC1086CED}"= UDP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{A0C87139-4641-4A3E-BA32-4CCB59255A8A}"= TCP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{494EE05B-5AC8-4212-95D4-3F51981A174F}"= UDP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{4B4C5779-4F06-4EB1-AE3D-BEE61C523E86}"= TCP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{07F9EE17-90E3-40A8-8C01-4ECFADEB5996}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{13220413-1786-4013-ACE0-6CC20421F018}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C4C45BBE-D23A-4A4D-B05E-B0BA12C5CE16}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FFFAC6D6-64C1-4F79-8999-6EE1A4D7A2CA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2FD09A86-ADE0-462D-8603-E52606FD81BF}"= UDP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{356F8BC4-BCF5-4494-9576-0672761CFF93}"= TCP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{20B011FF-5831-4961-8885-AFB7F3D46223}"= UDP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{C2FF9BA8-D681-48DA-B0DD-05783C35EBF1}"= TCP:c:\program files\Spill\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "TCP Query User{17357FF8-6031-4832-9D58-A084476CA136}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{A298B71F-5853-45D9-AC91-85E1C648DDAD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{324F7F91-8EE1-4F34-A56D-BABBF2718CA7}c:\\program files\\spill\\boiling point\\xenus.exe"= UDP:c:\program files\spill\boiling point\xenus.exe:Xenus "UDP Query User{DAAB2D4B-7E4A-47EA-9C03-93542BD39429}c:\\program files\\spill\\boiling point\\xenus.exe"= TCP:c:\program files\spill\boiling point\xenus.exe:Xenus "{C617800F-356C-416E-A79B-0289150430B5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{9ADAE669-6112-41D1-97CA-532E2DB99F82}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{324153D5-EB28-44A6-818A-0470828FF2AB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B6F35FC6-3F9F-434F-B8F9-026A48C48042}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AA560950-E180-4BF1-992E-FF899A10809C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0D81FE08-E052-4C6B-B854-1056752779A5}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{9E2DF7BD-CF0E-4188-B9CE-E913BC3B5F5A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{FD2C8FAB-C4B1-4F8F-A5F5-A6147213BF3A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{953A5C21-4ACB-44F1-A633-43BB2EE1E56E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{EF98A9E3-B7C6-4C58-994A-FE8D4BE185FD}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{0707D020-96A2-4E2C-A2E6-5D9577CEDCBD}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "TCP Query User{28F59BB1-C3AE-457D-861D-59B7A140A2B4}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "UDP Query User{EBC39928-48C7-4196-A433-1366A8942D07}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "TCP Query User{C0EA0A06-17ED-41D0-BC32-C2E03E51F3FE}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "UDP Query User{C424A3F0-6638-4EB4-B395-8CD80F5936CE}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "TCP Query User{F2197A73-794D-4A21-8AFF-650870A39203}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{334A2F3E-ED9F-4E2D-8728-438A19F0B4AE}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{2DCEABA7-552B-4B7E-87D2-9211CC687136}c:\\program files\\spill\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\spill\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "UDP Query User{782CF073-954D-48F8-B309-822895DDE65F}c:\\program files\\spill\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\spill\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "{771EED6E-726F-45E5-928E-91DB26E42B9E}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{F042D0A2-A1AC-4E41-9019-E4282AA0D470}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{247D52B7-BF43-4071-910E-84905D237EB0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{7561F32A-BE0A-43F7-8BC4-93F4889D2C15}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{3F58F313-F969-4D7F-9598-60CD930237AB}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{6458A757-621B-40E4-A442-7A8CF15E1D51}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{C4A29F0E-4622-47A4-9DAB-EF61EC5068B2}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{8CA2038D-3DF3-4685-A0E5-9951A2866DA4}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{EA0B3D23-9BB9-485B-8ED8-E6DFFF737074}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{79FB1F80-61E2-4A98-9044-83411770D15C}"= Disabled:UDP:c:\program files\Spill\Football Manager 2009\fm.exe:Football Manager 2009 "{B1EF848F-C20D-4C9C-A580-AE1FC1086763}"= Disabled:TCP:c:\program files\Spill\Football Manager 2009\fm.exe:Football Manager 2009 "{17287960-280D-4C05-83D1-CBB6EAF77EC1}"= UDP:c:\program files\Spill\Football Manager 2009\fm.exe:Football Manager 2009 "{282C500D-2DEB-406C-8886-FA139DBD781A}"= TCP:c:\program files\Spill\Football Manager 2009\fm.exe:Football Manager 2009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [25.04.2009 13:34 64160] R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [24.04.2009 10:26 310320] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [24.04.2009 10:26 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys [20.05.2009 07:47 292912] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [28.09.2008 11:38 73728] R2 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [24.04.2009 10:26 258608] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24.04.2009 10:26 115560] R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [25.02.2009 14:05 30152] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02.05.2009 19:12 101936] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [05.12.2007 16:09 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [05.12.2007 16:09 7424] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [24.04.2009 10:26 39984] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 953168] S3 .1196835429;1196835429;c:\program files\1196835429\Tomine1196835429L.exe [17.04.2009 08:18 419552] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-15 c:\windows\Tasks\Ad-Aware Scan (SmartScan).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:34] 2009-05-17 c:\windows\Tasks\Ad-Aware Scan (SmartScan2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:34] 2009-05-13 c:\windows\Tasks\Ad-Aware Scan (Ukentlig).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:34] . . ------- Tilleggsskanning ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Tomine\AppData\Roaming\Mozilla\Firefox\Profiles\skkwyuk4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.no FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\users\Tomine\AppData\Roaming\Mozilla\Firefox\Profiles\skkwyuk4.default\extensions\[email protected]\plugins\npTVUAx.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-20 17:55 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1270322966-395166618-152909213-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f8,4a,04,d0,b4,3d,65,a2,7f,c1,69,e6,11,f6,42,af,2a,65,34,68,73,18,09, fd,60,c2,1c,63,7f,e0,c0,ed,e3,89,b3,f8,e4,d4,92,a9,a3,c1,76,d6,ec,9f,dd,b7,\ "??"=hex:da,77,c5,dc,42,02,19,44,22,56,7d,33,42,6e,15,0e [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\MSSYCLM] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NUM] @Denied: (A C D 2 5) (LocalSystem) "LastCompletedRun"=hex(b):00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{071769a6-6c64-4ed5-95d2-1c88664ef341}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0a001cbf "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{92d7a382-42af-4ffd-ba95-f3a423eb9942}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001c23 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{adff4ea0-6968-4b35-b2d9-f414b3f605dd}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001372 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d9117324-83d0-458a-963d-fe06b10daf9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07020054 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 . Tidspunkt ferdig: 2009-05-20 18:01 ComboFix-quarantined-files.txt 2009-05-20 16:01 Pre-Run: 67 143 806 976 byte ledig Post-Run: 67 117 391 872 byte ledig 360 --- E O F --- 2009-05-13 12:49 Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 Ser forresten at jeg har feilpostet tråden. Så ikke underforumet. Beklager det. Noen som har peiling og kan se noe mystisk eller truende i den lange rapporten? Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 I og med at ormen legger seg i systemet og ikke på mine personlige filer kan jeg da sette i Vista cd'en og reinstallere Windows på nytt? Ingen av mine personlige filer/instillinger vil bli slettet da? Er dette nok til å få ormen bort? Jeg har prøvd forskjellige ting nå, men ikke f*** om den vil forsvunne. Har sittet i hele dag (sikkert 6-7 timer i strekk nå med unntak av liten matpause) og lett etter løsninger på nett, installert diverse programmer uten hell, blir bare mer forvirra. Her er logg fra Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:25, on 20.05.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\OEM02Mon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Daemon Tools Lite\daemon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Windows\system32\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\system32\lxdicoms.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Windows\system32\svchost.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\taskeng.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\Daemon Tools Lite\daemon.exe" -autorun O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O23 - Service: 1196835429 (.1196835429) - Unknown owner - C:\Program Files\1196835429\Tomine1196835429L.exe O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: dlbt_device - Dell - C:\Windows\system32\dlbtcoms.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9458 bytes Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 Er det virkelig ingen som kan hjelpe meg??? MÅ rett og slett bare formatere hele pc'en. Faen, blir sittende oppe til langt på natt jeg da, det er det ETTER formateringa som tar tid... Har nå funnet problemer. Det ligger ei mappe i programfiler med viruset. Viruset er skjult og alle filene kan ikke sees (selv med "vis skjulte filer/mapper"). Det går sef ikke an å slette denne mappa eller filene. Har sletta rvhost.exe, svhost.exe som anbefalt etter søk i google, uten nytte. Har også prøvd å fjerne mappa med !Killbox, men det funger ikke. Hver gang pc'en restarter kommer det opp en box før den går i Windows om at "blablabla executing command" i den mappa. For en nedtur, men takk og lov for det er helligdag i morgen så jeg får jobbet i ro og mak med å få programmer og annet inn på pc'en igjen. Største problemer blir driver oppdateringen som jeg gjorde manuelt, og ikke via Dell si offisielle side (det er jo bare gamle drivere uansett).... Helvete! Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 Gir ikke helt opp ennå (orker liksom ikke formatere) C:\Program Files\1196835429\Tomine1196835429W.exe C:\Program Files\1196835429\Tomine1196835429L.exe Her har vi da de to buggerne som starter opp ved restart. Disse kan ikke slettes eller endres. Får ikke tilgang til de. Får ikke sletted de med "remove on reboot", "!Killbox". Og antar at selv om de blir slettet så må noe annet gjøres? Venter ennå litt på svar før jeg går til tiltaket. Setter virkelig pris på om noen med peiling kunne hjulpet meg slik at jeg slipper formatering. Lenke til kommentar
Fred7555 Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Hvis du lager en post i Antivirusprogrammer og datasikkerhet, så er det mange som kan hjelpe deg med Combofix og Hijackthis logene Lenke til kommentar
Mislykket Skrevet 20. mai 2009 Forfatter Del Skrevet 20. mai 2009 Hvis du lager en post i Antivirusprogrammer og datasikkerhet, så er det mange som kan hjelpe deg med Combofix og Hijackthis logene Ja, særlig. Skrev jo at det var feilpostet og at jeg ikke så underforumet. Om jeg også hadde postet der etterpå ville jeg bare fått klager på dobbelposting. Uansett trengs ikke det. Miraklet har skjedd. Etter utallige forsøk med alslags kill or malware programnedlasting var det endelig et som virket. Unlocker! heter det, og fikk faktisk sletta selve ormen. Nå er det bare å endre noen registernøkler og så er alt fryd og gammen og jeg kan sove i natt allikevel Lenke til kommentar
Theoneask Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Flott at du fekk fjerna problemet Kan godt legge til Løyst oppe i første posten, sånn at det blir enklare for alle å sjå. Lenke til kommentar
Fred7555 Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 (endret) Hvis du lager en post i Antivirusprogrammer og datasikkerhet, så er det mange som kan hjelpe deg med Combofix og Hijackthis logene Ja, særlig. Skrev jo at det var feilpostet og at jeg ikke så underforumet. Om jeg også hadde postet der etterpå ville jeg bare fått klager på dobbelposting. Uansett trengs ikke det. Miraklet har skjedd. Etter utallige forsøk med alslags kill or malware programnedlasting var det endelig et som virket. Unlocker! heter det, og fikk faktisk sletta selve ormen. Nå er det bare å endre noen registernøkler og så er alt fryd og gammen og jeg kan sove i natt allikevel Du kunne jo spurt om å flytte tråden e.l. da Men bra det ordnet seg Endret 21. mai 2009 av Fred7555 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå