Piddy Skrevet 24. august 2008 Del Skrevet 24. august 2008 Norbat: Jeg kan ikke bruke Decard, siden de har fjernet det fra siden deres pga en farlig bug. Les http://deckard.geekstogo.com/dss.exe for mer info på det. Lenke til kommentar
norbat Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Piddy: Da ser vi på en ny hjt-logg Lenke til kommentar
leaps Skrevet 27. august 2008 Del Skrevet 27. august 2008 Har prøvd å rense maskinen så godt jeg kan. Har fått en del pop-ups ved surfing. Kan noen sjekke om HJT-loggen min er ren? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:50, on 27.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\TEMP\RI23C5.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe V:\Business\VBus.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE V:\Business\DocCenter\PLDCenter.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\Ikkeprovdeg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.129.192.52:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://companyweb O15 - Trusted Zone: http://[sENSURERT] O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - [sENSURERT] O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [sENSURERT] O17 - HKLM\Software\..\Telephony: DomainName = [sENSURERT] O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [sENSURERT] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: OPHB DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHBLDCS.EXE O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\tmlisten.exe -- End of file - 6224 bytes Lenke til kommentar
norbat Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 Har prøvd å rense maskinen så godt jeg kan. Har fått en del pop-ups ved surfing. Kan noen sjekke om HJT-loggen min er ren? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:50, on 27.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\TEMP\RI23C5.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe V:\Business\VBus.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE V:\Business\DocCenter\PLDCenter.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\Ikkeprovdeg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.129.192.52:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://companyweb O15 - Trusted Zone: http://[sENSURERT] O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - [sENSURERT] O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [sENSURERT] O17 - HKLM\Software\..\Telephony: DomainName = [sENSURERT] O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [sENSURERT] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: OPHB DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHBLDCS.EXE O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\tmlisten.exe -- End of file - 6224 bytes https://www.diskusjon.no/index.php?showtopic=1000251 Lenke til kommentar
Vertical^ Skrevet 31. august 2008 Del Skrevet 31. august 2008 ComboFix funker ikke hos meg Det kommer opp en rute som er blåfarget også skjer det ikke noe... Lenke til kommentar
norbat Skrevet 31. august 2008 Forfatter Del Skrevet 31. august 2008 Spirit99: Hvilket OS har du (32 bits / 64 bits)? Lenke til kommentar
Lauritz1 Skrevet 31. august 2008 Del Skrevet 31. august 2008 ComboFix funker ikke til meg heller. Når jeg kjører Combofix.exe så kommer dette opp i et vindu; ComboFix has detected the presence of rootkit activity and needs to reboot the machine. Når maskina starter på nytt så kommer det opp en liten firkant med en kjapp loading, så skjer det ingen ting etter den er ferdig. Any ideas? Rimelig sikker på at jeg kjører 32 bit av WinXP Pro Eng. Lenke til kommentar
norbat Skrevet 31. august 2008 Forfatter Del Skrevet 31. august 2008 Lauritz1: Last ned SAS (se 1.post), installer og oppdater. Kjør en quick scan Hvis du HAR kjør SAS, kunne du ha postet loggen hvis den fant noe? Lenke til kommentar
Lauritz1 Skrevet 31. august 2008 Del Skrevet 31. august 2008 sas logg Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/31/2008 at 02:49 PM Application Version : 4.20.1046 Core Rules Database Version : 3552 Trace Rules Database Version: 1540 Scan type : Quick Scan Total Scan Time : 00:22:39 Memory items scanned : 259 Memory threats detected : 0 Registry items scanned : 320 Registry threats detected : 3 File items scanned : 11867 File threats detected : 8 Rogue.AntiVirus XP 2008 C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk Trojan.FakeAlert/Desktop HKU\S-1-5-21-1645522239-308236825-725345543-1003\CONTROL PANEL\DESKTOP#WALLPAPER HKU\S-1-5-21-1645522239-308236825-725345543-1003\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER HKU\S-1-5-21-1645522239-308236825-725345543-1003\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER Rogue.AntiVirus 2008 C:\Documents and Settings\xxx\Application Data\RHCN6FJ0EPCR C:\WINDOWS\SYSTEM32\PHCJ6FJ0EPCR.BMP NotHarmful.Sysinternals Bluescreen Screen Saver C:\WINDOWS\SYSTEM32\BLPHCJ6FJ0EPCR.SCR C:\WINDOWS\Prefetch\BLPHCJ6FJ0EPCR.SCR-1C84C443.pf Rogue.MalwareProtector/Variant C:\WINDOWS\SYSTEM32\PPHCJ6FJ0EPCR.EXE C:\WINDOWS\Prefetch\PPHCJ6FJ0EPCR.EXE-09B782D8.pf Trojan.Downloader-Gen/Suspicious F:\DOWNS SYNDROM!\TORRENTZ\SPEED.VIDEO.CONVERTER.V3.0.48.WINALL.INCL.KEYGEN-CRD\KEYGEN\KEYGEN.EXE hijackthis logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:22:11, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5962E034-023B-494C-B591-233CB1F8C9F1}: NameServer = 195.204.39.3,195.204.39.20 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- End of file - 3267 bytes Lenke til kommentar
norbat Skrevet 31. august 2008 Forfatter Del Skrevet 31. august 2008 (endret) Last ned SDFix.exe, legg det på skrivebordet. Kjør SDFix. Det vil bli opprettet en egen mappe c:\SDFix Restart pc'n i sikker modus (tapp F8 under oppstart) Kjør RunThis.bat som ligger i SDFix-mappa. Følg veiledningen. Det vil lages en rapport som du poster. Edit: Hvis ikke loggen kommer automatisk, så ska den finnes i SDFix-mappa som Report.txt Endret 31. august 2008 av norbat Lenke til kommentar
Lauritz1 Skrevet 31. august 2008 Del Skrevet 31. august 2008 SDFix Logg Klikk for å se/fjerne innholdet nedenfor SDFix: Version 1.220 Run by xxx on 31.08.2008 at 15:44 Microsoft Windows XP [Version 5.1.2600] Running From: C:\sdfix\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\xxx\Local Settings\Temp\.tt15D.tmp.exe - Deleted C:\DOCUME~1\xxx~1\LOCALS~1\Temp\.tt15A.tmp - Deleted C:\DOCUME~1\xxx~1\LOCALS~1\Temp\.tt15D.tmp.exe - Deleted C:\DOCUME~1\xxx~1\LOCALS~1\Temp\.tt15A.tmp.vbs - Deleted C:\WINDOWS\system32\a.exe - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssadw.dll - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 15:48:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf40] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll" "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "LoadAppInit_DLLs"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Downs syndrom!\\TORRENTZ\\FireFox\\utorrent.exe"="F:\\Downs syndrom!\\TORRENTZ\\FireFox\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "F:\\Spill\\Steam\\SteamApps\\robert123417\\counter-strike\\hl.exe"="F:\\Spill\\Steam\\SteamApps\\robert123417\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher" "F:\\Spill\\BF1942\\BF1942.exe"="F:\\Spill\\BF1942\\BF1942.exe:*:Enabled:BF1942" "F:\\Spill\\LieroX v0.56b Pack 1.7\\LieroX.exe"="F:\\Spill\\LieroX v0.56b Pack 1.7\\LieroX.exe:*:Enabled:LieroX" "F:\\Spill\\Half-Life\\hl.exe"="F:\\Spill\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "F:\\Spill\\Snes\\zsnesw.exe"="F:\\Spill\\Snes\\zsnesw.exe:*:Enabled:zsnesw" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi" "F:\\Spill\\Warcraft III\\Warcraft III.exe"="F:\\Spill\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "F:\\Spill\\SWAT4 p† hettelars on brede123\\Content\\System\\Swat4.exe"="F:\\Spill\\SWAT4 p† hettelars on brede123\\Content\\System\\Swat4.exe:*:Enabled:SWAT 4" "F:\\Spill\\Steam\\SteamApps\\alice94\\condition zero\\hl.exe"="F:\\Spill\\Steam\\SteamApps\\alice94\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "F:\\Spill\\Steam\\SteamApps\\alice94\\counter-strike\\hl.exe"="F:\\Spill\\Steam\\SteamApps\\alice94\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher" "F:\\Spill\\FlatOut2\\FlatOut2.exe"="F:\\Spill\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\sdfix\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! Lenke til kommentar
Vertical^ Skrevet 31. august 2008 Del Skrevet 31. august 2008 Spirit99:Hvilket OS har du (32 bits / 64 bits)? Har 32 bit Lenke til kommentar
norbat Skrevet 31. august 2008 Forfatter Del Skrevet 31. august 2008 (endret) Spirit99: Kjør, om du ikke har, MBAM og post evt. loggen om den fant noe. Du kunne ha forsøkt å kjørt combofix fra sikker modus (tapp F8 under oppstart av pc'n, velg sikker modus) Lauritz1: Last ned ny Combofix og se om du ikke nå kan få kjørt programmet. -> Egen tråd: https://www.diskusjon.no/index.php?showtopic=1001870 PS. Det er egentlig en fordel om dere oppretter egne tråder der dere legger loggene Endret 31. august 2008 av norbat Lenke til kommentar
Vertical^ Skrevet 31. august 2008 Del Skrevet 31. august 2008 Logg fra MBAM (hurtig systemskann): Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.25Database versjon: 1101 Windows 5.1.2600 Service Pack 2 12:15:41 31.08.2008 mbam-log-08-31-2008 (12-15-41).txt Skanntype: Rask Skann Objekter skannet: 72591 Tid tilbakelagt: 10 minute(s), 54 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 3 Registernøkler infisert: 10 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 8 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c0038C88.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\__c004F0CA.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\__c0058879.dat (Trojan.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002bf89 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003848 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0038c88 (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004f0ca (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0068ff1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0070bbc (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00adb5 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00bef18 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f4f49c8f382 (Trojan.Agent) -> Delete on reboot. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f242e83.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fab4b9.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristian\Local Settings\Temp\_A00F242E83.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristian\Local Settings\Temp\_A00FAB4B9.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0038C88.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\__c004F0CA.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\__c0058879.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Kristian\Desktop\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.[\skjul Lenke til kommentar
norbat Skrevet 31. august 2008 Forfatter Del Skrevet 31. august 2008 Spirit99: Se der ja. Etter en restart, prøv å kjør combofix (fra normal tilstand). Lenke til kommentar
Shoo Skrevet 31. august 2008 Del Skrevet 31. august 2008 (endret) Hmm... Av en eller annen grunn, så får jeg ikke nedlastet Combofix.. EDIT: Ser jo at det ER noe galt med PC'en min, noe du helt sikkert kan se ut ifra HJT-loggen. Her er iallefall HJT-logg: HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27: VIRUS ALERT!, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\nvsvc32.exe F:\Programmer\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\LVCOMSX.EXE D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\Programfiler\Mozilla Firefox\firefox.exe F:\Programmer\HJT\HijackThis.exe Del 2 er på neste innlegg.. Endret 31. august 2008 av Shoo Lenke til kommentar
Shoo Skrevet 31. august 2008 Del Skrevet 31. august 2008 (endret) Del 2: HJT: Klikk for å se/fjerne innholdet nedenfor R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: run="D:\Documents and Settings\shoo\Programdata\Adobe\Manager.exe" O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {27D48478-816D-3ED6-9403-A5BED5A77B89} - D:\WINDOWS\system32\mmx24871.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\Programmer\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [Network Translation Service] ".\4.tmp" * O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pbmini] "F:\Programmer\PodcastbarMini\PodcastBarMiniStater.exe" -hide O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programmer\logitech\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - D:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\..\{E707344F-A344-4EBA-BCB1-CEFEBA1B5470}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CS1\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: rqbmvpso - {A032AC3B-483F-42AC-82A0-679DDEDB3AB3} - D:\WINDOWS\rqbmvpso.dll (file missing) O21 - SSODL: pdoskegl - {8AF26045-3A6B-4455-89EB-FA8CFB6F8CE5} - D:\WINDOWS\pdoskegl.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Programmer\Ares\chatServer.exe O23 - Service: NMIndexingService - Nero AG - D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Programfiler\WinPcap\rpcapd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programmer\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm Endret 31. august 2008 av Shoo Lenke til kommentar
r2d290 Skrevet 31. august 2008 Del Skrevet 31. august 2008 Ser ikke ut til at du klarer å få med hele loggen. Prøv å poste loggene uten å bruke spoiler, og se om du lykkes bedre da De fleste logger slutter med O23-linje hva mener du med at du ikke får lastet ned combofix? Kan du ikke laste den ned fra en annen maskin, og så flytte den over med en minnebrikke/penn? hvis ikke det fungerer, kan du prøve å laste det ned fra sikkerhetsmodus med internett (restart maskinen, trykk mange ganger på f8, og så velger du fra menyen)... Lenke til kommentar
Shoo Skrevet 31. august 2008 Del Skrevet 31. august 2008 Beklager. Måtte kjøre på med nytt innlegg da jeg får ikke til å editere mitt gamle innlegg av en eller annen grunn... Huff.. Ser jo at det ER noe alvorlig galt med PC'en min, noe en kan se ut ifra HJT-loggen.. Jeg hadde SuperAntiSpyware fra før, så jeg tok en quick scan på den. Den fant en del, men det er fremdeles MYE skrot igjen, noe du kan se på loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27: VIRUS ALERT!, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\nvsvc32.exe F:\Programmer\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\LVCOMSX.EXE D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\Programfiler\Mozilla Firefox\firefox.exe F:\Programmer\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: run="D:\Documents and Settings\shoo\Programdata\Adobe\Manager.exe" O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {27D48478-816D-3ED6-9403-A5BED5A77B89} - D:\WINDOWS\system32\mmx24871.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\Programmer\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [Network Translation Service] ".\4.tmp" * O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pbmini] "F:\Programmer\PodcastbarMini\PodcastBarMiniStater.exe" -hide O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programmer\logitech\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - D:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\..\{E707344F-A3 Beklager. Måtte kjøre på med nytt innlegg da jeg får ikke til å editere mitt gamle innlegg av en eller annen grunn... Huff.. Ser jo at det ER noe alvorlig galt med PC'en min, noe en kan se ut ifra HJT-loggen.. Jeg hadde SuperAntiSpyware fra før, så jeg tok en quick scan på den. Den fant en del, men det er fremdeles MYE skrot igjen, noe du kan se på loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27: VIRUS ALERT!, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\nvsvc32.exe F:\Programmer\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\LVCOMSX.EXE D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\Programfiler\Mozilla Firefox\firefox.exe F:\Programmer\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: run="D:\Documents and Settings\shoo\Programdata\Adobe\Manager.exe" O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {27D48478-816D-3ED6-9403-A5BED5A77B89} - D:\WINDOWS\system32\mmx24871.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\Programmer\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [Network Translation Service] ".\4.tmp" * O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pbmini] "F:\Programmer\PodcastbarMini\PodcastBarMiniStater.exe" -hide O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programmer\logitech\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - D:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\..\{E707344F-A344-4EBA-BCB1-CEFEBA1B5470}: NameServer = 193. Beklager. Måtte kjøre på med nytt innlegg da jeg får ikke til å editere mitt gamle innlegg av en eller annen grunn... Huff.. Ser jo at det ER noe alvorlig galt med PC'en min, noe en kan se ut ifra HJT-loggen.. Jeg hadde SuperAntiSpyware fra før, så jeg tok en quick scan på den. Den fant en del, men det er fremdeles MYE skrot igjen, noe du kan se på loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27: VIRUS ALERT!, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\nvsvc32.exe F:\Programmer\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\LVCOMSX.EXE D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\Programfiler\Mozilla Firefox\firefox.exe F:\Programmer\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: run="D:\Documents and Settings\shoo\Programdata\Adobe\Manager.exe" O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {27D48478-816D-3ED6-9403-A5BED5A77B89} - D:\WINDOWS\system32\mmx24871.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\Programmer\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [Network Translation Service] ".\4.tmp" * O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pbmini] "F:\Programmer\PodcastbarMini\PodcastBarMiniStater.exe" -hide O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programmer\logitech\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - D:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\..\{E707344F-A344-4EBA-BCB1-CEFEBA1B5470}: NameServer = 193. Lenke til kommentar
Shoo Skrevet 31. august 2008 Del Skrevet 31. august 2008 Beklager. Måtte kjøre på med nytt innlegg da jeg får ikke til å editere mitt gamle innlegg av en eller annen grunn... Huff.. Ser jo at det ER noe alvorlig galt med PC'en min, noe en kan se ut ifra HJT-loggen.. Jeg hadde SuperAntiSpyware fra før, så jeg tok en quick scan på den. Den fant en del, men det er fremdeles MYE skrot igjen, noe du kan se på loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27: VIRUS ALERT!, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\nvsvc32.exe F:\Programmer\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\LVCOMSX.EXE D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\Programfiler\Mozilla Firefox\firefox.exe F:\Programmer\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: run="D:\Documents and Settings\shoo\Programdata\Adobe\Manager.exe" O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {27D48478-816D-3ED6-9403-A5BED5A77B89} - D:\WINDOWS\system32\mmx24871.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\Programmer\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [Network Translation Service] ".\4.tmp" * O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pbmini] "F:\Programmer\PodcastbarMini\PodcastBarMiniStater.exe" -hide O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programmer\logitech\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - D:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E3673845-A712-4C1B-994E-BD5B0CB0B836}: NameServer = 193.75.75.75,193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\..\{E707344F-A3 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå