bskalle84 Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 Her kjem den loggfila opp att, og eg må raskt ha svar på kva du meinar med noko anna rammel liggande. Kan det fjernast utan å måtte installere på nytt og korleis. Send ei god forklaring og grundig, då eg er det ein kallar datanett, og blir lett nervøs. Må ha raskt svar. Svar meg helst på mail, [email protected] Har levert pc til rep, men dei snakka om formatering og reinstallasjon. $Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:49:49, on 13.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\DOCUME~1\BJRNSK~1\LOKALE~1\Temp\services.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Media Manager\airsvcu.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Programfiler\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ValueX] C:\DOCUME~1\BJRNSK~1\LOKALE~1\Temp\services.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [instantTray] C:\Programfiler\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Programfiler\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Introducing Media Manager.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Media Manager\SPLASHA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170529941843 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.nfoto.no/upload/ImageUploader4_5.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe Lenke til kommentar
norbat Skrevet 14. januar 2008 Forfatter Del Skrevet 14. januar 2008 Har svart i din egen tråd: https://www.diskusjon.no/index.php?showtopic=894753 Lenke til kommentar
mona14 Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 NEIII : o Klarte såklart å bli lurt med denne linken; http://youtube.opendns.be/watchv=6QW0-5tkh8.youtube.com .... og ja, det var virus. HEEELP ME PLEASE Du er i godt selskap Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) i en ny tråd som du oppretter (Nytt emne) evt legg den i denne tråden: https://www.diskusjon.no/index.php?showtopic=893521 Får denne beskjeden når jeg starter Combofix; "Freeware implementation og REG.EXE har sluttet å virke" Lenke til kommentar
mona14 Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 NEIII : o Klarte såklart å bli lurt med denne linken; http://youtube.opendns.be/watchv=6QW0-5tkh8.youtube.com .... og ja, det var virus. HEEELP ME PLEASE Du er i godt selskap Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) i en ny tråd som du oppretter (Nytt emne) evt legg den i denne tråden: https://www.diskusjon.no/index.php?showtopic=893521 Da har jeg sendt loggen til linken over. Lenke til kommentar
Hmmzor Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 (endret) Stort problem! Får spam om at jeg kanskje kan ha virus og at jeg må installere noe tull, ca hvert 5 minutt får jeg opp en melding som sier at jeg må gå dit og dit å installere! Hadde vært fint hvis noen kunne hjelpe! loggfilen er drit stor: Klikk for å se/fjerne innholdet nedenfor C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Valve\Steam\Steam.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\ASUS WiFi-AP Solo\RtWLan.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Octoshape Streaming Services\Didrik Leganger\OctoshapeClient.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\ESET\nod32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/player/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Programfiler\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Didrik Leganger\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'Default user') O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user') O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O21 - SSODL: agrlmvp - {D7B3DA71-FFA7-4A5B-84B3-FC977B70BF32} - C:\WINDOWS\agrlmvp.dll O21 - SSODL: bmlvqkn - {465E1C4A-0392-4B9C-B0D7-48A1811DFB96} - C:\WINDOWS\bmlvqkn.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Endret 15. januar 2008 av Hmmzor Lenke til kommentar
norbat Skrevet 16. januar 2008 Forfatter Del Skrevet 16. januar 2008 Kjør gjennom langversjonen i 1.post. Post deretter loggene i en egen tråd som du oppretter ved å klikke Nytt Emne. Lenke til kommentar
Cyrex Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 Får popups fra adserver, her er min hijack log fil: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:28:36, on 17.01.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe c:\Programfiler\Microsoft LifeCam\MSCamS32.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\McAfee\MBK\McAfeeDataBackup.exe C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\vsnp2std.exe C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] C:\Programfiler\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Programfiler\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [LifeCam] "c:\Programfiler\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Programdata\Software rule flag owns\view mfcd.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [bib Support] C:\DOCUME~1\RSTEN~1.356\PROGRA~1\1BALLO~1\Dupe bind exit.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - ?p=ZNxmk570YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: *.fokus.no O15 - Trusted Zone: http://no.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167939066187 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe -- End of file - 12697 bytes Lenke til kommentar
norbat Skrevet 17. januar 2008 Forfatter Del Skrevet 17. januar 2008 (endret) Cyrex: Du har fått en Lop-infeksjon, så gjør følgende: Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Programdata\Software rule flag owns\view mfcd.exe O4 - HKCU\..\Run: [bib Support] C:\DOCUME~1\RSTEN~1.356\PROGRA~1\1BALLO~1\Dupe bind exit.exe Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Bruk utforsker til å slette følgende to mapper: C:\Documents and Settings\All Users\Programdata\Software rule flag owns C:\DOCUME~1\RSTEN~1.356\PROGRA~1\1BALLO~1 (~1 = forkortelse) Finn NoLop-loggen, ( C:\NoLop.txt ), kopier innholdet fra loggen sammen med ny logg fra Hijackthis. Du bør også kjøre en full scan med f.eks. SAS (gratisversjonen) Endret 17. januar 2008 av norbat Lenke til kommentar
Looke Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:34:46, on 19.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\uTorrent\uTorrent.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\mIRC\mirc.exe C:\Programfiler\Winamp\winamp.exe C:\Documents and Settings\Simon\Programdata\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: LOKE STANDARD.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 2511 bytes Lenke til kommentar
norbat Skrevet 19. januar 2008 Forfatter Del Skrevet 19. januar 2008 Umiddelbart ikke noe å se i den loggen. Var det bare en sjekk, eller har du mistanke om noe? (Du kan la hjt fixe følgende linjer: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE) Hvis du opplever noe som kan tyde på malware, så kjører du gjennom langversjonen i 1.post i denne tråden. Lenke til kommentar
Looke Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Var bare en sjekk, men har hatt problemer med at timeglasset dukker opp ved siden av musen. Selv om maskinen ikke arbeider. Takk for hjelp Lenke til kommentar
norbat Skrevet 19. januar 2008 Forfatter Del Skrevet 19. januar 2008 Du kan prøve å kjøre med oppgavebehandlingen (prosesser) åpen og se om det er noen spesiell prosess som bruker cpu når dette oppstår. Lenke til kommentar
Programvare Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Kan vi ikke gjøre denne til sticky, så blir det mye lettere for de infiserte å finne den Lenke til kommentar
Fredrik Skrevet 27. januar 2008 Del Skrevet 27. januar 2008 It is done. Prioriteres. Lenke til kommentar
General_Kebab Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 hei har fått trojanske hestar. etter at eg var på LAN. eg har AVG og Avast og har fått lagt dei i kiste. men det dukkar stadig opp nye. det har også i ettertid dukka opp veldig mykje popup når eg er på internett. eg er veldig usikker på kva eg skal gjere, og det hadde vore veldig fint å få litt hjelp. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:06, on 01.02.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Windows\System32\rundll32.exe C:\Windows\BR040286.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://united.no.ezdeal.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "D:\spel\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [DeskSpace] D:\Deskspace\deskspace.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Acer\AppData\Local\Temp\opnon.dll,#1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Acer\AppData\Local\Temp\urstq.dll,c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12812 bytes Lenke til kommentar
norbat Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 Hei, General_Kebab. Du bør rydde litt mer: Bestem deg for hvilket antivirusprogram du vil ha. Avinstaller de andre da det ikke er bra å ha flere enn ett antivirusprogram. Du har også noen rester etter Norton. Se om du får avinstaller restene fra legg til/fjern programmer evt. bruk Norton Removal Tool Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Dette er et antispywareprogram som vil ta evt. bugs som ligger der. Når SAS er ferdigkjørt, så henter du Combofix, legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Stray_Cat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Jeg sliter skikkelig med virus. Lastet ned en crack, som ikke fuka, og som da mest sannsynligvis var et virus. Her er de ulike loggene: Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43:14, on 03.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\WgaTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programfiler\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SXG Advisor - {A83478AF-953E-4CDC-8DA4-317AAF10C920} - C:\WINDOWS\dntpkwoxol.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programfiler\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programfiler\StumbleUpon\StumbleUponIEBar.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programfiler\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bgrlsmn - {B41A99B8-C199-4B15-9512-7C6340EE0A47} - C:\WINDOWS\bgrlsmn.dll O21 - SSODL: adsoowf - {978F9841-74FA-4A8A-89AF-4820C8F57650} - C:\WINDOWS\adsoowf.dll O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programfiler\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe -- End of file - 5788 bytes Combifix logg: ComboFix 08-02.01.6 - Administrator 2008-02-03 16:44:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.245 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Favoritter\Error Cleaner.url C:\Documents and Settings\Administrator\Favoritter\Privacy Protector.url C:\Documents and Settings\Administrator\Favoritter\Spyware&Malware Protection.url C:\Documents and Settings\Administrator\Skrivebord\Error Cleaner.url C:\Documents and Settings\Administrator\Skrivebord\Privacy Protector.url C:\Documents and Settings\Administrator\Skrivebord\Spyware&Malware Protection.url C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\dat.txt C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\rs.txt C:\WINDOWS\system32\_000026_.tmp.dll C:\WINDOWS\system32\sysogg.dll H:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://au.download.windowsupdate.com hxxp://216.40.219.141 hxxp://onsafepro.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-03 14:37 . 2008-02-03 14:37 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-01 17:45 . 2008-02-03 16:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-02-01 17:43 . 2008-02-01 17:43 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-01 17:12 . 2008-02-01 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-02-01 16:40 . 2007-08-14 09:12 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys 2008-02-01 16:15 . 2008-02-01 16:15 <DIR> d-------- C:\Programfiler\Sophos 2008-01-31 22:19 . 2008-01-31 19:56 290,816 --a------ C:\WINDOWS\dntpkwoxol.dll 2008-01-31 22:19 . 2008-01-31 19:56 266,240 --a------ C:\WINDOWS\adsoowf.dll 2008-01-31 22:19 . 2008-01-31 19:56 229,376 --a------ C:\WINDOWS\bgrlsmn.dll 2008-01-31 22:19 . 2008-01-31 19:56 172,032 --a------ C:\WINDOWS\ekxdvft.dll 2008-01-31 22:19 . 2008-01-31 19:56 81,920 --a------ C:\WINDOWS\ffvrdgt.exe 2008-01-29 21:30 . 2008-01-29 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Programfiler\Winamp 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Winamp 2008-01-27 16:12 . 2008-01-27 16:12 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-01-27 16:12 . 2008-01-27 16:12 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-01-26 13:31 . 2008-02-03 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\StumbleUpon 2008-01-26 13:30 . 2008-01-26 13:31 <DIR> d-------- C:\Programfiler\StumbleUpon 2008-01-24 23:04 . 2008-01-24 23:04 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services 2008-01-12 17:14 . 2008-01-12 17:14 <DIR> d-------- C:\WINDOWS\Samsung 2008-01-12 17:14 . 2001-11-06 16:29 94,208 --a------ C:\WINDOWS\system32\getpntid.exe 2008-01-12 17:14 . 2003-01-10 13:52 13,997 --a------ C:\WINDOWS\system32\Ssgb3mon.dll 2008-01-12 17:14 . 2001-03-20 16:10 3,262 --a------ C:\WINDOWS\reinstall.ico 2008-01-12 17:14 . 2001-03-20 14:52 766 --a------ C:\WINDOWS\Uninstall.ico 2008-01-12 17:12 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-11 14:30 . 2008-01-11 14:30 0 --a------ C:\WINDOWS\iPlayer.INI 2008-01-10 20:48 . 2008-01-11 00:24 <DIR> d-------- C:\Programfiler\PokerStars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 13:38 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-02-01 17:00 --------- d-----w C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-02-01 16:47 --------- d-----w C:\Programfiler\Microsoft AntiSpyware 2008-02-01 16:47 --------- d-----w C:\Programfiler\GetRight 2008-02-01 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-31 21:56 --------- d-----w C:\Programfiler\PhotoRescue Pro 2008-01-31 21:19 --------- d-----w C:\Programfiler\ARWizard3 2008-01-29 20:29 --------- d-----w C:\Programfiler\Last.fm 2008-01-27 15:05 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-01-25 15:38 --------- d-----w C:\Programfiler\EvilLyrics 2008-01-22 20:55 --------- d-----w C:\Programfiler\Paint Shop Pro 6 2008-01-13 13:24 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-12 16:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-14 13:12 --------- d-----w C:\Programfiler\MP3 Converter Simple 2007-12-11 11:37 --------- d-----w C:\Documents and Settings\Administrator\Programdata\dvdcss . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A83478AF-953E-4CDC-8DA4-317AAF10C920}] 2008-01-31 19:56 290816 --a------ C:\WINDOWS\dntpkwoxol.dll [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-29 21:29:07 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bgrlsmn"= {B41A99B8-C199-4B15-9512-7C6340EE0A47} - C:\WINDOWS\bgrlsmn.dll [2008-01-31 19:56 229376] "adsoowf"= {978F9841-74FA-4A8A-89AF-4820C8F57650} - C:\WINDOWS\adsoowf.dll [2008-01-31 19:56 266240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-08-05 20:05 344064 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2007-10-12 19:25 249896 C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWU] --a------ 2005-08-09 07:50 307200 C:\Programfiler\Jensen AirLink\AWU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-03 15:18 94208 C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard] C:\Programfiler\BullGuard Software\BullGuard\bullguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cake play] C:\DOCUME~1\ADMINI~1\PROGRA~1\ROAM2N~1\bat dart love.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] C:\Programfiler\Fellesfiler\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2007-10-14 15:10 1115728 C:\Programfiler\Comodo\Firewall\CPF.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-06-12 13:32 700416 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 21:43 81920 C:\Programfiler\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] --a------ 2005-07-12 14:35 473928 C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 14:45 278528 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] C:\Programfiler\Kazaa\Kazaa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP6840.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Programfiler\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2005-01-28 14:23 192512 C:\WINDOWS\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-18 00:09 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield] regsvr32 /s C:\WINDOWS\System32\sfg_568c.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-03-27 13:18 155648 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-02-09 09:54 65024 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 15:46 1460560 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 02:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-31 17:57 68856 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-04-16 21:14 180269 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbowsintermess] C:\Documents and Settings\All Users\Programdata\Fast manager trans bows\Online Delete.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr] C:\Programfiler\Common files\updmgr\updmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] --a------ 2005-07-15 22:48 479232 C:\Programfiler\Google\Gmail Notifier\gnotify.exe R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 21:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 21:41] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22] R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 09:12] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\16.tmp [] . Contents of the 'Scheduled Tasks' folder "2008-02-03 15:01:09 C:\WINDOWS\Tasks\AE4F5ADC93D4D3A0.job" - c:\docume~1\admini~1\progra~1\roam2n~1\STOPPROCSECOND.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 16:50:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\bgrlsmn.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe . ************************************************************************** . Completion time: 2008-02-03 16:53:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-03 15:53:55 . 2007-11-19 13:49:04 --- E O F --- SuperantiSpyware logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/03/2008 at 04:28 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 01:49:47 Memory items scanned : 410 Memory threats detected : 0 Registry items scanned : 5777 Registry threats detected : 3 File items scanned : 34354 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt Trojan.Net-MSV/VPS HKCR\MSVPS.MSVPSApp HKCR\MSVPS.MSVPSApp\CLSID HKCR\MSVPS.MSVPSApp\CurVer Håper noen kan hjelpe meg? Lenke til kommentar
norbat Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 (endret) Avinstaller, om mulig, følgende fra legg til / fjern programmer: MSN Messenger Plus! Kazaa Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\dntpkwoxol.dll C:\WINDOWS\adsoowf.dll C:\WINDOWS\bgrlsmn.dll C:\WINDOWS\ekxdvft.dll C:\WINDOWS\ffvrdgt.exe C:\WINDOWS\system32\nscompat.tlb C:\WINDOWS\system32\amcompat.tlb C:\WINDOWS\Tasks\AE4F5ADC93D4D3A0.job Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A83478AF-953E-4CDC-8DA4-317AAF10C920}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bgrlsmn"=- "adsoowf"=- Post ny combfix-logg. Endret 3. februar 2008 av norbat Lenke til kommentar
Stray_Cat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Prøvde å avinnstallere MSN Messenger Plus! og Kazaa med 'Legg til/fjern programmer'-funksjonen i windows, men det funket ikke. Fant de ikke da jeg skulle prøve å slette de manuelt. Ny combifix-logg: ComboFix 08-02.01.6 - Administrator 2008-02-03 18:00:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.115 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\adsoowf.dll C:\WINDOWS\bgrlsmn.dll C:\WINDOWS\dntpkwoxol.dll C:\WINDOWS\ekxdvft.dll C:\WINDOWS\ffvrdgt.exe C:\WINDOWS\system32\amcompat.tlb C:\WINDOWS\system32\nscompat.tlb C:\WINDOWS\Tasks\AE4F5ADC93D4D3A0.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\adsoowf.dll C:\WINDOWS\bgrlsmn.dll C:\WINDOWS\dat.txt C:\WINDOWS\dntpkwoxol.dll C:\WINDOWS\ekxdvft.dll C:\WINDOWS\ffvrdgt.exe C:\WINDOWS\system32\amcompat.tlb C:\WINDOWS\system32\nscompat.tlb C:\WINDOWS\Tasks\AE4F5ADC93D4D3A0.job . ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-03 14:37 . 2008-02-03 14:37 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-01 17:45 . 2008-02-03 17:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-02-01 17:43 . 2008-02-01 17:43 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-01 17:12 . 2008-02-01 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-02-01 16:40 . 2007-08-14 09:12 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys 2008-02-01 16:15 . 2008-02-01 16:15 <DIR> d-------- C:\Programfiler\Sophos 2008-01-29 21:30 . 2008-01-29 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Programfiler\Winamp 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Winamp 2008-01-26 13:31 . 2008-02-03 17:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\StumbleUpon 2008-01-26 13:30 . 2008-01-26 13:31 <DIR> d-------- C:\Programfiler\StumbleUpon 2008-01-24 23:04 . 2008-01-24 23:04 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services 2008-01-12 17:14 . 2008-01-12 17:14 <DIR> d-------- C:\WINDOWS\Samsung 2008-01-12 17:14 . 2001-11-06 16:29 94,208 --a------ C:\WINDOWS\system32\getpntid.exe 2008-01-12 17:14 . 2003-01-10 13:52 13,997 --a------ C:\WINDOWS\system32\Ssgb3mon.dll 2008-01-12 17:14 . 2001-03-20 16:10 3,262 --a------ C:\WINDOWS\reinstall.ico 2008-01-12 17:14 . 2001-03-20 14:52 766 --a------ C:\WINDOWS\Uninstall.ico 2008-01-12 17:12 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-11 14:30 . 2008-01-11 14:30 0 --a------ C:\WINDOWS\iPlayer.INI 2008-01-10 20:48 . 2008-01-11 00:24 <DIR> d-------- C:\Programfiler\PokerStars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 16:20 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-02-01 17:00 --------- d-----w C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-02-01 16:47 --------- d-----w C:\Programfiler\Microsoft AntiSpyware 2008-02-01 16:47 --------- d-----w C:\Programfiler\GetRight 2008-02-01 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-31 21:56 --------- d-----w C:\Programfiler\PhotoRescue Pro 2008-01-31 21:19 --------- d-----w C:\Programfiler\ARWizard3 2008-01-29 20:29 --------- d-----w C:\Programfiler\Last.fm 2008-01-27 15:05 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-01-25 15:38 --------- d-----w C:\Programfiler\EvilLyrics 2008-01-22 20:55 --------- d-----w C:\Programfiler\Paint Shop Pro 6 2008-01-13 13:24 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-12 16:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-14 13:12 --------- d-----w C:\Programfiler\MP3 Converter Simple 2007-12-11 11:37 --------- d-----w C:\Documents and Settings\Administrator\Programdata\dvdcss . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-29 21:29:07 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-08-05 20:05 344064 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2007-10-12 19:25 249896 C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWU] --a------ 2005-08-09 07:50 307200 C:\Programfiler\Jensen AirLink\AWU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-03 15:18 94208 C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard] C:\Programfiler\BullGuard Software\BullGuard\bullguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cake play] C:\DOCUME~1\ADMINI~1\PROGRA~1\ROAM2N~1\bat dart love.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] C:\Programfiler\Fellesfiler\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2007-10-14 15:10 1115728 C:\Programfiler\Comodo\Firewall\CPF.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-06-12 13:32 700416 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 21:43 81920 C:\Programfiler\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] --a------ 2005-07-12 14:35 473928 C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 14:45 278528 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] C:\Programfiler\Kazaa\Kazaa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP6840.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Programfiler\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2005-01-28 14:23 192512 C:\WINDOWS\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-18 00:09 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield] regsvr32 /s C:\WINDOWS\System32\sfg_568c.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-03-27 13:18 155648 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-02-09 09:54 65024 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 15:46 1460560 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 02:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-31 17:57 68856 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-04-16 21:14 180269 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbowsintermess] C:\Documents and Settings\All Users\Programdata\Fast manager trans bows\Online Delete.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr] C:\Programfiler\Common files\updmgr\updmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] --a------ 2005-07-15 22:48 479232 C:\Programfiler\Google\Gmail Notifier\gnotify.exe R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 21:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 21:41] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22] R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 09:12] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\16.tmp [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 18:05:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-03 18:07:10 ComboFix-quarantined-files.txt 2008-02-03 17:07:01 ComboFix2.txt 2008-02-03 15:53:59 . 2007-11-19 13:49:04 --- E O F --- Lenke til kommentar
norbat Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 (endret) Opprett på ny en CFScript-fil og gjenta prosedyren: Dra fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\DOCUME~1\ADMINI~1\PROGRA~1\ROAM2N~1\bat dart love.exe C:\WINDOWS\System32\kdpupd.dll C:\WINDOWS\System32\KDP6840.dll Folder:: C:\DOCUME~1\ADMINI~1\PROGRA~1\ROAM2N~1 C:\Programfiler\Kazaa C:\Programfiler\MessengerPlus! 3 C:\WINDOWS\System32\P2P Networking C:\Documents and Settings\All Users\Programdata\Fast manager trans bows C:\Programfiler\Common files\updmgr Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cake play] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater (required)] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\transbowsintermess] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr] Post loggen på ny. Fortell også hvordan PC-en kjører. Endret 3. februar 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå