fått enda et goddamn virus!

Kimelimm · 2. juni 2007

Hei! Fikk et virus ved 00:11 tiden i natt Det er en slik Blå runding med en gul X i, så flasher det en gul !TREKANT! der... Har tatt SaS i vanlig OG sikkerhets modus, SDFix, Avast, adaware etc, men vil ikke bort... Hjelp:)

Jallenbo · 2. juni 2007

Jeg vil anbefale deg å prøve en virussjekk og en spywaresjekk i følgende rekkefølge:

Dersom du har Windows XP kan en systemgjenoppretting etter at du har fjernet virusene føre til at du stiller tilbake maskinen til å være infisert igjen. Prøv først å fjerne virusene uten å deaktivere systemgjenoppretting.

Dersom du klarer å desinfisere maskinen stenger du av systemgjenoppretting, restarter og setter på systemgjenoppretting igjen. Dersom du ikke klarer å fjerne virus kan en systemgjenoppretting fungere, velg da et gjenopprettingspunkt hvor du VET du ikke var infisert.

All skanning etter virus og spyware skal du nå foreta i sikkermodus med nettverk.

Følg lenken dersom du ikke vet hvordan du starter i Sikkermodus med nettverk.

Foreta en virusskanning i nettleseren din med BitDefender. Dersom du finner virus starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Deretter tar du en spywaresjekk med Ewido Onlinescan. Dersom du finner spyware starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Så snart du har fått til å kjøre begge skannerne uten at de gir indikasjon på virus eller spyware er du ferdig med å skanne og skal starte maskinen i vanlig modus igjen.

Deretter kan du gå videre til å installere antivirusprogramvare og antispyware dersom du ikke har noe slikt fra før. Slike programmer finner du på oss.viztnd.com/secprog.shtml.

Les her dersom du ønsker informasjon om hva spyware er og hvordan du best mulig kan holde PC-en din ren for dette.

Les her dersom du ønsker lenker til informasjon om hva virus, trojanere og ormer er.

Når det gjelder sikkermodus skal du IKKE gjøre noe annet imens, dvs du skal ikke sitte og surfe her eller andre steder. Dette fordi du da kan starte spionprogrammene eller virusene manuelt.

Ovenstående svar med virus og spywaresjekk er basert på en utvidelse for Firefox som henter hurtigsvar på enkelte gjentagende spørsmål. Svarene hentes fra http://hurtigsvar.viztnd.com og utvidelsen til Firefox kan hentes fra www.home.no/apepost for de som ønsker det.

Kimelimm · 2. juni 2007

For og bumpe denne for HJT logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 16:46:41, on 02.06.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\MSI\Live Update 3\LMonitor.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DAEMON Tools\daemon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\SiteAdvisor\6066\SAService.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SeekNewLive Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Programfiler\SNLBar\SNLBar.dll

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [spyLocked 4.1] "C:\Programfiler\SpyLocked 4.1\SpyLocked 4.1.exe" /h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programfiler\SiteAdvisor\6066\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: License Management Service ESD - Unknown owner - C:\Programfiler\Fellesfiler\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programfiler\SiteAdvisor\6066\SAService.exe

norbat · 2. juni 2007

HJT-loggen viser ingen spesielle infeksjoner. Ta gjerne å kjøre gjennom de onlinescannerne som Jallebo henviser til.

Du kan også gjøre dette (før eller etter):

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix. (vanligvis c:\combofix.txt)

Kimelimm · 3. juni 2007

Combofix logg!

Klikk for å se/fjerne innholdet nedenfor

"Kim" - 2007-06-03 16:36:25 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Programfiler\Mozilla Firefox\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\install.log"

"C:\WINDOWS\system32\components"

"C:\Programfiler\Fellesfiler\{3CD49~1"

"C:\Programfiler\Fellesfiler\{DCD49~1"

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

2007-06-03 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Spybot - Search & Destroy

2007-06-02 14:55 <DIR> d-------- C:\Programfiler\AudioCommander

2007-06-02 12:24 4,552 --ahs---- C:\WINDOWS\system32\rerolpxew.dat

2007-06-02 12:15 <DIR> d-------- C:\Programfiler\Alwil Software

2007-06-02 00:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-06-02 00:38 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\SUPERAntiSpyware.com

2007-05-31 12:26 <DIR> d-------- C:\Programfiler\Koei

2007-05-31 12:25 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\InstallShield Installation Information

2007-05-31 07:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-05-29 07:33 <DIR> d-------- C:\Program Files

2007-05-28 02:18 <DIR> d-------- C:\GameRival

2007-05-26 19:07 <DIR> d-------- C:\Programfiler\Celestia

2007-05-24 19:51 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-05-21 21:02 <DIR> d-------- C:\Programfiler\AMX Mod X

2007-05-21 16:00 <DIR> d-------- C:\Programfiler\Rapidshare Unlimited

2007-05-21 15:58 <DIR> d-------- C:\Programfiler\Rapidown

2007-05-17 23:23 <DIR> d-------- C:\Programfiler\Skype

2007-05-17 23:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2007-05-17 23:23 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Skype

2007-05-17 23:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Skype

2007-05-17 21:44 <DIR> d-------- C:\Programfiler\FileZilla Client

2007-05-17 21:44 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\FileZilla

2007-05-17 21:34 <DIR> d-------- C:\Programfiler\FileZilla

2007-05-17 20:53 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-05-17 20:53 <DIR> d-------- C:\Programfiler\Hamachi2

2007-05-17 20:51 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Hamachi

2007-05-17 18:14 <DIR> d-------- C:\PacSteam

2007-05-17 18:11 <DIR> d-------- C:\GMOD10

2007-05-17 01:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Thraex Software

2007-05-14 20:19 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll

2007-05-14 20:19 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2007-05-14 20:16 <DIR> d-------- C:\Programfiler\Codemasters

2007-05-14 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2007-05-14 19:54 <DIR> d-------- C:\ps

2007-05-14 15:44 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Thinstall

2007-05-13 23:52 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2007-05-13 23:52 <DIR> d-------- C:\DOCUME~1\Kim\SystemRequirementsLab

2007-05-13 23:20 <DIR> d-------- C:\Temp

2007-05-13 23:18 <DIR> d-------- C:\Programfiler\Xilisoft

2007-05-13 23:17 <DIR> d-------- C:\Programfiler\SNLBar

2007-05-13 23:12 <DIR> d-------- C:\Programfiler\AliveMedia

2007-05-13 23:10 <DIR> d-------- C:\Programfiler\MIKSOFT

2007-05-12 13:30 <DIR> d---s---- C:\DOCUME~1\Kim\UserData

2007-05-12 13:18 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-05-12 13:08 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL

2007-05-12 12:58 79,360 --a------ C:\WINDOWS\system32\lfeps13s.dll

2007-05-12 12:58 74,752 --a------ C:\WINDOWS\system32\lfgif13s.dll

2007-05-12 12:58 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL

2007-05-12 12:58 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2007-05-12 12:58 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll

2007-05-12 12:58 194,248 --a------ C:\WINDOWS\system32\LTRFD13n.DLL

2007-05-12 12:58 185,856 --a------ C:\WINDOWS\system32\lfpng13s.dll

2007-05-12 12:57 930,992 --------- C:\WINDOWS\system32\Ltr13n.dll

2007-05-12 12:57 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll

2007-05-12 12:57 80,896 --------- C:\WINDOWS\system32\lfwmf13s.dll

2007-05-12 12:57 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll

2007-05-12 12:57 73,728 --a------ C:\WINDOWS\system32\MMAviAx.dll

2007-05-12 12:57 73,728 --------- C:\WINDOWS\system32\lffax13n.dll

2007-05-12 12:57 70,144 --------- C:\WINDOWS\system32\lfbmp13s.dll

2007-05-12 12:57 65,536 --------- C:\WINDOWS\system32\lfpcx13s.dll

2007-05-12 12:57 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll

2007-05-12 12:57 64,512 --------- C:\WINDOWS\system32\lftga13s.dll

2007-05-12 12:57 59,904 --------- C:\WINDOWS\system32\lfpcd13s.dll

2007-05-12 12:57 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll

2007-05-12 12:57 409,600 --------- C:\WINDOWS\system32\LFCMP13s.DLL

2007-05-12 12:57 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL

2007-05-12 12:57 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll

2007-05-12 12:57 306,352 --------- C:\WINDOWS\system32\Ltrio13n.dll

2007-05-12 12:57 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll

2007-05-12 12:57 283,648 --------- C:\WINDOWS\system32\LFJ2K13s.dll

2007-05-12 12:57 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll

2007-05-12 12:57 24,576 --------- C:\WINDOWS\system32\lftga13n.dll

2007-05-12 12:57 204,881 --a------ C:\WINDOWS\system32\DiskIO.dll

2007-05-12 12:57 2,079,232 --------- C:\WINDOWS\system32\LTCLR13s.dll

2007-05-12 12:57 167,936 --------- C:\WINDOWS\system32\lftif13s.dll

2007-05-12 12:57 155,721 --a------ C:\WINDOWS\system32\RALMain.dll

2007-05-12 12:57 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL

2007-05-12 12:57 143,360 --------- C:\WINDOWS\system32\lftif13n.dll

2007-05-12 12:57 126,976 --a------ C:\WINDOWS\system32\AVIPrAx.dll

2007-05-12 12:57 12,288 --------- C:\WINDOWS\system32\LMLRes.dll

2007-05-12 12:57 116,224 --------- C:\WINDOWS\system32\lffax13s.dll

2007-05-12 12:57 110,080 --------- C:\WINDOWS\system32\lfpsd13s.dll

2007-05-12 12:57 105,984 --------- C:\WINDOWS\system32\lfpct13s.dll

2007-05-12 12:57 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll

2007-05-12 12:57 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll

2007-05-12 12:54 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll

2007-05-12 12:54 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll

2007-05-12 12:38 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-05-12 12:38 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL

2007-05-12 12:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\SmartSound Software Inc

2007-05-12 12:33 57,856 --a------ C:\WINDOWS\system32\masd32.dll

2007-05-12 12:33 41,219 --a------ C:\WINDOWS\RSETPATH.exe

2007-05-12 12:33 27,648 --a------ C:\WINDOWS\system32\ma32.dll

2007-05-12 12:33 196,096 --a------ C:\WINDOWS\system32\macd32.dll

2007-05-12 12:33 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys

2007-05-12 12:33 138,752 --a------ C:\WINDOWS\system32\mase32.dll

2007-05-12 12:33 136,192 --a------ C:\WINDOWS\system32\mamc32.dll

2007-05-12 12:31 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-05-12 12:31 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-05-12 12:31 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL

2007-05-12 12:31 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-05-12 12:31 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-05-12 12:31 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll

2007-05-12 12:31 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-05-12 12:31 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-05-12 12:31 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-05-12 12:31 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-05-12 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Pinnacle Studio

2007-05-12 12:25 <DIR> d-------- C:\DAEMON Tools

2007-05-12 01:27 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\teamspeak2

2007-05-11 15:01 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Help

2007-05-07 15:35 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-05-07 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Microsoft Help

2007-05-06 14:49 <DIR> d-------- C:\Programfiler\Alias

2007-05-06 14:46 <DIR> d-------- C:\FLEXLM

2007-05-06 13:36 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-05-06 13:00 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS

2007-05-06 13:00 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys

2007-05-06 13:00 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll

2007-05-06 13:00 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL

2007-05-06 13:00 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys

2007-05-06 13:00 383 --a------ C:\WINDOWS\system32\haspdos.sys

2007-05-06 13:00 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS

2007-05-06 13:00 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL

2007-05-06 13:00 <DIR> d-------- C:\DOCUME~1\Kim\WINDOWS

2007-05-04 07:30 <DIR> dr-h----- C:\DOCUME~1\Kim\Siste

2007-05-03 07:26 <DIR> d-------- C:\Programfiler\Half-Life 2

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 14:37:37 70,906 ----a-w C:\WINDOWS\system32\perfc014.dat

2007-06-03 14:37:37 405,254 ----a-w C:\WINDOWS\system32\perfh014.dat

2007-06-03 14:33:06 -------- d-----w C:\Programfiler\Steam

2007-06-03 13:48:13 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\uTorrent

2007-06-02 12:37:57 -------- d-----w C:\Programfiler\AV Vcs 4.0 DIAMOND

2007-06-02 10:01:35 -------- d-----w C:\Programfiler\SUPERAntiSpyware

2007-06-01 22:26:35 7,168 --s-a-w C:\WINDOWS\system32\eeuydc.dll

2007-06-01 19:13:01 -------- d-----w C:\Programfiler\Cheat Engine

2007-05-31 10:29:54 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-21 19:10:10 -------- d-----w C:\Programfiler\Valve

2007-05-18 13:13:48 -------- d-----w C:\Programfiler\Virtual Sailor

2007-05-16 11:38:30 -------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-05-12 10:47:19 -------- d-----w C:\Programfiler\VirtualDJ

2007-05-12 10:38:15 93 ----a-w C:\AUTOEXEC.BAT

2007-05-12 10:24:58 -------- d-----w C:\Programfiler\DAEMON Tools

2007-05-07 13:36:55 -------- d-----w C:\Programfiler\Pcsx2

2007-05-06 18:20:11 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Ahead

2007-05-06 10:56:54 -------- d-----w C:\Programfiler\Fellesfiler\Autodesk Shared

2007-05-02 18:15:57 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\MayaWebBrowser

2007-05-02 17:45:43 -------- d-----w C:\Programfiler\QuickTime

2007-05-01 18:49:46 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\SiteAdvisor

2007-05-01 10:05:37 -------- d-----w C:\Programfiler\THQ

2007-04-30 20:33:02 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Notepad++

2007-04-30 20:30:00 -------- d-----w C:\Programfiler\Winamp

2007-04-30 19:14:42 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\WinMX Music

2007-04-30 18:54:54 -------- d-----w C:\Programfiler\WinMX

2007-04-30 18:52:51 -------- d-----w C:\Programfiler\WinMX Music

2007-04-30 10:07:17 -------- d-----w C:\Programfiler\Bus Driver

2007-04-29 13:23:03 -------- d-----w C:\Programfiler\Autodesk

2007-04-26 20:41:29 -------- d-----w C:\Programfiler\The Rosetta Stone

2007-04-23 19:40:09 -------- d-----w C:\Programfiler\Image-Line

2007-04-23 19:39:59 -------- d-----w C:\Programfiler\ASIO4ALL v2

2007-04-23 19:35:27 -------- d-----w C:\Programfiler\Steinberg

2007-04-20 04:46:41 -------- d-----w C:\Programfiler\CAPCOM

2007-04-19 19:35:38 -------- d-----w C:\Programfiler\Yahoo!

2007-04-18 15:35:37 -------- d-----w C:\Programfiler\SiteAdvisor

2007-04-18 13:12:48 670 ----a-w C:\WINDOWS\mozver.dat

2007-04-18 05:16:25 -------- d-----w C:\Programfiler\e frontier

2007-04-17 19:42:02 -------- d-----w C:\Programfiler\Fellesfiler\LightScribe

2007-04-17 19:32:17 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-04-17 15:41:56 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\e frontier

2007-04-17 15:41:42 3,120 ----a-w C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll

2007-04-17 14:38:16 -------- d-----w C:\Programfiler\GameHouse

2007-04-16 17:01:23 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Media Player Classic

2007-04-16 17:00:43 -------- d-----w C:\Programfiler\K-Lite Codec Pack

2007-04-16 13:34:19 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Steinberg

2007-04-14 12:46:53 -------- d-----w C:\Programfiler\Fellesfiler\Sandlot Shared

2007-04-14 10:28:34 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Lavasoft

2007-04-14 10:06:13 0 ----a-w C:\WINDOWS\PowerReg.dat

2007-04-14 10:05:14 -------- d-----w C:\Programfiler\Infogrames

2007-04-14 07:17:37 16 ----a-w C:\WINDOWS\guiinfo.dat

2007-04-13 13:05:36 -------- d-----w C:\Programfiler\Bonjour

2007-04-13 13:03:25 -------- d-----w C:\Programfiler\MessengerDiscovery

2007-04-13 13:02:56 -------- d-----w C:\Programfiler\MSN Messenger

2007-04-12 15:29:29 -------- d-----w C:\DOCUME~1\Kim\PROGRA~1\Teleca

2007-04-12 15:26:48 -------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared

2007-04-12 15:13:07 8,704 ----a-w C:\WINDOWS\system32\sporder.dll

2007-04-12 15:12:58 23,040 ----a-w C:\WINDOWS\system32\mszsrn32.dll

2007-04-12 14:44:38 -------- d-----w C:\Programfiler\Realtek

2007-04-12 14:44:19 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-04-12 14:38:37 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-04-12 14:36:45 0 ----a-w C:\WINDOWS\nsreg.dat

2007-04-12 14:24:07 0 ----a-w C:\CONFIG.SYS

2007-04-12 14:19:55 21,704 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-04-12 14:19:28 -------- d-----w C:\Programfiler\Messenger

2007-04-11 14:18:08 -------- d-----w C:\Programfiler\Syncrosoft

2007-04-10 13:41:21 -------- d-----w C:\Programfiler\Fellesfiler\Avid

2007-04-10 13:39:04 -------- d-----w C:\Programfiler\Fellesfiler\Softimage

2007-04-09 17:21:34 -------- d-----w C:\Programfiler\XSI

2007-04-09 10:49:39 -------- d-----w C:\Programfiler\Purrint

2007-04-09 00:01:56 -------- d-----w C:\Programfiler\Cake Mania

2007-04-09 00:00:49 -------- d-----w C:\Programfiler\ReflexiveArcade

2007-04-08 23:33:10 -------- d-----w C:\Programfiler\Stand O`Food

2007-03-23 17:19:10 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe

2007-03-21 12:49:20 16,126,464 ----a-w C:\WINDOWS\RTHDCPL.exe

2007-03-16 13:06:54 1,822,720 ----a-w C:\WINDOWS\SkyTel.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{0CB66BA8-5E1F-4963-93D1-E1D6B78F0212}=C:\Programfiler\SNLBar\SNLBar.dll [2007-04-20 16:27]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 01:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [2006-06-07 14:22]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 17:42]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-05-02 19:45]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"Steam"="c:\programfiler\steam\steam.exe" [2007-06-02 10:19]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-04-12 17:11]

"DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 01:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="C:\WINDOWS\system32\eeuydc.dll" [2007-06-02 00:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyLocked 4.1]

"C:\Programfiler\SpyLocked 4.1\SpyLocked 4.1.exe" /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]

C:\WINDOWS\system32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]

C:\WINDOWS\system32\sw24.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 16:45:19

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

********************************************************************

Completion time: 2007-06-03 16:46:20

C:\ComboFix-quarantined-files.txt ... 2007-06-03 16:46

--- E O F ---

norbat · 3. juni 2007

Gjør følgende:

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

| {44e670f2-d57b-4815-a576-955d17dbbf2d}

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyLocked 4.1

Files to delete:

C:\WINDOWS\system32\eeuydc.dll

Folders to delete:

C:\Programfiler\SpyLocked 4.1

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Den poster du sammen med en ny HJT-logg. Fortell også hvordan det går med 'varselet'

Kimelimm · 3. juni 2007

Avenge:

Klikk for å se/fjerne innholdet nedenfor

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\xmajjopb

*******************

Script file located at: \??\C:\xkwnisyf.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\eeuydc.dll deleted successfully.

Folder C:\Programfiler\SpyLocked 4.1 not found!

Deletion of folder C:\Programfiler\SpyLocked 4.1 failed!

Could not process line:

C:\Programfiler\SpyLocked 4.1

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyLocked 4.1 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OMG DET RE BORTE! Ser ikke den kukk"kanten" lenger!

Endret 3. juni 2007 av Kimelimm

norbat · 3. juni 2007

Lag en ny Combofix-logg.

Etterpå laster du ned CCleaner.

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......."

Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Saker' til det ikke finner flere feil.

Restart pc'n.

Kimelimm · 3. juni 2007

ok Combofix igjen

Klikk for å se/fjerne innholdet nedenfor

"Kim" - 2007-06-03 17:40:18 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Kim\Skrivebord\"

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

2007-06-03 17:34 <DIR> dr-h----- C:\DOCUME~1\Kim\Siste

2007-06-03 17:18 <DIR> d-------- C:\avenger

2007-06-03 16:46 49,152 --a------ C:\WINDOWS\nircmd.exe