norbat Skrevet 6. februar 2009 Forfatter Del Skrevet 6. februar 2009 Hei Siden det er flere og flere som går over til 64bits systemer så tror jeg det hadde vært lurt og finne et alternativt program til Combofix siden Combofix ikke funker i 64bits systemer og lage en guide til som er skrevet for de som bruker 64bits systemer. Bare en tanke... Dessverre så finnes det ingen alt. for combofix for 64 bits OS på nåværende tidspunkt. De som har dette må stole på at MBAM/SAS tar infeksjonen og Hijackthis viser en grei logg som evt. kan fortelle 'nok' om det fortsatt ligger noen infeksjoner (aktive) der. Lenke til kommentar
Pizzaen Skrevet 6. februar 2009 Del Skrevet 6. februar 2009 Hei Siden det er flere og flere som går over til 64bits systemer så tror jeg det hadde vært lurt og finne et alternativt program til Combofix siden Combofix ikke funker i 64bits systemer og lage en guide til som er skrevet for de som bruker 64bits systemer. Bare en tanke... Dessverre så finnes det ingen alt. for combofix for 64 bits OS på nåværende tidspunkt. De som har dette må stole på at MBAM/SAS tar infeksjonen og Hijackthis viser en grei logg som evt. kan fortelle 'nok' om det fortsatt ligger noen infeksjoner (aktive) der. Ser at du har kuttet ut Hijackthis i selve guiden, kanskje det hadde vært lurt og lage et lite avsnitt om at de som kjører 64bit windows skal kjøre Hijackthis istede for Combofix da slik at vi slipper mellomleddet om at de ikke får til og kjøre Combofix så de går rett til Hijackthis, sparer tid og postcount Lenke til kommentar
norbat Skrevet 6. februar 2009 Forfatter Del Skrevet 6. februar 2009 (endret) Ja, du er inne på noe der. I tillegg til HJT, så fungerer også OTViewIT på 64 bits. Endret 9. februar 2009 av norbat Lenke til kommentar
poinnbrok Skrevet 10. februar 2009 Del Skrevet 10. februar 2009 ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\CMMGR32.EXE c:\windows\system32\tdsspopup1.url c:\windows\system32\tdsspopup2.url c:\windows\system32\tdsspopup3.url c:\windows\system32\windows_update.exe . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-10 til 2009-02-10 ))))))))))))))))))))))))))))))))) . 2009-02-10 19:43 . 2009-02-10 19:43 61,440 --a------ c:\windows\system32\drivers\cxabhol.sys 2009-02-10 19:35 . 2009-02-10 19:35 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-10 19:35 . 2009-02-10 19:35 <DIR> d-------- c:\documents and settings\Wiggo\Programdata\Malwarebytes 2009-02-10 19:35 . 2009-02-10 19:35 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-10 19:35 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-10 19:35 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-08 17:42 . 2009-02-08 17:42 <DIR> dr-h----- c:\documents and settings\Wiggo\Siste 2009-01-24 19:39 . 2009-02-04 18:05 <DIR> dr-h----- c:\documents and settings\Stian Evensen\Siste 2009-01-22 14:12 . 2009-01-22 14:12 60,968 --a------ c:\documents and settings\Stian Evensen\GoToAssistDownloadHelper.exe 2009-01-21 19:08 . 2009-01-21 19:08 <DIR> d-------- c:\programfiler\Microsoft Silverlight 2009-01-18 17:18 . 2009-01-18 17:18 <DIR> d-------- c:\programfiler\Trend Micro 2009-01-15 21:28 . 2009-01-15 21:28 <DIR> d-------- c:\programfiler\Spotify 2009-01-15 21:28 . 2009-02-05 14:34 <DIR> d-------- c:\documents and settings\Stian Evensen\Programdata\Spotify . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 28977-01-30 03:25 --------- d-----w c:\programfiler\Windows Journal Viewer 28977-01-30 03:25 --------- d-----w c:\programfiler\microsoft frontpage 28977-01-30 03:25 --------- d-----w c:\programfiler\HighMAT CD Writing Wizard 28977-01-30 03:25 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2009-02-09 22:27 --------- d-----w c:\documents and settings\Stian Evensen\Programdata\Skype 2009-02-04 17:06 --------- d-----w c:\documents and settings\Stian Evensen\Programdata\Azureus 2009-01-28 12:07 --------- d-----w c:\documents and settings\Wiggo\Programdata\Winamp 2009-01-22 12:59 90,112 ----a-w c:\windows\DUMP6baa.tmp 2009-01-22 12:52 --------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-01-22 12:52 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-01-22 12:51 --------- d-----w c:\programfiler\SUPERAntiSpyware 2009-01-22 12:51 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-22 12:51 --------- d-----w c:\documents and settings\Stian Evensen\Programdata\SUPERAntiSpyware.com 2009-01-22 12:50 --------- d-----w c:\programfiler\iTunes 2009-01-22 12:50 --------- d-----w c:\programfiler\iPod 2009-01-22 12:48 --------- d-----w c:\programfiler\Lavasoft 2009-01-21 16:36 --------- d-----w c:\programfiler\Safari 2009-01-16 13:53 --------- d-----w c:\programfiler\NCH Software 2009-01-16 13:53 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software 2009-01-07 19:46 17 -c--a-w c:\programfiler\stinger.opt 2009-01-07 18:06 --------- d-----w c:\programfiler\Mozilla Firefox 3 Beta 5 2009-01-07 18:05 --------- d-----w c:\programfiler\Bonjour 2008-12-31 15:50 --------- d-----w c:\programfiler\CCleaner 2008-12-31 15:44 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-31 14:47 --------- d-----w c:\documents and settings\Wiggo\Programdata\vlc 2008-12-30 13:38 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-30 13:33 --------- d-----w c:\programfiler\QuickTime 2008-12-30 13:31 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-15 21:06 --------- d-----w c:\documents and settings\Stian Evensen\Programdata\NCH Software 2008-12-15 20:45 --------- d-----w c:\programfiler\WinAVI Video Converter 2008-12-15 20:35 --------- d-----w c:\programfiler\AVI MPEG Video Converter 2008-12-11 20:30 --------- d-----w c:\programfiler\NCH Swift Sound 2008-12-11 20:30 --------- d-----w c:\documents and settings\Stian Evensen\Programdata\NCH Swift Sound 2008-12-11 20:30 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound 2008-12-11 11:57 333,184 ------w c:\windows\system32\drivers\srv.sys 2008-12-10 14:26 --------- d-----w c:\documents and settings\Wiggo\Programdata\Apple Computer 2008-12-09 18:25 133 ---ha-w c:\documents and settings\Stian Evensen\Programdata\lakerda1967.sys 2008-12-09 18:24 360,580 ----a-w c:\windows\eSellerateEngine.dll 2006-10-23 14:41 1,886 ----a-w c:\documents and settings\Stian Evensen\speed.exe 2006-06-26 22:12 17 -c--a-w c:\programfiler\stng260.opt 2006-04-19 10:23 1,144,839 -c--a-w c:\programfiler\stng260.exe 2005-03-01 21:47 53,760 ----a-w c:\programfiler\DRTCP021.exe 2005-01-31 12:30 980,487 -c--a-w c:\programfiler\stinger.exe 2004-08-18 11:27 509,440 ----a-w c:\programfiler\dt346.exe 2005-02-02 21:34 56 --sh--r c:\windows\system32\0E952814AF.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\programfiler\Messenger\MSMSGS.EXE" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-03-12 81920] "StartupMonitor"="c:\programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" [2005-11-09 181760] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PWRISOVM.EXE"="c:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-04-28 185896] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Norman ZANDA"="c:\norman\NVC\BIN\ZLH.EXE" [2003-06-13 90112] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] c:\documents and settings\Stian Evensen\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-01-11 557568] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] HP Photosmart Premier Hurtigstart.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.X264"= x264vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1654 Windows 5.1.2600 Service Pack 2 10.02.2009 19:42:55 mbam-log-2009-02-10 (19-42-55).txt Skanntype: Rask Skann Objekter skannet: 52769 Tid tilbakelagt: 5 minute(s), 25 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 0 Registerfiler infisert: 2 Mapper infisert: 0 Filer infisert: 13 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\tdssadw.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\tdssserf1.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\ (Malware.Trace) -> Delete on reboot. C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsspopup.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.TDSS) -> Delete on reboot. Lenke til kommentar
raWrz Skrevet 10. februar 2009 Del Skrevet 10. februar 2009 hei poinnbrok og velkommen til forumet 1. du har ikke postet hele COmbofix loggen :9 du finner den i C:\Combofix.txt 2. opprett en ny tråd der du beskriver problemet ditt osv Lenke til kommentar
norbat Skrevet 10. februar 2009 Forfatter Del Skrevet 10. februar 2009 (endret) poinnbrok: Gjør som Submit nevner - opprett en egen tråd der du legger loggende dine (Klikk på Nytt Emne-knappen for å opprette egen tråd) Ta også å last opp følgende fil for sjekk på Virustotal: c:\windows\system32\drivers\cxabhol.sys Fortell om det ble funnet noe på fila i tillegg til at du poster HELE combofix-loggen. Endret 10. februar 2009 av norbat Lenke til kommentar
magnusbe Skrevet 13. februar 2009 Del Skrevet 13. februar 2009 (endret) Ein ven har problem med maskina, og bad meg leggja ut desse loggane her for å sjå om nokon fann noko gale. Takk på førehand. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:30:23, on 09.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\keyhook.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Ahead\InCD\InCDsrv.exe C:\Programfiler\Logitech\SetPoint\KEM.exe C:\Programfiler\Microsoft Office\Office\1044\OLFSNT40.EXE C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\Java\jre1.6.0_06\bin\jucheck.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\nn\Skrivebord\triksogfiks.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )" -"http://www8.agame.com/games/shockwave/p/power_driving/power_driving_agame_com.htm" O4 - Startup: IMVU.lnk = C:\Programfiler\IMVU\IMVUClient.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Programfiler\Microsoft Office\Office\1044\OLFSNT40.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\nn\Start-meny\Programmer\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programfiler\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10300 bytes MBAM Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1738 Windows 5.1.2600 Service Pack 3 08.02.2009 23:42:50 mbam-log-2009-02-08 (23-42-50).txt Skanntype: Full Skann (C:\|) Objekter skannet: 134069 Tid tilbakelagt: 2 hour(s), 12 minute(s), 23 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5d2631e5-8696-7543-50b2-f674cd4308eb} (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0c151ec-2ca8-d30f-04f5-f4de23573a98} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0c151ec-2ca8-d30f-04f5-f4de23573a98} (Adware.BHO) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\DOCUME~1\NN~1\LOKALE~1\Temp\msxml71.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{41C4D9DE-E2EB-471C-8B80-1CDF89625900}\RP816\A0059400.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\u5w71T80.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\nn\Lokale innstillinger\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\qclticvrwawmxzc.dll (Adware.BHO) -> Quarantined and deleted successfully. Combofix-logg ligg lagt ved.log.txt Endret 13. februar 2009 av magnusbe Lenke til kommentar
norbat Skrevet 13. februar 2009 Forfatter Del Skrevet 13. februar 2009 (endret) magnusbe: Opprett en ny tråd (klikk Nytt Emne-knappen) der du legger loggene. Men, gjør følgende: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: c:\windows\system32\u5w71T80.exe c:\windows\system32\qclticvrwawmxzc.dll-uninst.exe c:\windows\system32\rmyqocjojcvmqt.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At49.job c:\windows\Tasks\At5.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At6.job c:\windows\Tasks\At60.job c:\windows\Tasks\At61.job c:\windows\Tasks\At62.job c:\windows\Tasks\At63.job c:\windows\Tasks\At64.job c:\windows\Tasks\At65.job c:\windows\Tasks\At66.job c:\windows\Tasks\At67.job c:\windows\Tasks\At68.job c:\windows\Tasks\At69.job c:\windows\Tasks\At7.job c:\windows\Tasks\At70.job c:\windows\Tasks\At71.job c:\windows\Tasks\At72.job c:\windows\Tasks\At73.job c:\windows\Tasks\At74.job c:\windows\Tasks\At75.job c:\windows\Tasks\At76.job c:\windows\Tasks\At77.job c:\windows\Tasks\At78.job c:\windows\Tasks\At79.job c:\windows\Tasks\At8.job c:\windows\Tasks\At80.job c:\windows\Tasks\At81.job c:\windows\Tasks\At82.job c:\windows\Tasks\At83.job c:\windows\Tasks\At84.job c:\windows\Tasks\At85.job c:\windows\Tasks\At86.job c:\windows\Tasks\At87.job c:\windows\Tasks\At88.job c:\windows\Tasks\At89.job c:\windows\Tasks\At9.job c:\windows\Tasks\At90.job c:\windows\Tasks\At91.job c:\windows\Tasks\At92.job c:\windows\Tasks\At93.job c:\windows\Tasks\At94.job c:\windows\Tasks\At95.job c:\windows\Tasks\At96.job Post den nye loggen i den nye tråden du oppretter Endret 13. februar 2009 av norbat Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Vær så snill noen. Laster ned Malwarebytes men denne spyware dritten har tatt helt over. Får ikke startet ett eneste program, får ikke satt igang systemgjenoppretting. Hva faen skal jeg gjøre? Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Vær så snill noen.Laster ned Malwarebytes men denne spyware dritten har tatt helt over. Får ikke startet ett eneste program, får ikke satt igang systemgjenoppretting. Hva faen skal jeg gjøre? lag en ny tråd om problemet ditt osv hvis du greier og laste ned combofix og MBAM så trykker du på F12 under boot og starter i Sikerhets modus og kjører programmene der Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Har jo laget en tråd, så linket du til denne tråden. Jeg klarer å starte noen få programmer, som MSN, og klarte å kjøre HijackThis. Her er loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:29:34, on 14.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\FRAPS\FRAPS.EXE C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programfiler\Netropa\Onscreen Display\OSD.exe C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\Programfiler\WinTV\Ir.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [surfAccuracy] C:\Programfiler\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [Power Scan] C:\Programfiler\Power Scan\powerscan.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [LaunchList] C:\Programfiler\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bitComet] "C:\Programfiler\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = C:\Programfiler\WinTV\Ir.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B91BED64-CB32-47F7-A6D9-7F1FE6930400}: NameServer = 217.13.7.140,217.13.4.24 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Cryptographic Services CryptSvcSSDPSRV (CryptSvcSSDPSRV) - Unknown owner - C:\WINDOWS\system32\adsmsextq.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Norman Virus Control Scheduler NVCSchedulerclr_optimization_v2.0.50727_32 (NVCSchedulerclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\system32\adsmsexty.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 15006 bytes ¨ _______________________________ Virker som spywaren bevisst hindrer meg å starte programmer som kan fjerne spyware. Startet systegjenopprettning nå, og der var absolutt alt borte, ingen tidligere datoer lenger Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 (endret) venligst gjør dette her og post svaret ditt i tråden (fikk en moderator til og flytten den hit) last ned combofix og Mbam (ikke kjør de enda) skru av maskinen. skru den på og klikk hele tia på F12 og velg SikkerhetsModeus når det kommer opp når du er i sikkerhets modus kjører du combofix og Mbam og poster loggene hvis du greier det Endret 14. februar 2009 av Submit Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Link til Combofix? Den i første post fungerer ikke. Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 (endret) http://www.bleepingcomputer.com/combofix/how-to-use-combofix bla litt ned og du finner 3 linker hvor du kan laste den ned edit: er trolig viruset som blocker den adressen linken funker fint for meg Endret 14. februar 2009 av Submit Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Kommer ikke inn der i det hele tatt. På bleepingcomputer altså. Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 kan vi ta resten i din første tråd ? Lenke til kommentar
tyDi Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Jaja, har tydeligvis fått Trojan.Brisv.A!inf jeg da. Har kjørt antivirus osv., men blir ikke kvitt det. Det bare står at jeg må granske det. Går da inn på sikkerhetsloggen og prøver å bruke fjern knappen, men det står at det ikke kan slettes. Kan også gå inn på websiden og se hva jeg skal gjøre for å fjerne den. 1. Disable System Restore (Windows Me/XP). 2. Update the virus definitions. 3. Run a full system scan. Noe som ikke er så veldig hjelpsomt siden jeg bare får den samme beskjeden igjen uten å få fjernet den. Noen som kan hjelpe? Takk! Lenke til kommentar
Pizzaen Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Jaja, har tydeligvis fått Trojan.Brisv.A!inf jeg da. Har kjørt antivirus osv., men blir ikke kvitt det. Det bare står at jeg må granske det. Går da inn på sikkerhetsloggen og prøver å bruke fjern knappen, men det står at det ikke kan slettes. Kan også gå inn på websiden og se hva jeg skal gjøre for å fjerne den. 1. Disable System Restore (Windows Me/XP). 2. Update the virus definitions. 3. Run a full system scan. Noe som ikke er så veldig hjelpsomt siden jeg bare får den samme beskjeden igjen uten å få fjernet den. Noen som kan hjelpe? Takk! Ehh, vi vill helst at du bruker den tråden du allerede har opprettet. Det jeg mente var at du kan gå gjennom veiledningen som står i spoiler i den første posten i denne tråden også poste loggene som det blir spurt etter i den tråden du allerede har opprettet. Lenke til kommentar
Tosha0007 Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 linken til trend sin Trend Micro Diagnostic Toolkit ser ikkje ut til å virke. Får berre opp at sida ikkje eksistere hos trend. Sikker på at linken er rett norbat? Lenke til kommentar
raWrz Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 (endret) linken til trend sin Trend Micro Diagnostic Toolkit ser ikkje ut til å virke. Får berre opp at sida ikkje eksistere hos trend. Sikker på at linken er rett norbat? sendte PM til norbat om det for 20 sec sia 32 bits download her: http://solutionfile.trendmicro.com/solutio...Tool_32-bit.exe 64bits download her: http://solutionfile.trendmicro.com/solutio...Tool_64-bit.exe Endret 15. februar 2009 av Submit Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå