1915 Skrevet 8. september 2007 Del Skrevet 8. september 2007 https://www.diskusjon.no/index.php?showtopi...2entry9450612 denne tråden er det litt info om hvorfor jeg ikke får fjernet virus. ;P hjt log: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 11:21:31, on 08.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Winamp\winampa.exe C:\programfiler\powerstrip\pstrip.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\programfiler\valve\steam\steam.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\mIRC\mirc.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\VideoLAN\VLC\vlc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE G:\Install\VirusProg\hijackthis_sfx\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://network.adsmarket.com/click/imNxmY2...DRON_8709061045 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [imekrmig7.0] "C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" O4 - HKLM\..\Run: [iMSCMig] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32 O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\Bone 64.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [settings Help] C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{556D7AF6-E5C0-47B9-8823-8CE5E955F579}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Finn logg-filen ( C:\NoLop.txt ). Den poster du senere. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt), NoLop-loggen + ny HJT-logg Lenke til kommentar
1915 Skrevet 8. september 2007 Forfatter Del Skrevet 8. september 2007 ble ikke bedt om reboot på nolop Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-08.7 - "1915" 2007-09-08 15:34:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2477 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 ))))))))))))))))))))))))))))))) . 2007-09-08 15:33 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-08 15:33 106 --a------ C:\delete.bat 2007-09-08 15:29 <DIR> d-------- C:\Programfiler\AusLogics Disk Defrag 2007-09-08 11:37 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Creative 2007-09-08 11:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\nView_Profiles 2007-09-08 11:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\NVIDIA 2007-09-08 08:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy 2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Programdata 2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Maler 2007-09-08 08:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-09-07 07:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-07 07:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-07 07:18 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\SUPERAntiSpyware.com 2007-09-07 06:53 <DIR> dr-h----- C:\DOCUME~1\1915\Siste 2007-09-06 20:59 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\dvdcss 2007-09-06 18:22 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Ventrilo 2007-09-06 17:23 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\vlc 2007-09-06 17:16 <DIR> d-------- C:\Programfiler\Stop Test Film 2007-09-06 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\DRIVE EGGS COPY FRAG 2007-09-06 17:15 <DIR> d-------- C:\Programfiler\Windows Live 2007-09-06 17:15 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Stop Test Film 2007-09-06 17:00 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync 2007-09-06 17:00 <DIR> d-------- C:\Programfiler\Fellesfiler\L&H 2007-09-06 16:58 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-09-06 16:58 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.0 2007-09-06 16:57 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-09-06 16:57 <DIR> d-------- C:\Programfiler\Microsoft.NET 2007-09-06 16:57 <DIR> d-------- C:\Programfiler\Microsoft Works 2007-09-06 16:50 <DIR> d-------- C:\Programfiler\Valve 2007-09-06 14:21 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-09-06 14:20 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-09-06 14:20 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2007-09-06 14:20 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-09-06 14:20 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-09-06 14:20 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-09-06 14:20 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-09-06 14:20 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2007-09-06 14:20 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-09-06 14:20 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2007-09-06 14:20 <DIR> d-------- C:\Programfiler\DAEMON Tools 2007-09-06 14:19 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-09-06 14:19 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-09-06 14:19 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-09-06 14:18 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2007-09-06 14:18 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC 2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Programdata 2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-09-06 14:17 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Programdata 2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Start-meny 2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Start-meny 2007-09-06 14:17 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenter 2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Skrivere 2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Siste 2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Maler 2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\AndrMask 2007-09-06 14:17 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Maler 2007-09-06 14:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-09-06 14:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Skrivebord 2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritter 2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Skrivebord 2007-09-06 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritter 2007-09-06 14:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet 2007-09-06 14:04 <DIR> d-------- C:\Programfiler\Bonjour 2007-09-06 13:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2007-09-06 13:59 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer 2007-09-06 13:59 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\WinRAR 2007-09-06 13:58 <DIR> d-------- C:\Programfiler\ratDVD 2007-09-06 13:58 <DIR> d-------- C:\Programfiler\CDBurnerXP Pro 3 2007-09-06 13:57 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6637.sys 2007-09-06 13:57 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-06 13:13 <DIR> d-------- C:\Programfiler\Yahoo! 2007-09-06 13:13 <DIR> d-------- C:\Programfiler\PowerStrip 2007-09-06 13:13 <DIR> d-------- C:\Programfiler\PowerISO 2007-09-06 13:13 <DIR> d-------- C:\Programfiler\CCleaner 2007-09-06 13:12 <DIR> d-------- C:\Programfiler\ImgBurn 2007-09-06 13:12 <DIR> d-------- C:\Programfiler\BandwidthMeterPro 2007-09-06 13:12 <DIR> d-------- C:\Programfiler\Audacity 2007-09-06 13:12 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\BWMeterPro 2007-09-06 13:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2007-09-06 13:11 <DIR> d-------- C:\Program Files 2007-09-06 13:11 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Skype 2007-09-06 13:11 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Ahead 2007-09-06 13:10 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2007-09-06 13:10 <DIR> d-------- C:\Programfiler\VideoLAN 2007-09-06 13:10 <DIR> d-------- C:\Programfiler\Skype 2007-09-06 13:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Skype 2007-09-06 13:09 <DIR> d-------- C:\Programfiler\Winamp 2007-09-06 13:09 <DIR> d-------- C:\Programfiler\Nero 2007-09-06 13:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2007-09-06 13:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Nero 2007-09-06 13:08 1,152 --a------ C:\WINDOWS\mozver.dat 2007-09-06 13:06 <DIR> d-------- C:\DOCUME~1\1915\PROGRA~1\Screenshot Sender 2007-09-06 13:05 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-06 13:05 <DIR> d-------- C:\DOCUME~1\1915\Contacts 2007-09-06 13:04 <DIR> d-------- C:\Programfiler\mIRC 2007-09-06 13:03 <DIR> d-------- C:\Programfiler\Guitar Pro 4 2007-09-06 13:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Messenger Plus! 2007-09-06 12:59 <DIR> d-------- C:\Programfiler\Messenger Plus! Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 02:04 C:\WINDOWS\SkyTel.exe] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-09-06 12:57] "PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2005-06-28 21:15] "imekrmig7.0"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2003-07-14 22:57] "IMSCMig"="C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57] "CJIMETIPSYNC"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57] "PHIMETIPSYNC"="C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57] "IMJPMIG9.0"="C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2003-07-14 22:57] "COPY FRAG KEEP BLEH"="C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\Bone 64.exe" [2007-09-08 13:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "µTorrent"="C:\Programfiler\uTorrent\utorrent.exe" [2007-02-15 22:17] "BandwidthMeterPro"="C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe" [2006-10-09 08:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "Steam"="c:\programfiler\valve\steam\steam.exe" [2007-09-06 16:53] "Settings Help"="C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe" [2007-09-06 17:15] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ BTTray.lnk - C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe [2004-09-02 15:34:04] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programfiler\Winamp\winampa.exe R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys *Newly Created Service* - CATCHME *Newly Created Service* - RDPWD *Newly Created Service* - TDTCP . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-08 15:34:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-08 15:34:46 . --- E O F --- Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 15:35:52, on 08.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Eset\nod32kui.exe C:\programfiler\powerstrip\pstrip.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\programfiler\valve\steam\steam.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE G:\Install\VirusProg\hijackthis_sfx\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://network.adsmarket.com/click/imNxmY2...DRON_8709061045 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [imekrmig7.0] "C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" O4 - HKLM\..\Run: [iMSCMig] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Programfiler\Fellesfiler\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [iMJPMIG9.0] C:\PROGRA~1\FELLES~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32 O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\Bone 64.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [settings Help] C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{556D7AF6-E5C0-47B9-8823-8CE5E955F579}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
norbat Skrevet 8. september 2007 Del Skrevet 8. september 2007 Kjør HJT, og fix følgende linjer: O4 - HKLM\..\Run: [COPY FRAG KEEP BLEH] C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG\Bone 64.exe O4 - HKCU\..\Run: [settings Help] C:\DOCUME~1\1915\PROGRA~1\STOPTE~1\SOFT SIZE FIVE.exe Bruk utforsker til å finne og slett følgende mapper (i fet): C:\Documents and Settings\All Users\Programdata\DRIVE EGGS COPY FRAG C:\DOCUME~1\1915\PROGRA~1\STOPTE~1 (~1=forkortelse. Det skal ligge ei fil som heter SOFT SIZE FIVE.exe inni) Mulig du må sette på 'Vis skjulte filer og mapper' for å se mappene. Hvis du ikke får slettet dem fordi 'de er i bruk', må du ta dem fra Sikkermodus. Sjekk også for Rootkit ved å bruke Blacklight Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå