tmg Skrevet 15. august 2007 Del Skrevet 15. august 2007 Spiller World of Warcraft, som tydligvis har lagt inn no detect virus osv. Når jeg åpner det får jeg medling om at jeg har fått "Backdoor.Win32.Bifrose.aej" på pcen og det anbefales ikke å logge inn. Har kjørt AVG, Spybot - Search and destroy, Ad-aware SE personal og scanner nu med Superantispyware. "Backdoor.Win32.Bifrose.aej" er visst en trojaner som er så vennlig at det skaffer meg fler virus, helt uten at jeg ber om det. De forskjellige scannene jeg har kjørt har alle funnet forskjellig drit på pcen, noe spyware, noe ad-aware og noen virus som heter "trojaner.backdoor.xxx" og lignende. Men WoW advarer meg fortsatt om at jeg har "Backdoor.Win32.Bifrose.aej" når jeg åpner det, så jeg har tydligvis ikke funnet riktig trojaner. Hva skal jeg gjøre videre? Lenke til kommentar
Thor. Skrevet 15. august 2007 Del Skrevet 15. august 2007 Wow har faktisk support på dette viruset. link. Der står det hvordan du fjerner viruset Lenke til kommentar
tmg Skrevet 15. august 2007 Forfatter Del Skrevet 15. august 2007 Yes, det står at AVG tar det. Oppdaterte AVG, kjørte det, fant et par virus som jeg sletta. Starta wow igjen for å se om det fortsatt advarte meg, og det gjorde det. Lenke til kommentar
johome Skrevet 15. august 2007 Del Skrevet 15. august 2007 (endret) Jeg vet ikke hva slags antivirusprogram du bruker. Hvis du ikke har noe kan du jo laste ned Avira . Oppdater programmet. Restart maskinen og start opp i sikker modus (Trykk F8 under oppstart ). Scan med Avira. Fjern trojaneren. Edit. Ser at du har postet like før jeg skrev innlegget. Du må scanne i sikker modus. Hvis ikke er det ikke sikkert at du klarer å fjerne trojaneren. Endret 15. august 2007 av johome Lenke til kommentar
Thor. Skrevet 15. august 2007 Del Skrevet 15. august 2007 Gunnar: Prøv å restarte maskinen ette rat du har "fjerna det". Kanskje det er noe som henger igjen. Ellers kan du prøve å scanne i sikkermodus. Lenke til kommentar
tmg Skrevet 15. august 2007 Forfatter Del Skrevet 15. august 2007 (endret) Ok, sikker modus. AVG kan gjøre jobben i sikker modus, eller må jeg bruke Avira? Edit: Scannet i sikkermodus med både AVG og Ad-aware SE, men ingen av dem fant noe som helst. Verken spyware eller trojanern min, eller noe som helst annet virus. WoW gir meg fortsatt beskjed om at denne backdor saken er på pcen. Endret 15. august 2007 av Tor-Gunnar Lenke til kommentar
norbat Skrevet 15. august 2007 Del Skrevet 15. august 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Den kan fortelle om det evt. ligger noe på pc'n som ikke bør være der. Lenke til kommentar
tmg Skrevet 15. august 2007 Forfatter Del Skrevet 15. august 2007 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:49:24, on 15.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSI\Core Center\CoreCenter.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tor-Martin\Skrivebord\Tor-Martin\Ny mappe\World of Warcraft\WoW.exe C:\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb106\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb106\Dealio.dll O4 - HKLM\..\Run: [LiveMonitor] --C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] --KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] --RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] --SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] --"C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKCU\..\Run: [CTFMON.EXE] --C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] --C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [skype] --"C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] --"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] --C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [steam] --"c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb106\res\DealioSearch.html O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb106\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Messenger Sharing Folders USN Journal Reader-tjeneste (usnjsvc) - Unknown owner - --"C:\Programfiler\MSN Messenger\usnsvc.exe" (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - --"C:\Programfiler\Windows Media Player\WMPNetwk.exe" (file missing) -- End of file - 5290 bytes Der er loggfila. Lenke til kommentar
norbat Skrevet 15. august 2007 Del Skrevet 15. august 2007 Loggen din ser fin ut. En annen variant: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
tmg Skrevet 15. august 2007 Forfatter Del Skrevet 15. august 2007 Klikk for å se/fjerne innholdet nedenfor ComboFix 07-08-14.4 - "Tor-Martin" 2007-08-15 20:32:00.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.627 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 ))))))))))))))))))))))))))))))) 2007-08-15 18:48 396,288 --a------ C:\HijackThis.exe 2007-08-15 14:31 6,784 --a------ C:\WINDOWS\nvoclock.sys 2007-08-15 14:31 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll 2007-08-15 14:31 53,248 --a------ C:\WINDOWS\nvgpio.dll 2007-08-15 14:31 499,712 --a------ C:\WINDOWS\msvcp71.dll 2007-08-15 14:31 45,056 --a------ C:\WINDOWS\NTuneGpu.dll 2007-08-15 14:31 380,928 --a------ C:\WINDOWS\nvsulib.dll 2007-08-15 14:31 352,256 --a------ C:\WINDOWS\ntuneoem.dll 2007-08-15 14:31 348,160 --a------ C:\WINDOWS\msvcr71.dll 2007-08-15 14:31 217,088 --a------ C:\WINDOWS\NVGfxOgl.dll 2007-08-15 14:31 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll 2007-08-15 14:31 11,264 --a------ C:\WINDOWS\nvoclk64.sys 2007-08-15 14:31 1,060,864 --a------ C:\WINDOWS\MFC71.dll 2007-08-15 14:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-15 13:43 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-15 13:43 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-08-15 13:43 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-08-15 13:43 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-08-15 13:43 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Siste 2007-08-15 13:43 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-08-15 13:43 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-08-15 13:43 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-08-15 13:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-08-15 13:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-08-15 13:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-08-15 12:51 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-08-15 12:51 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-15 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-15 12:38 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-15 11:27 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\PROGRA~1\Lavasoft 2007-08-15 11:13 20,992 --a------ C:\qnclqtp.exe 2007-08-15 11:13 <DIR> d-------- C:\Programfiler\Dealio 2007-08-15 11:12 <DIR> d-------- C:\WINDOWS\Web Download 2007-08-15 02:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-15 01:51 <DIR> d-------- C:\kav 2007-08-15 00:21 <DIR> d-------- C:\Programfiler\uTorrent 2007-08-15 00:21 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\PROGRA~1\uTorrent 2007-08-15 00:14 1,152 --a------ C:\WINDOWS\mozver.dat 2007-08-14 16:18 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\PROGRA~1\vlc 2007-08-14 16:03 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\Shared 2007-08-14 16:02 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\PROGRA~1\FrostWire 2007-08-14 16:02 <DIR> d-------- C:\DOCUME~1\TOR-MA~1\Incomplete 2007-08-14 15:57 <DIR> d-------- C:\Programfiler\FrostWire 2007-08-14 11:16 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2007-08-14 11:16 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-08-14 11:16 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys 2007-08-14 11:16 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-08-14 11:16 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys 2007-08-14 11:16 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-08-14 11:16 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys 2007-08-14 11:16 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-08-14 11:16 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2007-08-14 11:16 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-08-14 11:16 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys 2007-08-14 11:16 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-08-14 11:16 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-08-14 11:16 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys 2007-08-14 11:16 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-08-14 11:16 172,416 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys 2007-08-14 11:16 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-08-14 11:16 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys 2007-08-14 11:16 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-08-14 11:16 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2007-08-14 11:15 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-08-14 11:15 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-08-14 11:15 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-08-14 11:15 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2007-08-14 11:15 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-08-14 11:15 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys 2007-08-14 11:15 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-08-14 11:15 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2007-08-14 11:15 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys 2007-08-14 11:15 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-08-14 11:15 4,271,616 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-08-14 11:15 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll 2007-08-14 11:15 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-08-14 11:15 364,544 -r------- C:\WINDOWS\RtlUpd.exe 2007-08-14 11:15 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-08-14 11:15 2,158,592 -r------- C:\WINDOWS\MicCal.exe 2007-08-14 11:15 16,206,848 -r------- C:\WINDOWS\RTHDCPL.exe 2007-08-14 11:15 1,448,960 --a------ C:\WINDOWS\SkyTel.exe 2007-08-14 11:15 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2007-08-14 11:15 <DIR> d-------- C:\Programfiler\Realtek 2007-08-14 10:19 <DIR> d-------- C:\Programfiler\Intel 2007-08-14 09:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-14 09:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-08-14 09:13 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-14 09:12 74,240 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll 2007-08-14 09:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-14 09:11 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-08-14 09:11 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-08-14 09:11 85,020 --a--c--- C:\WINDOWS\system32\dllcache\dgsetup.dll 2007-08-14 09:11 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-08-14 09:11 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-08-14 09:11 8,704 --a--c--- C:\WINDOWS\system32\dllcache\batt.dll 2007-08-14 09:11 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-08-14 09:11 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-08-14 09:11 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdhept.dll 2007-08-14 09:11 774,144 --a--c--- C:\WINDOWS\system32\dllcache\spttseng.dll 2007-08-14 09:11 77,824 --a--c--- C:\WINDOWS\system32\dllcache\spcommon.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 02:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-08-14 02:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-08-14 02:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-08-14 01:27 8738 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-08-14 01:27 2072 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-06-26 16:15 658432 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 08:10 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:33 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-14 20:11 96768 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-14 20:11 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-14 20:11 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-14 20:11 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-14 20:11 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-14 20:11 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-14 20:11 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-14 20:11 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-14 20:11 3079680 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-14 20:11 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-14 20:11 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-14 20:11 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-14 20:11 151552 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-14 20:11 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-14 20:11 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-14 20:11 1054720 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-14 20:11 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-13 15:24 38781 ---h----- C:\WINDOWS\system\avg.exe 2007-06-13 15:24 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 15:24 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll 2007-05-17 13:30 549376 --a--c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="--C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [] "Kernel and Hardware Abstraction Layer"="--KHALMNPR.EXE" [] "RTHDCPL"="--RTHDCPL.EXE" [] "SkyTel"="--SkyTel.EXE" [] "SunJavaUpdateSched"="--C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-15 00:31] "au"="C:\Programfiler\Dealio\DealioAU.exe" [2007-06-27 12:46] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="--C:\WINDOWS\system32\ctfmon.exe" [] "StartCCC"="--C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [] "Skype"="--C:\Programfiler\Skype\Phone\Skype.exe" [] "MsnMsgr"="--C:\Programfiler\MSN Messenger\MsnMsgr.exe" [] "SpybotSD TeaTimer"="--C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [] "Steam"="--c:\programfiler\steam\steam.exe" [] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ CoreCenter.lnk - C:\Programfiler\MSI\Core Center\CoreCenter.exe [2007-08-15 14:31:14] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-14 02:32:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoClose"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys R3 PCAlertDriver;PCAlertDriver;\??\C:\Programfiler\MSI\Core Center\NTGLM7X.sys R3 RushTopDevice;RushTopDevice;\??\C:\Programfiler\MSI\Core Center\RushTop.sys S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys *Newly Created Service* - PCALERTDRIVER [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02850935-D07E-9967-D513-57B2258D18C7}] C:\WINDOWS\system\avg.exe s ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-15 20:33:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\PROGRA~1\MOZILL~1\firefox.exe [2376] 0x865301F8 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-15 20:34:03 C:\ComboFix-quarantined-files.txt ... 2007-08-15 20:34 C:\ComboFix2.txt ... 2007-08-15 12:42 --- E O F --- Der er ComboFix loggen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå