storken Skrevet 15. juni 2007 Del Skrevet 15. juni 2007 En engelsk kamerat av meg sendte meg ei zippa fil med teksten "look at these pictures of me". Så jeg tenkte jaja og lasta den ned. Jeg høyreklikka på zip fila og lot avast! scanne den for virus. den ga grønt lys så jeg unzippa fila og helvete var løs. Viruset sender til andre folk med jevne mellomrom, musa fryser og den sender til alle kontakter før den er ferdig. Jeg kjørte igjennom SAS, den fant ingenting men jeg klarte ikke å få en logg ut av det programmet. Hijackthis logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:54:06, on 15.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programfiler\Razer\razerhid.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\Razer\razerofa.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Java\jre1.5.0_06\bin\jucheck.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [razer] C:\Programfiler\Razer\razerhid.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [EA Core] "C:\Programfiler\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.no/ O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {0A130B1A-2BF8-4778-B289-850E3F2E5794} - syshelps.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe Hva skal jeg gjøre? Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 06/15/2007 at 05:51 PM Application Version : 3.8.1002 Core Rules Database Version : 3255 Trace Rules Database Version: 1266 Scan type : Custom Scan Total Scan Time : 00:57:46 Memory items scanned : 73 Memory threats detected : 0 Registry items scanned : 6397 Registry threats detected : 0 File items scanned : 54394 File threats detected : 31 Adware.Tracking Cookie C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@handbag[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@mb[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@overture[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@admarketplace[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@2o7[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@cgi-bin[2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@tripod[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@adtech[2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@serving-sys[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@handbag[2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@adbrite[2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@toplist[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer stork@bravenetmedianetwork[1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][2].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt C:\Documents and settings\Kristoffer Stork\Cookies\kristoffer [email protected][1].txt Lenke til kommentar
norbat Skrevet 15. juni 2007 Del Skrevet 15. juni 2007 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) Deretter: Hent DrWeb (Engangsscanner) Restart i Sikker modus (tapp F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Gi tilbakemelding på om den fant noe. Last så ned Rootchk og legg det på skrivebordet. Kjør programmet. Det scanner for div. rootkit Hvis det fant noe poster du loggen. Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 combofix vil ikke gi meg noen loggfil, starter opp de andre testene nå Lenke til kommentar
norbat Skrevet 15. juni 2007 Del Skrevet 15. juni 2007 combofix vil ikke gi meg noen loggfil, starter opp de andre testene nå 8870548[/snapback] Og du har sjekke under C:\ (evt. ta et søk etter combofix.txt) Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 jepp, søket ga ikke treff det heller, skal ta ett nytt søk etter drweb er ferdig. Skal combo være i normal eller sikkerhetsmodus? Drweb har funnet/fikset dette til nå: syshelps.dll c:\windows\system32 win32.HLLW.sudoku deleted mirc.exe c:\programfiler/mIRC program.mirc.621 renamed ca på 50% ferdig nå Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 combofix log klar Klikk for å se/fjerne innholdet nedenfor ComboFix 07-06-13.3 - C:\Documents and settings\Kristoffer Stork\Skrivebord\ComboFix.exe"Kristoffer Stork" - 2007-06-16 0:27:19 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 ))))))))))))))))))))))))))))))) 2007-06-15 23:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-15 21:17 <DIR> d-------- C:\DOCUME~1\KRISTO~1\DoctorWeb 2007-06-15 21:06 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-15 21:06 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste 2007-06-15 21:06 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-06-15 21:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-06-15 21:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-06-15 21:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-06-15 21:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-06-15 21:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-06-15 21:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-06-15 21:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-06-15 21:06 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Help 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\CyberLink 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Ahead 2007-06-15 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\AdobeUM 2007-06-15 20:47 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-15 16:39 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-06-15 16:39 <DIR> d-------- C:\DOCUME~1\KRISTO~1\PROGRA~1\SUPERAntiSpyware.com 2007-06-15 16:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-06-15 14:37 <DIR> d-------- C:\Programfiler\Lavasoft 2007-06-15 14:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Lavasoft 2007-06-14 16:24 <DIR> d-------- C:\WINDOWS\pss 2007-06-14 14:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy 2007-06-09 00:30 <DIR> d-------- C:\Programfiler\PowerISO 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-22 13:44 90,800 -ra------ C:\WINDOWS\system32\drivers\se46unic.sys 2007-05-22 13:44 88,624 -ra------ C:\WINDOWS\system32\drivers\se46mgmt.sys 2007-05-22 13:44 4,128 -ra------ C:\WINDOWS\system32\drivers\se46cr.sys 2007-05-22 13:44 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys 2007-05-22 13:43 97,088 -ra------ C:\WINDOWS\system32\drivers\se46mdm.sys 2007-05-22 13:43 9,360 -ra------ C:\WINDOWS\system32\drivers\se46mdfl.sys 2007-05-22 13:43 86,432 -ra------ C:\WINDOWS\system32\drivers\se46obex.sys 2007-05-22 13:43 61,536 -ra------ C:\WINDOWS\system32\drivers\se46bus.sys 2007-05-22 13:43 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cmnt.sys 2007-05-22 13:43 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cm.sys 2007-05-22 13:43 5,872 -ra------ C:\WINDOWS\system32\drivers\se46whnt.sys 2007-05-22 13:43 5,872 -ra------ C:\WINDOWS\system32\drivers\se46wh.sys 2007-05-22 13:43 <DIR> d-------- C:\DOCUME~1\KRISTO~1\PROGRA~1\Teleca 2007-05-22 13:42 <DIR> d-------- C:\DOCUME~1\KRISTO~1\PROGRA~1\Sony Ericsson 2007-05-22 13:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Sony Ericsson 2007-05-22 13:38 <DIR> d-------- C:\Programfiler\Sony Ericsson 2007-05-22 13:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Teleca Shared 2007-05-22 13:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared 2007-05-22 13:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Teleca (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-15 22:29:37 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\uTorrent 2007-06-15 22:10:11 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-06-15 20:27:27 -------- d-----w C:\Programfiler\mIRC 2007-06-15 14:39:22 -------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-06-15 10:09:43 -------- d-----w C:\Programfiler\World of Warcraft 2007-06-14 05:05:14 -------- d-----w C:\Programfiler\DAEMON Tools 2007-06-06 00:09:55 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\Skype 2007-06-03 16:45:18 -------- d-----w C:\Programfiler\Mozilla Thunderbird 2007-05-25 19:37:30 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\AdobeUM 2007-05-21 13:04:04 76,834 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-05-21 13:04:04 421,038 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-05-01 16:48:18 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\teamspeak2 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-27 23:51:45 -------- d-----w C:\Programfiler\Winamp 2007-04-27 23:51:20 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\MusicIP 2007-04-24 22:04:50 -------- d-----w C:\DOCUME~1\KRISTO~1\PROGRA~1\ATI 2007-04-24 22:02:20 -------- d-----w C:\Programfiler\ATI Technologies 2007-04-24 22:01:40 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-03-22 19:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 20:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2004-04-02 13:31 C:\WINDOWS\Dit.exe] "CHotkey"="mHotkey.exe" [2004-02-24 14:05 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2004-02-03 17:15 C:\WINDOWS\CNYHKey.exe] "ATIPTA"="atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe] "razer"="C:\Programfiler\Razer\razerhid.exe" [2005-05-17 18:21] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-15 17:11] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-04-25 17:44] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2006-06-12 17:33] "µTorrent"="C:\Programfiler\uTorrent\utorrent.exe" [2006-07-02 18:29] "EA Core"="C:\Programfiler\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{0A130B1A-2BF8-4778-B289-850E3F2E5794}"="syshelps.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] Contents of the 'Scheduled Tasks' folder 2007-06-07 20:13:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 00:29:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-16 0:30:44 --- E O F --- Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 Rootchk logg: Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh2007-06-16 0:36:17.59 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 00:36:17 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 dette er hva drweb fant. Lenke til kommentar
storken Skrevet 15. juni 2007 Forfatter Del Skrevet 15. juni 2007 virker som det har blitt fjerna. skal sjekke om det kommer tilbake iløpet av kvelden Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå