Duckyouck Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Konge! Et siste spørsmål: MS Antivirus-greia la seg som et program på "kontrollpanelet". Det er nå borte (noe som er forsåvidt riktig), men en lignende er igjen. "Sikkerhetssenter" heter det og har samme logo som MSA. Det var der også når MSA var der. Har den noen sammenheng med det jeg tok bort eller er det noe annet? Beklager så mange brysomme spørsmål. Lenke til kommentar
r2d290 Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Duckyouck: det skal være en fil i kontrollpanelet som heter sikkerhetssenter. Den skal ha logo av et skjold med rødt, blått, gult og grønt i seg. Når du dobbelklikker på den, skal du få oversikt over brannmur, antivirusprogram etc. som kjører på pc-en... Så dette er vel å betrakte som normalt? Lenke til kommentar
Duckyouck Skrevet 2. oktober 2008 Del Skrevet 2. oktober 2008 Ok. Det var bare det at skjoldet og fargene var helt identisk med logoen til MSA. Tenkte at det var no ekstra greier eller no, men MSA kopierte vel logoen slik at det skulle se ut som et helt ordentlig antivirus program. Tusen takk for all hjelp!! Lenke til kommentar
GLN Skrevet 3. oktober 2008 Del Skrevet 3. oktober 2008 (endret) Postet riktig plass. Endret 3. oktober 2008 av Pirja Lenke til kommentar
norbat Skrevet 3. oktober 2008 Forfatter Del Skrevet 3. oktober 2008 Pirja: Da support egentlig ikke skal foregå i denne tråden, så hadde det vært fint om du opprettet en egen tråd (klikk Nytt Emne-knappen) der du legger loggene. Gjør det, så lager vi en fix for å ordne det Combofix-loggen sier skal ordnes Lenke til kommentar
morgan_kane Skrevet 4. oktober 2008 Del Skrevet 4. oktober 2008 kan man bruke SAS istedefor Malwarebytes Anti-Malware? Lenke til kommentar
norbat Skrevet 4. oktober 2008 Forfatter Del Skrevet 4. oktober 2008 Bruk gjerne SAS Lenke til kommentar
Adversary Skrevet 5. oktober 2008 Del Skrevet 5. oktober 2008 (endret) Hey, problemet til pcen min er at når den har stått på en stund (flere timer), blir opera/firefox/IE sørpe treigt, ikke som om du skulle surfet på isdn, men mer som om det er opera som sliter. Låser seg helt når jeg går inn på flere faner samtidig etc. HJT slengte like greit ting jeg visste var safe inn i ignore lista Logfile of HijackThis v1.99.1 Scan saved at 10:46:37 AM, on 10/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\ASUS Xonar D2 Audio\CustomApp\Program\AsusAudioCenter.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Rolfie\Desktop\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223145369359 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll MBAM Malwarebytes' Anti-Malware 1.28 Database versjon: 1228 Windows 5.1.2600 Service Pack 3 10/5/2008 2:34:43 AM mbam-log-2008-10-05 (02-34-43).txt Skanntype: Full Skann (C:\|E:\|) Objekter skannet: 80743 Tid tilbakelagt: 1 hour(s), 22 minute(s), 24 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/04/2008 at 08:27 PM Application Version : 4.20.1046 Core Rules Database Version : 3588 Trace Rules Database Version: 1530 Scan type : Complete Scan Total Scan Time : 00:38:03 Memory items scanned : 165 Memory threats detected : 0 Registry items scanned : 4655 Registry threats detected : 0 File items scanned : 17552 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Rolfie\Cookies\rolfie@mediaplex[1].txt C:\Documents and Settings\Rolfie\Cookies\rolfie@apmebf[1].txt C:\Documents and Settings\Rolfie\Cookies\[email protected][2].txt C:\Documents and Settings\Rolfie\Cookies\[email protected][2].txt C:\Documents and Settings\Rolfie\Cookies\rolfie@adrevolver[2].txt C:\Documents and Settings\Rolfie\Cookies\rolfie@fastclick[1].txt C:\Documents and Settings\Rolfie\Cookies\rolfie@advertising[2].txt AVG finner heller ingenting, men den har rapportert om virus tidligere i uka. Var noen trojanere så vidt jeg husker. Help anyone? Edit: Kan legge til at Ad-aware ikke finner no heller Endret 5. oktober 2008 av Knorvelur Lenke til kommentar
norbat Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Umiddelbart ser dette greit ut. Du har kjørt en rens med CCleaner? (se pkt. 1 i veiledningen). Bruker problemet å ordne seg når du restarter pc'n? Lenke til kommentar
Adversary Skrevet 5. oktober 2008 Del Skrevet 5. oktober 2008 Jada, det har jeg. Og problemet fikser seg når jeg restarter. Så kommer det tilbake om noen timer. Lenke til kommentar
norbat Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Har det vært slik lenge eller har det nettopp oppstått Jeg tenker - kan en systemgjenoppretting til før problemet oppsto hjelpe? Kjør gjerne Combofix (se i veiledningen), så ser vi på loggen om den kan fortelle noe mer. Lenke til kommentar
Adversary Skrevet 5. oktober 2008 Del Skrevet 5. oktober 2008 Er vel snart et par uker siden AVG fant de første virusene, og dette med treg browsing startet vel for ca en uke siden. ComboFix ComboFix 08-10-04.07 - Rolfie 2008-10-05 12:10:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2168 [GMT 2:00] Running from: C:\Documents and Settings\Rolfie\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))) . 2008-10-05 00:20 . 2008-10-05 00:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-05 00:20 . 2008-10-05 00:20 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\Malwarebytes 2008-10-05 00:20 . 2008-10-05 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-05 00:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-05 00:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-05 00:07 . 2008-10-05 00:24 <DIR> d-------- C:\SDFix 2008-10-04 21:24 . 2008-10-04 21:24 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\Nero 2008-10-04 19:32 . 2008-10-05 00:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-04 19:32 . 2008-10-04 19:32 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\SUPERAntiSpyware.com 2008-10-04 19:32 . 2008-10-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-01 19:19 . 2008-10-01 19:19 <DIR> d-------- C:\Program Files\Dziobas Rar Player 2008-09-22 19:32 . 2008-09-23 23:17 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\IMVUClient 2008-09-22 19:32 . 2008-09-29 20:46 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\IMVU 2008-09-21 23:03 . 2008-09-21 23:03 <DIR> d-------- C:\Program Files\Mp3tag 2008-09-21 23:03 . 2008-09-21 23:04 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\Mp3tag 2008-09-21 15:16 . 2008-09-21 15:16 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\CyberLink 2008-09-21 00:27 . 2008-09-21 00:27 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\nHancer 2008-09-21 00:27 . 2008-09-21 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-09-21 00:26 . 2008-09-21 00:26 <DIR> d-------- C:\Program Files\nHancer 2008-09-21 00:26 . 2008-09-21 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nHancer 2008-09-20 20:32 . 2008-09-20 20:45 <DIR> d-------- C:\Documents and Settings\Rolfie\Application Data\vlc 2008-09-20 20:31 . 2008-10-05 10:36 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-09-20 19:51 . 2008-09-20 19:51 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY 2008-09-20 17:40 . 2008-09-20 17:40 <DIR> d-------- C:\Program Files\Lavalys 2008-09-20 04:02 . 2008-09-20 04:02 <DIR> d-------- C:\WINDOWS\Logs 2008-09-19 23:19 . 2008-09-19 23:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-19 23:17 . 2006-12-28 22:01 19,569 --a------ C:\WINDOWS\003114_.tmp 2008-09-19 22:10 . 2008-09-19 22:10 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-19 22:10 . 2008-09-19 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-19 22:09 . 2008-10-04 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-19 22:04 . 2008-09-19 22:04 <DIR> d-------- C:\Program Files\VideoLAN 2008-09-19 22:01 . 2008-09-27 15:05 <DIR> d-------- C:\Program Files\Last.fm 2008-09-19 22:01 . 2008-09-19 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm 2008-09-19 11:00 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-09-19 11:00 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-09-19 11:00 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2008-09-19 11:00 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-09-19 11:00 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-09-19 11:00 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2008-09-19 11:00 . 2008-09-19 11:00 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-09-19 11:00 . 2008-09-19 11:00 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-09-19 10:30 . 2008-09-26 15:19 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-09-19 09:56 . 2008-10-05 04:01 <DIR> d-------- C:\Program Files\FlashGet 2008-09-19 09:40 . 2008-09-19 09:40 <DIR> d-------- C:\Program Files\Western Digital 2008-09-19 09:08 . 2008-09-19 09:08 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-09-19 09:08 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-19 09:06 . 2008-05-07 07:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll 2008-09-19 09:06 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-19 09:06 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-09-19 09:02 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 10:10 --------- d-----w C:\Documents and Settings\Rolfie\Application Data\uTorrent 2008-10-05 10:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-03 15:27 --------- d-----w C:\Program Files\Winamp 2008-10-03 15:27 --------- d-----w C:\Documents and Settings\Rolfie\Application Data\Winamp 2008-09-27 09:06 --------- d-----w C:\Program Files\uTorrent 2008-09-26 19:32 --------- d-----w C:\Program Files\Opera 2008-09-21 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-20 17:42 106,496 ----a-w C:\WINDOWS\DUMP5563.tmp 2008-09-20 17:39 106,496 ----a-w C:\WINDOWS\DUMP6215.tmp 2008-09-19 19:59 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-19 19:59 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-09-19 19:59 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-09-19 19:59 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-09-19 19:59 --------- d-----w C:\Program Files\AVG 2008-09-19 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-09-19 19:36 --------- d-----w C:\Program Files\Guitar Pro 5 2008-09-19 19:29 --------- d-----w C:\Program Files\Foxit Software 2008-09-19 19:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-19 19:13 --------- d-----w C:\Program Files\Windows Live 2008-09-19 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-19 18:58 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-09-19 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-19 18:55 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-09-19 18:55 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-09-19 18:55 --------- d-----w C:\Program Files\CyberLink 2008-09-19 18:53 --------- d-----w C:\Program Files\Nero 2008-09-19 18:53 --------- d-----w C:\Program Files\Common Files\Nero 2008-09-19 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-09-19 18:50 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-09-19 18:48 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-09-19 18:48 --------- d-----w C:\Documents and Settings\Rolfie\Application Data\DAEMON Tools 2008-09-19 18:45 --------- d-----w C:\Program Files\CCleaner 2008-09-19 18:40 --------- d-----w C:\Program Files\ASUS Xonar D2 Audio 2008-09-19 18:33 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-09-19 18:33 102,400 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-09-19 18:32 --------- d-----w C:\Documents and Settings\Rolfie\Application Data\ASUS 2008-09-19 18:29 --------- d-----w C:\Program Files\OpenAL 2008-09-19 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-09-19 18:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-19 18:21 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-09-19 18:18 --------- d-----w C:\Documents and Settings\Rolfie\Application Data\InstallShield 2008-09-19 18:06 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll 2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll 2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-17 2083424] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-05 1576176] "Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 3182248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-19 1235736] "WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560] "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-23 11:48 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 13:51 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 03:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 12:27 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer] --a------ 2008-08-17 16:14 1310720 C:\Program Files\nHancer\nHancer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 13:54 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-09-19 22:30 1271032 D:\Spill\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-19 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-19 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 14:21 13560] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-19 76040] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400] R3 cmudaxp;ASUS Xonar D2 Audio Interface;C:\WINDOWS\system32\drivers\cmudaxp.sys [2007-08-09 1839680] R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] \Shell\AutoRun\command - wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - wd_windows_tools\setup.exe *Newly Created Service* - EVERESTDRIVER . . ------- Supplementary Scan ------- . O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rolfie\Start Menu\Programs\IMVU\Run IMVU.lnk O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rolfie\Start Menu\Programs\IMVU\Run IMVU.lnk - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 12:11:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-10-05 12:11:36 ComboFix-quarantined-files.txt 2008-10-05 10:11:29 ComboFix2.txt 2008-10-04 21:16:27 Pre-Run: 25,177,681,920 bytes free Post-Run: 25,165,099,008 bytes free 217 Lenke til kommentar
norbat Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Hvis AVG lager en logg, så kunne det vært interessant og sett hvilken type trojaner den fant. Ser ikke noe malware i combofix-loggen. Hvis det bare er en uke siden probl. oppsto, ville jeg ha kjørt en systemgjenoppretting til en dato før dette (program du har installert i mellomtiden vil forsvinne). Lenke til kommentar
Adversary Skrevet 5. oktober 2008 Del Skrevet 5. oktober 2008 AVG LoggLitt uoversiktlig, men det får gå Resident Shield detection "Infection";"Object";"Result";"Detection time";"Object Type";"Process" "Trojan horse BackDoor.Generic9.SYD";"I:\Razor1911\rzr-crys.exe";"Infected";"9/19/2008, 10:27:06 AM";"file";"C:\WINDOWS\Explorer.EXE" "Trojan horse BackDoor.Generic9.SYD";"I:\Razor1911\rzr-crys.exe";"Infected";"9/19/2008, 10:29:24 AM";"file";"C:\WINDOWS\Explorer.EXE" "Trojan horse BackDoor.Generic9.SYD";"I:\Razor1911\rzr-crys.exe";"Infected";"9/19/2008, 10:30:24 AM";"file";"C:\WINDOWS\Explorer.EXE" "Trojan horse BackDoor.Generic9.SYD";"I:\Razor1911\rzr-crys.exe";"Infected";"9/19/2008, 10:30:58 AM";"file";"C:\WINDOWS\Explorer.EXE" "Virus found Win32/Heur";"C:\WINDOWS\System32\mspdtc.dll";"Infected";"9/20/2008, 7:28:21 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 8:12:39 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 9:12:31 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 10:12:31 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 11:12:31 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 12:12:31 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 1:12:31 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 2:12:31 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 3:12:31 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 4:24:31 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/24/2008, 6:43:17 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 2:39:07 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 3:29:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 4:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 5:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 6:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 7:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 9:05:04 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 10:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 11:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 12:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 1:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 2:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 7:40:46 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 8:29:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 9:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 10:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/25/2008, 11:05:02 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Moved to Virus Vault";"9/26/2008, 3:09:10 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 4:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 5:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 6:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 7:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 8:05:02 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 10:05:30 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 11:05:28 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 12:05:28 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 1:05:28 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 2:05:28 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Trojan horse KillAV.NB";"E:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP31\A0013285.exe";"Infected";"9/26/2008, 3:05:28 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Potentially harmful program Dialer.JCU";"O:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP34\A0013442.exe";"Potentially dangerous object";"9/26/2008, 10:13:53 PM";"file";"C:\WINDOWS\System32\svchost.exe" "Potentially harmful program Dialer.JCU";"O:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP34\A0013442.exe";"Moved to Virus Vault";"9/28/2008, 7:12:34 AM";"file";"C:\WINDOWS\System32\svchost.exe" "Potentially harmful program Dialer.JCU";"O:\Apps\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen-ViRiLiTY\keygen.exe";"Potentially dangerous object";"10/1/2008, 7:18:29 PM";"file";"C:\WINDOWS\explorer.exe" "Potentially harmful program Dialer.JCU";"O:\Apps\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen-ViRiLiTY\keygen.exe";"Potentially dangerous object";"10/1/2008, 8:30:42 PM";"file";"C:\WINDOWS\explorer.exe" "Potentially harmful program Dialer.JCU";"O:\Apps\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen-ViRiLiTY\keygen.exe";"Potentially dangerous object";"10/1/2008, 9:43:57 PM";"file";"C:\WINDOWS\explorer.exe" "Virus found Win32/Heur";"C:\System Volume Information\_restore{7D1F5472-082B-4E5D-BD4E-7BC6C03CBEA8}\RP42\A0016568.dll";"Moved to Virus Vault";"10/4/2008, 6:33:34 PM";"file";"C:\WINDOWS\System32\svchost.exe" Og ikke bry deg om keygen.exe filene, det er bare AVG som monger. Lenke til kommentar
norbat Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 En systemgjenoppretting til før problemet oppsto, for deretter å kjøre gjennom veiledningen i 1.post er mitt råd. Lenke til kommentar
Adversary Skrevet 5. oktober 2008 Del Skrevet 5. oktober 2008 "System cannot be restored to 19. September blablabla" Hva gjør jeg nå? har prøvd to forskjellige datoer der 19.sep var den eldste jeg kunne velge. (relativt ny installasjon) Lenke til kommentar
norbat Skrevet 5. oktober 2008 Forfatter Del Skrevet 5. oktober 2008 Prøv og kjør gjenopprettingen fra Sikker modus (tapp F8 under oppstart) Lenke til kommentar
Locrin Skrevet 6. oktober 2008 Del Skrevet 6. oktober 2008 (endret) Hei sitter nå i sikkermodus med nettverk... Min bærbare Zepto Mythos A15 låser seg etter 2-5 minutter etter oppstart. Det rare er at jeg satte i gang en virus scan med programmet Avira. Den fikk kjøre seg ferdig, noe som med god margin oversteg den tiden det vanligvis tar før maskinen fryser. Når testen var ferdig gikk det ikke mer enn 1 minutt før den frøs igjen. Musepekeren fryser ikke. Jeg prøvd å gjennoprette maskinene til et tidligere tidspunkt. Det gikk greit, men det hjalp ikke det minste. Jeg kjørte først Avira som ikke fant noe. Etterpå kjørte jeg Spybot som heller ikke fant noe annet enn noen cookies. Deretter kjørte jeg Memtest86+ og fikk bestått på den. Malvarebytes Malwarebytes' Anti-Malware 1.28 Database versjon: 1233 Windows 6.0.6001 Service Pack 1 06.10.2008 15:41:10 mbam-log-2008-10-06 (15-41-10).txt Skanntype: Full Skann (C:\|F:\|) Objekter skannet: 128805 Tid tilbakelagt: 25 minute(s), 58 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Hijack This logfil Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:03:48, on 06.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\OK\Desktop\JAck\testings.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" O4 - HKCU\..\Run: [EVEMon] "C:\Games\EVEMon\EVEMon.exe" -startMinimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: On Screen Display.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6893 bytes Jeg hadde satt stor pris på hjelp til å løse dette Maskinen kjører Windows Vista Ultimate 64-bit Edit: oooops. Laget egen tråd. Endret 6. oktober 2008 av -Zeitgeist- Lenke til kommentar
Adversary Skrevet 6. oktober 2008 Del Skrevet 6. oktober 2008 Prøv og kjør gjenopprettingen fra Sikker modus (tapp F8 under oppstart) Prøvde nå, fikk samme resultatet. begynner nesten å fundere på om det kan være noe annet enn malware som er problemet. Bør vel nevne at jeg ikke hadde nett på pcen i det heletatt når jeg kom hjem i dag. (reboot fiksa det som vanlig) Lenke til kommentar
norbat Skrevet 6. oktober 2008 Forfatter Del Skrevet 6. oktober 2008 Sannsynligvis så skyldes dette noe annet en malware, ja. Du kan sjekke om noen systemfiler er i ulage: Klikk Start->kjør Skriv: sfc /scannow Du får antakelig beskjed om å sette i xp cd'n. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå