DennisDanielsen Skrevet 6. juli 2007 Del Skrevet 6. juli 2007 (endret) Heisann, vet ikke om det er rette forum å poste i. men uansett... Jeg har tydligvis fått 2-3 virus på pc'n. Det ene jeg vet jeg har er msn viruset der du sende en zippa mappe med "myphoto" og sendre ut diverse meldinger for å lokke folk til å godta sendingen. Jeg var lite våken da jeg godtok, pakka ut, og trykkte på filen. Trenger ikke forklare mer. Dere har helt sikkert hørt om det. Deta andre er jeg ikke sikker på hva er. men jeg får masse popups med IE,(jeg bruker firefox). Jeg legger ved 2 bilder der dere ser viruset i aksjon. De vil ha meg til å installe "errorsafe" som jeg har hatt før, hehehe Det 3. vet jeg ikke noe om. det bare var et ikon på¨skrivebordet jeg ikke hadde sett før da jeg kom tilbake til pc'n etter å ha vert ute. heh er ikke sikker om det er virus heller, men tar ikke sjansen å trykke på det. Er det noen som har et program å anbefale for å fjerne disse lett?! errorsafe og det andre ikonet kom etter jeg fikk msn viruset, som sakt... på bilde to ser dere ikonet med utropstegn til høyre jeg re rskeptisk til EDIT: like etter jeg postet kommer denne poppupen frem: Og rett etter poppupen begynner msn-viruset å sende ut "myphoto" Med det samme jeg har lakt en post har jeg et annet problem jeg trenger hjelp med.. Etter hver gang jeg har spilt et spill " feks BF2, kommer det opp et vindu med følgende beskjed: det har skjed en feil med skriptet på denne siden blablablabla, vil du fortsatt kjøre skrpit på denne siden. uansett hva jeg trykker kommer den tilbake neste gang.. har et scrn shot av det også Sorry for rot med forskjeliig størrelse på bilde:P Endret 6. juli 2007 av DennisDanielsen Lenke til kommentar
Rulator Skrevet 6. juli 2007 Del Skrevet 6. juli 2007 ok adaware = scanning fjerner det meste avg free = aktivt virus program firefox = mye sikrere enn internett explorer lykke til:) si ifra hvis det ikke funker Lenke til kommentar
PerB Skrevet 6. juli 2007 Del Skrevet 6. juli 2007 Prøv også med Housecall fra Trend Micro (http://no.trendmicro-europe.com/index_consumer.php) Dette er en online virusskanner. Anbefaler også at du installerer antivirus på maskinen din. Ikke alle virus "skriker ut" at de er der. Lenke til kommentar
norbat Skrevet 6. juli 2007 Del Skrevet 6. juli 2007 (endret) Last ned DrWeb og legg det på skrivebordet Last ned SDFix til skrivebordet. Pakk det ut. Det vil som default opprette ei mappe i C:\SDFix Restart i Sikker modus (trykkk flere gange på F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du senere Kjør deretter RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) Restart i normal modus Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen med loggen fra DrWeb og SDFix Endret 6. juli 2007 av norbat Lenke til kommentar
DennisDanielsen Skrevet 6. juli 2007 Forfatter Del Skrevet 6. juli 2007 Last ned DrWeb og legg det på skrivebordet Last ned SDFix til skrivebordet. Pakk det ut. Det vil som default opprette ei mappe i C:\SDFix Restart i Sikker modus (trykkk flere gange på F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du senere Kjør deretter RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) Restart i normal modus Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen med loggen fra DrWeb og SDFix 9014669[/snapback] Det du sier jeg skal poste, mener du her på fprumet? Lenke til kommentar
Alastor Skrevet 6. juli 2007 Del Skrevet 6. juli 2007 Ja, det mener han . Om du har gjort alt han har sagt så. Lenke til kommentar
DennisDanielsen Skrevet 6. juli 2007 Forfatter Del Skrevet 6. juli 2007 (endret) OK. Skjønte ikke helt hva SDfix skulle være med på? bar elage det raporten? anyway... SDFix: Version 1.90 Run by Dennis on 06.07.2007 at 13:01 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\DOCUME~1\Dennis\SKRIVE~1\SDFix\SDFix Safe Mode: Checking Services: Name: msupdate NtmlSvc ImagePath: c:\windows\system32\msvcrtd.exe %SystemRoot%\System32\svchost.exe -k netsvcs msupdate - Deleted NtmlSvc - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Service xpdx - Deleted after Reboot Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\201683~1 - Deleted C:\Programfiler\Fellesfiler\Microsoft Shared\Web Folders\ibm00001.dll - Deleted C:\Programfiler\Fellesfiler\Microsoft Shared\Web Folders\ibm00002.dll - Deleted C:\WINDOWS\b122.exe - Deleted C:\WINDOWS\b128.exe - Deleted C:\WINDOWS\myalbum2007.zip - Deleted C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted C:\WINDOWS\Temp\$_2341233.TMP - Deleted C:\WINDOWS\Temp\$_2341234.TMP - Deleted C:\WINDOWS\Temp\$b17a2e8.tmp - Deleted C:\WINDOWS\wr.txt - Deleted C:\WINDOWS\system32\xpdx.sys - Deleted Folder C:\Programfiler\InetGet2 - Removed Removing Temp Files... ADS Check: Checking C:\WINDOWS C:\WINDOWS No streams found. Checking C:\WINDOWS\system32 C:\WINDOWS\system32 No streams found. Checking C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Checking C:\WINDOWS\system32\ntoskrnl.exe C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "C:\\Programfiler\\uTorrent\\utorrent.exe"="C:\\Programfiler\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "D:\\Spill\\FEAR\\FEAR.exe"="D:\\Spill\\FEAR\\FEAR.exe:*:Enabled:FEAR" "D:\\Spill\\Battlefield 2142\\BF2142.exe"="D:\\Spill\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" "C:\\Programfiler\\mIRC\\mirc.exe"="C:\\Programfiler\\mIRC\\mirc.exe:*:Enabled:mIRC" "D:\\Spill\\FEAR\\FEARServer.exe"="D:\\Spill\\FEAR\\FEARServer.exe:*:Enabled:F.E.A.R. Stand-Alone Server" "C:\\Programfiler\\Steam\\steamapps\\dennisdanielsen\\counter-strike source\\hl2.exe"="C:\\Programfiler\\Steam\\steamapps\\dennisdanielsen\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Programfiler\\Xfire\\xfire.exe"="C:\\Programfiler\\Xfire\\xfire.exe:*:Enabled:Xfire" "C:\\Programfiler\\Steam\\steamapps\\dennisdanielsen\\source dedicated server\\srcds.exe"="C:\\Programfiler\\Steam\\steamapps\\dennisdanielsen\\source dedicated server\\srcds.exe:*:Enabled:srcds" "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"="C:\\Programfiler\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\\Spill\\Battlefield 2\\BF2.exe"="D:\\Spill\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"="C:\\Programfiler\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\Dennis\SKRIVE~1\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Dennis\Mine dokumenter\Battlefield 2\LogoCache\www.gamearena.com.au\Thumbs.db C:\Documents and Settings\Dennis\Mine dokumenter\Mine bilder\Motor\MC\Bicepicz.com\Thumbs.db C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity\n?tepad.exe C:\Documents and Settings\Dennis\Mine dokumenter\?ystem\logonui.exe C:\Documents and Settings\Dennis\Mine dokumenter\?ystem\logonui.exe~ C:\Programfiler\Fellesfiler\Yazzle1122OinAdmin.exe C:\Programfiler\Fellesfiler\Yazzle1122OinUninstaller.exe Finished DR.Web rapporten... sacc.exe...........c:\programfiler\surfaccuracy..........Adware.SurfAcc ctqddt.exe.........c:\windows...................................Adware.SurfAcc retadpu420.exe..c:\windows...................................Trojan.DownLoader.24772-Deleted. msvcrtd.exe.......c:\windows\system32....................DDoS.BEnergy--------------Deleted. sysprinters.dll.....c:\windows\system32....................Win32.HLLW.Sodoku-------Deleted. EDIT: får fortsatt reklame popups... tror jeg har fått fjerna msn-viruset doh. =) Noen som kan hjelpe ASAP! ?! Endret 6. juli 2007 av DennisDanielsen Lenke til kommentar
Anorshan Skrevet 7. juli 2007 Del Skrevet 7. juli 2007 Ja. Jeg har hatt det samme før. Det første bildet er et pop up som sendes til alle. Ikke innstaller det. Det er VIRUS! Det er Troja viruset Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 Her har du hijackThis loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:53:06, on 02.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4AD8F4BE-110F-48F2-2905-39B6024AF3CE} - C:\WINDOWS\system32\jfop.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [surfAccuracy] C:\Programfiler\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\ctqddt.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WinPop] C:\Programfiler\WinPop\winpop.exe O4 - HKCU\..\Run: [Tsrs] "C:\DOCUME~1\Dennis\MINEDO~1\YSTEM~1\logonui.exe" -vt ndrv O4 - HKCU\..\Run: [Edwru] "C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity\n?tepad.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Programfiler\NetTime\NeTmSvNT.exe -- End of file - 5103 bytes Noen som kan hjelpe videre? MVH Dennis Lenke til kommentar
norbat Skrevet 2. august 2007 Del Skrevet 2. august 2007 Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Last ned SAS, installer og oppdater. Vent med å kjøre programmet. Restart i sikker modus (tapp F8 under oppstart) Bruk utforsker til å finne og slette (i fet): C:\Programfiler\SurfAccuracy C:\WINDOWS\ctqddt.exe C:\Programfiler\WinPop C:\DOCUME~1\Dennis\MINEDO~1\YSTEM~1 (~1=forkortelse) C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity (?=vilkårlig tegn) Kjør deretter en full scan med SAS Restart i normal tilstand Post loggen fra SAS (preferences->statistics/logs) og ny HJT-logg Prøv å gjøre det innen en måned Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 (endret) Skal gjøre det np. stay online plz Edit: har vert i malaysia btw, vist det var det du hinta til X) Endret 2. august 2007 av DennisDanielsen Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 Hva mener du med "bruk utforsker?!" skjønner ikke helt hva det første jeg skal gjøre Lenke til kommentar
fatalicus Skrevet 2. august 2007 Del Skrevet 2. august 2007 utforsker er bare den vanlige der du blar deg gjennom mapper. så bare gå til "Min Datmaskin" og C: disken, også blar du deg fremt til, og sletter, de mappene/filene som han har skrevet i fet skrift. Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 aah, bare slette de sånn manuelt ja:P daså heh. takk Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:49, on 02.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity\n?tepad.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Launchy\Launchy.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\dmremote.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4AD8F4BE-110F-48F2-2905-39B6024AF3CE} - C:\WINDOWS\system32\jfop.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WinPop] C:\Programfiler\WinPop\winpop.exe O4 - HKCU\..\Run: [Edwru] "C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity\n?tepad.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Programfiler\NetTime\NeTmSvNT.exe -- End of file - 6080 bytes Lenke til kommentar
norbat Skrevet 2. august 2007 Del Skrevet 2. august 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgede linjer og klikk 'Fix checked': (lukk alle andre programmer før du klikker Fix checked) O2 - BHO: (no name) - {4AD8F4BE-110F-48F2-2905-39B6024AF3CE} - C:\WINDOWS\system32\jfop.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [WinPop] C:\Programfiler\WinPop\winpop.exe O4 - HKCU\..\Run: [Edwru] "C:\Documents and Settings\Dennis\Mine dokumenter\?ecurity\n?tepad.exe" Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Etter en restart: Post loggfilen fra combofix. (vanligvis c:\combofix.txt) + ny HJT-logg (Ønsker også å se en evt. logg fra SAS som du kjørte tidligere). Lenke til kommentar
DennisDanielsen Skrevet 2. august 2007 Forfatter Del Skrevet 2. august 2007 ComboFix LOG ComboFix 07-07-30.2 - "Dennis" 2007-08-03 0:20:07.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.Sann * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\d.exe C:\DOCUME~1\Dennis\MINEDO~1.\ecurit~1 C:\DOCUME~1\Dennis\MINEDO~1.\ecurit~1\n?tepad.exe C:\DOCUME~1\Dennis\MINEDO~1.\ystem~1 C:\WINDOWS\system32\ymbols~1 ((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 ))))))))))))))))))))))))))))))) 2007-08-03 00:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-02 22:45 <DIR> dr-h----- C:\DOCUME~1\Dennis\Siste 2007-08-02 22:27 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-08-02 22:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-02 22:27 <DIR> d-------- C:\DOCUME~1\Dennis\PROGRA~1\SUPERAntiSpyware.com 2007-08-02 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-02 21:52 <DIR> d--hs---- C:\WINDOWS\CSC 2007-08-02 14:53 <DIR> d-------- C:\Programfiler\Trend Micro 2007-08-02 14:29 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-02 14:29 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-08-02 14:29 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Siste 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-07-06 13:01 <DIR> d-------- C:\WINDOWS\ERUNT 2007-07-06 13:00 <DIR> d-------- C:\DOCUME~1\Dennis\DoctorWeb 2007-07-06 03:22 10,830 --a------ C:\DOCUME~1\Dennis\qnlwsx.exe 2007-07-06 02:51 10,830 --a------ C:\DOCUME~1\Dennis\ytapib.exe 2007-07-06 02:42 35,840 --a------ C:\WINDOWS\system32\42435782ld.exe 2007-07-06 01:24 1,536 --a------ C:\vbhq.exe 2007-07-04 21:46 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-07-04 01:45 10,830 --a------ C:\DOCUME~1\Dennis\ydvapj.exe 2007-07-04 01:34 10,830 --a------ C:\DOCUME~1\Dennis\tupuzi.exe 2007-07-04 01:18 10,830 --a------ C:\DOCUME~1\Dennis\ykyltk.exe 2007-07-03 16:38 10,830 --a------ C:\DOCUME~1\Dennis\hbftcl.exe 2007-07-03 16:21 10,830 --a------ C:\DOCUME~1\Dennis\sncvko.exe 2007-07-03 15:48 10,830 --a------ C:\DOCUME~1\Dennis\xfkjzu.exe 2007-07-03 15:48 10,318 --a------ C:\DOCUME~1\Dennis\kxrftz.exe 2007-07-03 15:47 10,830 --a------ C:\DOCUME~1\Dennis\netrmz.exe 2007-07-03 15:36 124,756 --a------ C:\DOCUME~1\Dennis\qpndbx.exe 2007-07-03 15:25 124,756 --a------ C:\DOCUME~1\Dennis\fqiaxz.exe 2007-07-03 15:21 10,318 --a------ C:\DOCUME~1\Dennis\sofexx.exe 2007-07-03 15:17 10,830 --a------ C:\DOCUME~1\Dennis\lzvmxz.exe 2007-07-03 15:09 10,830 --a------ C:\DOCUME~1\Dennis\uahvvj.exe 2007-07-03 15:09 10,318 --a------ C:\DOCUME~1\Dennis\kcqxzg.exe 2007-07-03 14:49 10,830 --a------ C:\DOCUME~1\Dennis\eajyga.exe 2007-07-03 14:49 10,318 --a------ C:\DOCUME~1\Dennis\yonfdy.exe 2007-07-03 14:41 10,318 --a------ C:\DOCUME~1\Dennis\hsrptb.exe 2007-07-03 14:34 10,830 --a------ C:\DOCUME~1\Dennis\kcvwus.exe 2007-07-03 14:34 1,085,518 --a------ C:\DOCUME~1\Dennis\trinow.exe 2007-07-03 13:55 1,085,518 --a------ C:\DOCUME~1\Dennis\mclurk.exe 2007-07-03 10:33 124,756 --a------ C:\DOCUME~1\Dennis\llnidc.exe 2007-07-03 10:33 10,830 --a------ C:\DOCUME~1\Dennis\syjtpe.exe 2007-07-03 10:20 124,756 --a------ C:\DOCUME~1\Dennis\dsbvrw.exe 2007-07-03 10:20 10,830 --a------ C:\DOCUME~1\Dennis\qsirdc.exe 2007-07-03 10:04 124,756 --a------ C:\DOCUME~1\Dennis\hajytl.exe 2007-07-03 10:04 10,830 --a------ C:\DOCUME~1\Dennis\ryiwpn.exe 2007-07-03 01:53 124,756 --a------ C:\DOCUME~1\Dennis\ivfitn.exe 2007-07-03 01:32 124,756 --a------ C:\DOCUME~1\Dennis\ucyutz.exe 2007-07-03 01:12 124,756 --a------ C:\DOCUME~1\Dennis\yxilwm.exe 2007-07-03 01:03 124,756 --a------ C:\DOCUME~1\Dennis\hbfgws.exe 2007-07-03 01:03 10,830 --a------ C:\DOCUME~1\Dennis\ezcbez.exe 2007-07-03 00:56 124,756 --a------ C:\DOCUME~1\Dennis\uqalut.exe 2007-07-03 00:56 10,830 --a------ C:\DOCUME~1\Dennis\xifxhk.exe 2007-07-03 00:49 10,830 --a------ C:\DOCUME~1\Dennis\qgwsql.exe 2007-07-03 00:48 1,085,518 --a------ C:\DOCUME~1\Dennis\gfgbup.exe 2007-07-03 00:21 10,830 --a------ C:\DOCUME~1\Dennis\duotwk.exe 2007-07-03 00:21 1,085,518 --a------ C:\DOCUME~1\Dennis\jplezl.exe 2007-07-03 00:06 10,830 --a------ C:\DOCUME~1\Dennis\vdtvqf.exe 2007-07-03 00:06 1,085,518 --a------ C:\DOCUME~1\Dennis\wptwiz.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-03 00:08 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\Launchy 2007-08-02 23:13 --------- d-------- C:\Programfiler\DC++ 2007-08-02 22:45 --------- d-------- C:\Programfiler\Steam 2007-08-02 22:45 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\uTorrent 2007-08-02 22:13 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\Xfire 2007-08-02 14:53 --------- d---s---- C:\Programfiler\Xfire 2007-07-06 04:45 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-07-05 04:13 --------- d-------- C:\Programfiler\mIRC 2007-07-02 21:26 --------- d-------- C:\Programfiler\MSN Messenger 2007-07-02 21:12 --------- d-------- C:\Programfiler\Lavasoft 2007-07-01 06:31 24 --a------ C:\DUKE3D.BAT 2007-06-30 02:47 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\teamspeak2 2007-06-29 03:23 0 --a------ C:\AUTOEXEC.VBE 2007-06-29 03:18 21 --a------ C:\RAP.BAT 2007-06-29 03:12 20 --a------ C:\DN3.BAT 2007-06-29 03:12 20 --a------ C:\DN2.BAT 2007-06-29 03:12 20 --a------ C:\DN1.BAT 2007-06-29 03:12 19 --a------ C:\WW.BAT 2007-06-18 00:29 --------- d-------- C:\Programfiler\FlashFXP 2007-06-17 19:49 --------- d-------- C:\Programfiler\Winamp 2007-06-17 18:00 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\igus 2007-06-14 00:26 94636 --a------ C:\WINDOWS\dropcpyr.dll 2007-06-14 00:26 73728 --a------ C:\WINDOWS\copyfstq.exe 2007-06-07 14:08 --------- d-------- C:\Programfiler\Graffiti Studio 2.0 2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-15 18:57 75544 --a------ C:\WINDOWS\system32\perfc014.dat 2007-05-15 18:57 417374 --a------ C:\WINDOWS\system32\perfh014.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "Resume copy"="copyfstq.exe" [2007-06-14 00:26 C:\WINDOWS\copyfstq.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\programfiler\steam\steam.exe" [2007-06-28 17:37] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-07-02 21:26] "µTorrent"="C:\Programfiler\uTorrent\utorrent.exe" [2006-07-02 18:29] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [2007-01-29 18:34] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Synchronizer.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20] Launchy.lnk - C:\Programfiler\Launchy\Launchy.exe [2007-02-25 22:07:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" R0 Imagedrv;Imagedrv;C:\WINDOWS\system32\DRIVERS\imagedrv.sys R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 SASDIFSV;SASDIFSV;\??\C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys R3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys R3 SASENUM;SASENUM;\??\C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys S3 MPE;BDA MPE-filter;C:\WINDOWS\system32\DRIVERS\MPE.sys S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR S3 NetTimeSvc;NetTime;C:\Programfiler\NetTime\NeTmSvNT.exe S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4024a742-9fe6-11db-bd7c-806d6172696f}] AutoRun\command- D:\Run.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b2a742c-d137-11db-8b53-0016e6d59342}] AutoRun\command- N:\Autorun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 00:20:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14A07496-5C12-4877-3ADE-B52F2F57633B}] "bbogfmojbfhijmjcjljjhciiohfnoepmfnib"=hex:69,61,63,65,6d,6a,6d,62,70,61,6d,6c,68,6e,6c,64,63,69,00,00 "abifhcmlgeoleifiipllpieikgmldbahlh"=hex:69,61,63,65,6d,6a,6d,62,70,61,6d,6c,68,6e,6c,64,63,69,00,00 "iaogfmojbfhijmjcjl"=hex:61,61,00,00 "haifhcmlgeoleifi"=hex:61,61,00,00 "iacgnpfdiemocegihe"=hex:61,61,00,00 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice] "ImagePath"="\"C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe\"" Completion time: 2007-08-03 0:21:16 C:\ComboFix-quarantined-files.txt ... 2007-08-03 00:21 --- E O F --- HijackThos LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:25:49, on 03.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\CCleaner\ccleaner.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Programfiler\Launchy\Launchy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Programfiler\NetTime\NeTmSvNT.exe -- End of file - 5575 bytes Lenke til kommentar
norbat Skrevet 3. august 2007 Del Skrevet 3. august 2007 (endret) HJT-loggen din ser fin ut. Combofix-loggen viser noen filer som det lukter bugs av: Klikk for å se/fjerne innholdet nedenfor C:\DOCUME~1\Dennis\qnlwsx.exe C:\DOCUME~1\Dennis\ytapib.exe C:\WINDOWS\system32\42435782ld.exe C:\vbhq.exe C:\DOCUME~1\Dennis\ydvapj.exe C:\DOCUME~1\Dennis\tupuzi.exe C:\DOCUME~1\Dennis\ykyltk.exe C:\DOCUME~1\Dennis\hbftcl.exe C:\DOCUME~1\Dennis\sncvko.exe C:\DOCUME~1\Dennis\xfkjzu.exe C:\DOCUME~1\Dennis\kxrftz.exe C:\DOCUME~1\Dennis\netrmz.exe C:\DOCUME~1\Dennis\qpndbx.exe C:\DOCUME~1\Dennis\fqiaxz.exe C:\DOCUME~1\Dennis\sofexx.exe C:\DOCUME~1\Dennis\lzvmxz.exe C:\DOCUME~1\Dennis\uahvvj.exe C:\DOCUME~1\Dennis\kcqxzg.exe C:\DOCUME~1\Dennis\eajyga.exe C:\DOCUME~1\Dennis\yonfdy.exe C:\DOCUME~1\Dennis\hsrptb.exe C:\DOCUME~1\Dennis\kcvwus.exe C:\DOCUME~1\Dennis\trinow.exe C:\DOCUME~1\Dennis\mclurk.exe C:\DOCUME~1\Dennis\llnidc.exe C:\DOCUME~1\Dennis\syjtpe.exe C:\DOCUME~1\Dennis\dsbvrw.exe C:\DOCUME~1\Dennis\qsirdc.exe C:\DOCUME~1\Dennis\hajytl.exe C:\DOCUME~1\Dennis\ryiwpn.exe C:\DOCUME~1\Dennis\ivfitn.exe C:\DOCUME~1\Dennis\ucyutz.exe C:\DOCUME~1\Dennis\yxilwm.exe C:\DOCUME~1\Dennis\hbfgws.exe C:\DOCUME~1\Dennis\ezcbez.exe C:\DOCUME~1\Dennis\uqalut.exe C:\DOCUME~1\Dennis\xifxhk.exe C:\DOCUME~1\Dennis\qgwsql.exe C:\DOCUME~1\Dennis\gfgbup.exe C:\DOCUME~1\Dennis\duotwk.exe C:\DOCUME~1\Dennis\jplezl.exe C:\DOCUME~1\Dennis\vdtvqf.exe C:\DOCUME~1\Dennis\wptwiz.exe Kunne du ha sjekket de 5 første ved å gå til følgende nettsted og laste de opp for en sjekk: http://virusscan.jotti.org/ Jeg antar at du vil få noen utslag på disse exe-filene. I steden for å slette de manuelt, kan du bruke et antivirusprogram (ser du ikke har noen installert på pc?) som gir melding om et eller annet. 3 gratisprogram (bruk et av dem som gir utslag på filene): AVG free Avast free Avira free Last ned og kjør en full scan med av-programmet. Slett alt det finner Restart pc'n Post loggen/rapporten fra av-scanningen + lag en ny Combofix-logg. Endret 3. august 2007 av norbat Lenke til kommentar
DennisDanielsen Skrevet 3. august 2007 Forfatter Del Skrevet 3. august 2007 ComboFix 07-07-30.2 - "Dennis" 2007-08-03 2:23:38.2 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.Sann ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-03 00:25 <DIR> dr-h----- C:\DOCUME~1\Dennis\Siste 2007-08-03 00:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-02 22:27 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-08-02 22:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-02 22:27 <DIR> d-------- C:\DOCUME~1\Dennis\PROGRA~1\SUPERAntiSpyware.com 2007-08-02 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-02 21:52 <DIR> d--hs---- C:\WINDOWS\CSC 2007-08-02 14:53 <DIR> d-------- C:\Programfiler\Trend Micro 2007-08-02 14:29 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-02 14:29 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-08-02 14:29 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Siste 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-08-02 14:29 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-08-02 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-07-06 13:01 <DIR> d-------- C:\WINDOWS\ERUNT 2007-07-06 13:00 <DIR> d-------- C:\DOCUME~1\Dennis\DoctorWeb 2007-07-04 21:46 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-07-04 01:34 10,830 --a------ C:\DOCUME~1\Dennis\tupuzi.exe 2007-07-04 01:18 10,830 --a------ C:\DOCUME~1\Dennis\ykyltk.exe 2007-07-03 16:38 10,830 --a------ C:\DOCUME~1\Dennis\hbftcl.exe 2007-07-03 16:21 10,830 --a------ C:\DOCUME~1\Dennis\sncvko.exe 2007-07-03 15:48 10,830 --a------ C:\DOCUME~1\Dennis\xfkjzu.exe 2007-07-03 15:48 10,318 --a------ C:\DOCUME~1\Dennis\kxrftz.exe 2007-07-03 15:47 10,830 --a------ C:\DOCUME~1\Dennis\netrmz.exe 2007-07-03 15:36 124,756 --a------ C:\DOCUME~1\Dennis\qpndbx.exe 2007-07-03 15:25 124,756 --a------ C:\DOCUME~1\Dennis\fqiaxz.exe 2007-07-03 15:21 10,318 --a------ C:\DOCUME~1\Dennis\sofexx.exe 2007-07-03 15:17 10,830 --a------ C:\DOCUME~1\Dennis\lzvmxz.exe 2007-07-03 15:09 10,830 --a------ C:\DOCUME~1\Dennis\uahvvj.exe 2007-07-03 15:09 10,318 --a------ C:\DOCUME~1\Dennis\kcqxzg.exe 2007-07-03 14:49 10,830 --a------ C:\DOCUME~1\Dennis\eajyga.exe 2007-07-03 14:49 10,318 --a------ C:\DOCUME~1\Dennis\yonfdy.exe 2007-07-03 14:41 10,318 --a------ C:\DOCUME~1\Dennis\hsrptb.exe 2007-07-03 14:34 10,830 --a------ C:\DOCUME~1\Dennis\kcvwus.exe 2007-07-03 14:34 1,085,518 --a------ C:\DOCUME~1\Dennis\trinow.exe 2007-07-03 13:55 1,085,518 --a------ C:\DOCUME~1\Dennis\mclurk.exe 2007-07-03 10:33 124,756 --a------ C:\DOCUME~1\Dennis\llnidc.exe 2007-07-03 10:33 10,830 --a------ C:\DOCUME~1\Dennis\syjtpe.exe 2007-07-03 10:20 124,756 --a------ C:\DOCUME~1\Dennis\dsbvrw.exe 2007-07-03 10:20 10,830 --a------ C:\DOCUME~1\Dennis\qsirdc.exe 2007-07-03 10:04 124,756 --a------ C:\DOCUME~1\Dennis\hajytl.exe 2007-07-03 10:04 10,830 --a------ C:\DOCUME~1\Dennis\ryiwpn.exe 2007-07-03 01:53 124,756 --a------ C:\DOCUME~1\Dennis\ivfitn.exe 2007-07-03 01:32 124,756 --a------ C:\DOCUME~1\Dennis\ucyutz.exe 2007-07-03 01:12 124,756 --a------ C:\DOCUME~1\Dennis\yxilwm.exe 2007-07-03 01:03 124,756 --a------ C:\DOCUME~1\Dennis\hbfgws.exe 2007-07-03 01:03 10,830 --a------ C:\DOCUME~1\Dennis\ezcbez.exe 2007-07-03 00:56 124,756 --a------ C:\DOCUME~1\Dennis\uqalut.exe 2007-07-03 00:56 10,830 --a------ C:\DOCUME~1\Dennis\xifxhk.exe 2007-07-03 00:49 10,830 --a------ C:\DOCUME~1\Dennis\qgwsql.exe 2007-07-03 00:48 1,085,518 --a------ C:\DOCUME~1\Dennis\gfgbup.exe 2007-07-03 00:21 10,830 --a------ C:\DOCUME~1\Dennis\duotwk.exe 2007-07-03 00:21 1,085,518 --a------ C:\DOCUME~1\Dennis\jplezl.exe 2007-07-03 00:06 10,830 --a------ C:\DOCUME~1\Dennis\vdtvqf.exe 2007-07-03 00:06 1,085,518 --a------ C:\DOCUME~1\Dennis\wptwiz.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-03 02:06 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\Launchy 2007-08-03 01:12 --------- d-------- C:\Programfiler\Steam 2007-08-03 00:54 --------- d-------- C:\Programfiler\DC++ 2007-08-03 00:25 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\uTorrent 2007-08-02 22:13 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\Xfire 2007-08-02 14:53 --------- d---s---- C:\Programfiler\Xfire 2007-07-06 04:45 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-07-05 04:13 --------- d-------- C:\Programfiler\mIRC 2007-07-02 21:26 --------- d-------- C:\Programfiler\MSN Messenger 2007-07-02 21:12 --------- d-------- C:\Programfiler\Lavasoft 2007-07-01 06:31 24 --a------ C:\DUKE3D.BAT 2007-06-30 02:47 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\teamspeak2 2007-06-29 03:23 0 --a------ C:\AUTOEXEC.VBE 2007-06-29 03:18 21 --a------ C:\RAP.BAT 2007-06-29 03:12 20 --a------ C:\DN3.BAT 2007-06-29 03:12 20 --a------ C:\DN2.BAT 2007-06-29 03:12 20 --a------ C:\DN1.BAT 2007-06-29 03:12 19 --a------ C:\WW.BAT 2007-06-18 00:29 --------- d-------- C:\Programfiler\FlashFXP 2007-06-17 19:49 --------- d-------- C:\Programfiler\Winamp 2007-06-17 18:00 --------- d-------- C:\DOCUME~1\Dennis\PROGRA~1\igus 2007-06-14 00:26 94636 --a------ C:\WINDOWS\dropcpyr.dll 2007-06-14 00:26 73728 --a------ C:\WINDOWS\copyfstq.exe 2007-06-07 14:08 --------- d-------- C:\Programfiler\Graffiti Studio 2.0 2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-15 18:57 75544 --a------ C:\WINDOWS\system32\perfc014.dat 2007-05-15 18:57 417374 --a------ C:\WINDOWS\system32\perfh014.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-02 16:24] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "Resume copy"="copyfstq.exe" [2007-06-14 00:26 C:\WINDOWS\copyfstq.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\programfiler\steam\steam.exe" [2007-06-28 17:37] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-07-02 21:26] "µTorrent"="C:\Programfiler\uTorrent\utorrent.exe" [2006-07-02 18:29] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [2007-01-29 18:34] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Synchronizer.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20] Launchy.lnk - C:\Programfiler\Launchy\Launchy.exe [2007-02-25 22:07:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" R0 Imagedrv;Imagedrv;C:\WINDOWS\system32\DRIVERS\imagedrv.sys R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 SASDIFSV;SASDIFSV;\??\C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys R3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys R3 SASENUM;SASENUM;\??\C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys S3 MPE;BDA MPE-filter;C:\WINDOWS\system32\DRIVERS\MPE.sys S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR S3 NetTimeSvc;NetTime;C:\Programfiler\NetTime\NeTmSvNT.exe S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4024a742-9fe6-11db-bd7c-806d6172696f}] AutoRun\command- D:\Run.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b2a742c-d137-11db-8b53-0016e6d59342}] AutoRun\command- N:\Autorun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 02:24:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14A07496-5C12-4877-3ADE-B52F2F57633B}] "bbogfmojbfhijmjcjljjhciiohfnoepmfnib"=hex:69,61,63,65,6d,6a,6d,62,70,61,6d,6c,68,6e,6c,64,63,69,00,00 "abifhcmlgeoleifiipllpieikgmldbahlh"=hex:69,61,63,65,6d,6a,6d,62,70,61,6d,6c,68,6e,6c,64,63,69,00,00 "iaogfmojbfhijmjcjl"=hex:61,61,00,00 "haifhcmlgeoleifi"=hex:61,61,00,00 "iacgnpfdiemocegihe"=hex:61,61,00,00 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice] "ImagePath"="\"C:\Programfiler\Lavasoft\Ad-Aware Pro\aawservice.exe\"" Completion time: 2007-08-03 2:24:48 C:\ComboFix-quarantined-files.txt ... 2007-08-03 02:24 C:\ComboFix2.txt ... 2007-08-03 00:21 --- E O F --- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå