Betenkt Skrevet 7. september 2007 Del Skrevet 7. september 2007 (endret) I siste versjon a Firefox har jeg lutselig fått en ny startisde som endrer seg til IMtools.org hele tiden! Kjørt TrendMicro, CCcleaner, AVG Anti-Spyware, AdWare SE og CWShredder. Ingenting fungerer.. Endret 11. september 2007 av Webmaster Esso Lenke til kommentar
norbat Skrevet 7. september 2007 Del Skrevet 7. september 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Betenkt Skrevet 7. september 2007 Forfatter Del Skrevet 7. september 2007 (endret) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:23:10, on 08.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\usbtapnp.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\jwlwzv\svchost.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\valve\steam\steam.exe C:\Program Files\UltraMon\UltraMon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Last.fm\LastFM.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Creative\ZENcast Organizer\CTZenCu.exe D:\Documents and Settings\Stein-Otto Svorstøl.D52J4L2J\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe D:\Documents and Settings\Stein-Otto Svorstøl.D52J4L2J\My Documents\Hijack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....c=ie&l=en&s=gen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [uSBTA] C:\WINDOWS\system32\usbtapnp.exe O4 - HKLM\..\Run: [spark2] C:\WINDOWS\system32\jwlwzv\spark2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\jwlwzv\spark2.exe O4 - HKCU\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10550 bytes Endret 7. september 2007 av Webmaster Esso Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Er Spark2 noe du kjenner til? (C:\WINDOWS\system32\jwlwzv\spark2.exe ) Hent Smitfraudfix, legg det på skrivebordet. Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 1 (søk). Resultatet kommer i form av en logg. Kunne du postet den? Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Er Spark2 noe du kjenner til?(C:\WINDOWS\system32\jwlwzv\spark2.exe ) Hent Smitfraudfix, legg det på skrivebordet. Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 1 (søk). Resultatet kommer i form av en logg. Kunne du postet den? 9450340[/snapback] Død link? Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Smitfraudfix-linken? Den virker fin herfra, men prøv denne: http://siri.urz.free.fr/Fix/SmitfraudFix.exe Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Smitfraudfix-linken?Den virker fin herfra, men prøv denne: http://siri.urz.free.fr/Fix/SmitfraudFix.exe 9452028[/snapback] Den fungerer... Ordne snart.. Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Smitfraudfix-linken?Den virker fin herfra, men prøv denne: http://siri.urz.free.fr/Fix/SmitfraudFix.exe 9452028[/snapback] Den fungerer... Ordne snart.. 9453357[/snapback] Får ikke opp menyen. Har delt harddisk, har en del Ubuntu også... kanskje det er grunnen? Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 - du må kjøre programmet fra sikker modus. Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Er det ikke en måte man kan starte sikker fra vanlig Windows slik at det blir sikker ved omstart? Kan jeg ikke searche i vanlig modus? Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Jo, du kan stille inn pc'n til å starte i sikker modus: Klikk: Start -> Kjør Skriv: msconfig Velg arkfanen: Boot.ini Under oppstartsalternativer avhuker du: /SAFEBOOT Klikk: OK Restart pc. Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 (endret) Done! SmitFraudFix v2.221 Scan done at 22:03:10,53, 08.09.2007 Run from D:\Documents and Settings\Stein-Otto Svorstol.D52J4L2J\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Stein-Otto Svorstol.D52J4L2J »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Stein-Otto Svorstol.D52J4L2J\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\STEIN-~1.D52\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87D1F5F9-3241-4831-9028-CEB28EFD24F6}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87D1F5F9-3241-4831-9028-CEB28EFD24F6}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Aldri hørt om: Er Spark2 noe du kjenner til?(C:\WINDOWS\system32\jwlwzv\spark2.exe ) Endret 8. september 2007 av Webmaster Esso Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 (endret) Smitfraudfix-logg ok. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\jwlwzv\spark2.exe C:\WINDOWS\system32\jwlwzv\svchost.exe Folders to delete: C:\WINDOWS\system32\jwlwzv Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Endret 8. september 2007 av norbat Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Smitfraudfix-logg ok. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\jwlwzv\spark2.exe C:\WINDOWS\system32\jwlwzv\svchost.exe Folders to delete: C:\WINDOWS\system32\jwlwzv Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. 9454716[/snapback] Det nettstedet ble stoppet av TrendMicro? :S Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Ok, men bare fjern disse filene vha. Avenger. (Jeg oppdaterte da jeg har vært borti denne spark2.exe-fila før ) Etterpå poster du en ny hjt-logg, så ser vi om det ligger noe mer der. Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Ok, men bare fjern disse filene vha. Avenger. (Jeg oppdaterte da jeg har vært borti denne spark2.exe-fila før ) Etterpå poster du en ny hjt-logg, så ser vi om det ligger noe mer der. 9454758[/snapback] Fikk bare opp en masse drit på starten (cmd der det står at den mangler noen boot-greier) og deretter den samma gamle imtools :@ Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Skjønte ikke det siste du skrev, men har du lastet ned Avenger og lagt inn: Files to delete: C:\WINDOWS\system32\jwlwzv\spark2.exe C:\WINDOWS\system32\jwlwzv\svchost.exe Folders to delete: C:\WINDOWS\system32\jwlwzv Hvis, post ny hjt-logg Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:12:13, on 08.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\usbtapnp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\valve\steam\steam.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....c=ie&l=en&s=gen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [uSBTA] C:\WINDOWS\system32\usbtapnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\jwlwzv\spark2.exe O4 - HKCU\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10065 bytes Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\jwlwzv\spark2.exe Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (vanligvis c:\combofix.txt) og fortell hvordan det går med IMtools.org Lenke til kommentar
Betenkt Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 (endret) Driten er der fortsatt ComboFix 07-09-08.7 - "Stein-Otto Svorstol" 2007-09-09 0:25:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1310 [GMT 2:00] . ((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 ))))))))))))))))))))))))))))))) . 2007-09-09 00:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-08 22:46 0 --a------ C:\backup.reg 2007-09-08 22:44 126,976 --a------ C:\zip.exe 2007-09-08 21:59 <DIR> d-------- C:\WINDOWS\pss 2007-09-08 20:43 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-08 20:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-08 20:43 5,654 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-08 20:43 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-08 20:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-08 10:45 <DIR> dr------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\SpaceTime 3D 2007-09-08 09:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-09-07 23:57 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Lavasoft 2007-09-07 23:51 <DIR> d-------- C:\Program Files\Lavasoft 2007-09-07 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-07 19:29 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Builder 2007-09-07 19:17 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\qliner 2007-09-07 19:13 <DIR> d-------- C:\Program Files\Qliner Hotkeys 2007-09-07 19:11 <DIR> d-------- C:\Program Files\File Commander 2007-09-07 14:29 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-09-07 14:29 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-09-06 15:12 <DIR> d-------- C:\Program Files\SHOUTcast 2007-09-06 14:43 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Thunderbird 2007-09-06 14:42 <DIR> d-------- C:\Program Files\Eudora 2007-09-06 14:32 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-09-06 14:32 <DIR> d-------- C:\Program Files\Windows Live 2007-09-06 14:31 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-09-06 14:31 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-09-05 17:12 <DIR> d-------- C:\Program Files\UltraMon 2007-09-05 16:26 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Realtime Soft 2007-09-05 16:26 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Realtime Soft 2007-09-05 16:26 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2007-09-03 16:04 <DIR> d-------- C:\Nyno31 2007-09-03 15:29 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\VSRevoGroup 2007-09-03 15:01 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-09-03 15:01 <DIR> d-------- C:\Program Files\Winamp 2007-09-03 14:31 <DIR> d-------- C:\Program Files\VS Revo Group 2007-09-01 02:01 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-09-01 00:56 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Apple Computer 2007-08-31 19:31 <DIR> d-------- C:\Program Files\EA Games 2007-08-25 10:16 <DIR> d-------- C:\Program Files\Ashampoo 2007-08-21 21:06 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-21 21:06 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-21 21:06 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2007-08-21 21:06 <DIR> d-------- C:\Program Files\Google 2007-08-21 21:05 <DIR> d-------- C:\Program Files\Picasa2 2007-08-19 18:18 <DIR> d-------- C:\Program Files\EA SPORTS 2007-08-18 18:08 <DIR> d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Opera 2007-08-14 20:29 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2007-08-14 20:29 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2007-08-14 20:29 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2007-08-14 20:29 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2007-08-13 13:13 <DIR> d-------- C:\TempDVD 2007-08-09 11:17 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-08 23:13 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Xfire 2007-09-08 22:14 --------- d-------- C:\Program Files\Trend Micro 2007-09-07 14:25 --------- d-------- C:\Program Files\Xfire 2007-09-06 22:05 --------- d-------- C:\Program Files\Joost 2007-09-06 14:55 --------- d--h----- C:\Program Files\Creative Installation Information 2007-09-06 14:54 --------- d-------- C:\Program Files\Creative 2007-09-06 14:53 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative 2007-09-06 14:31 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-09-03 16:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-03 14:56 --------- d-------- C:\Program Files\Last.fm 2007-08-23 07:18 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Azureus 2007-08-14 20:29 --------- d-------- C:\Program Files\Logitech 2007-08-14 20:29 --------- d-------- C:\Program Files\Common Files\Logitech 2007-08-10 23:45 --------- d-------- C:\Program Files\Azureus 2007-08-09 11:27 --------- d-------- C:\Program Files\QuickTime 2007-08-09 11:23 --------- d-------- C:\Program Files\Apple Software Update 2007-08-08 21:20 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Ventrilo 2007-08-07 17:04 --------- d-------- C:\Program Files\Ventrilo 2007-08-07 17:03 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 10:52 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire 2007-08-01 22:34 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Hewlett-Packard 2007-08-01 22:30 --------- d-------- C:\Program Files\Hewlett-Packard 2007-08-01 22:30 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-26 20:50 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\Joost 2007-07-26 20:45 --------- d-------- C:\Program Files\Codemasters 2007-07-19 08:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 11:26 --------- d-------- C:\Program Files\LimeWire 2007-07-16 23:22 --------- d-------- D:\DOCUME~1\STEIN-~1.D52\APPLIC~1\LimeWire 2007-07-13 01:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 16:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 17:56 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-06-20 20:45 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 12:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 14:03] "nwiz"="nwiz.exe" [2006-03-21 14:03 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-03-21 14:03 C:\WINDOWS\system32\nvhotkey.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 20:51] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05] "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-04 00:43] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 17:32] "USBTA"="C:\WINDOWS\system32\usbtapnp.exe" [2002-03-22 20:43] "InputSet"="" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "00Hotkeys"="C:\Program Files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 02:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00] "Steam"="c:\program files\valve\steam\steam.exe" [2007-07-02 14:19] "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27] D:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 20:28:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"=1 (0x1) R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys R3 DUSBTAWAN;D-Link DU-128TA+ NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys R3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys S3 idrmkl;idrmkl;\??\D:\DOCUME~1\STEIN-~1.D52\LOCALS~1\Temp\idrmkl.sys S3 mDTA128;D-Link DU-128TA+;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\CD.EXE *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-06 09:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-01 20:34:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186000442.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-09 00:27:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [12348] 0x88A4B020 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys" . Completion time: 2007-09-09 0:28:25 . --- E O F --- Endret 8. september 2007 av Webmaster Esso Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå