Roger-Ramjet Skrevet 20. september 2007 Del Skrevet 20. september 2007 Heisann. Min søster har fått infisert sin nyinstallerte pc. Det frister ikke å formatere og installere alt på nytt, så håper noen kan hjelpe meg. Det dreier seg om Trojan.Winfixer og Vundo? Hvertfall det kjiipe som lager pop-ups hele tiden da man surfer. Har kjørt Vundo og fikk denne loggen: VundoFix V6.5.8 Checking Java version... Sun Java not detected Scan started at 20:01:09 20.09.2007 Listing files found while scanning.... C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\ycbeg.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\gebcy.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\gebcy.dll Has been deleted! Performing Repairs to the registry. Done! Kjørte Hijack etterpå: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:10:53, on 20.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Executive Software\Diskeeper\DkService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\programfiler\asus\pc probe ii\AsusProb.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Opdicom\OpdiTracker\OptT3STA.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Bente\Skrivebord\Test.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E9CEDE68-DD56-4702-82FD-1E4CDF079C98} - C:\WINDOWS\system32\gebcy.dll (file missing) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [ASUS Probe] c:\programfiler\asus\pc probe ii\AsusProb.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Programfiler\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Start OpdiTracker.lnk = C:\Programfiler\Opdicom\OpdiTracker\OptT3STA.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184334112375 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184342578656 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AE4C29-5BE4-41B5-B920-644D9B145059}: NameServer = 217.13.4.24,217.13.7.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF0E9B9-F5A0-4027-A915-EB5D055F7ACD}: NameServer = 217.13.4.24,217.13.7.140 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rqrpopq - rqrpopq.dll (file missing) O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 10025 bytes Hva skal jeg gjøre nå? Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 Da kan du kjøre HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {E9CEDE68-DD56-4702-82FD-1E4CDF079C98} - C:\WINDOWS\system32\gebcy.dll (file missing) O20 - Winlogon Notify: rqrpopq - rqrpopq.dll (file missing) O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing) HJT-loggen ser grei ut over dette, men la oss kjøre noen ekstra runder: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
Roger-Ramjet Skrevet 20. september 2007 Forfatter Del Skrevet 20. september 2007 Kjørte ny hijack. Removed filer som du sa :-) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:18:20, on 20.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Executive Software\Diskeeper\DkService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\programfiler\asus\pc probe ii\AsusProb.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Opdicom\OpdiTracker\OptT3STA.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\NAVW32.exe C:\Documents and Settings\Bente\Skrivebord\Test.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [ASUS Probe] c:\programfiler\asus\pc probe ii\AsusProb.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Programfiler\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Start OpdiTracker.lnk = C:\Programfiler\Opdicom\OpdiTracker\OptT3STA.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184334112375 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184342578656 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AE4C29-5BE4-41B5-B920-644D9B145059}: NameServer = 217.13.4.24,217.13.7.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF0E9B9-F5A0-4027-A915-EB5D055F7ACD}: NameServer = 217.13.4.24,217.13.7.140 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\Diskeeper\DkService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 10202 bytes Og her er combifix sin log: ComboFix 07-09-20.1 - "Bente" 2007-09-20 21:20:08.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1373 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 ))))))))))))))))))))))))))))))) . 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-20 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 20:19 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-20 20:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-20 20:19 <DIR> d-------- C:\DOCUME~1\Bente\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 20:02 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2007-09-20 20:02 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-09-20 20:02 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-09-20 20:02 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-09-20 19:50 <DIR> d-------- C:\VundoFix Backups 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-08-30 18:04 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-08-30 18:04 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-08-30 18:04 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-08-30 18:04 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Siste 2007-08-30 18:04 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-08-30 18:04 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-08-30 18:04 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-08-30 18:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-08-30 18:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-08-30 18:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-08-30 14:21 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-08-21 20:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy 2007-08-20 17:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 21:21 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2007-09-20 21:16 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-09-20 21:16 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-20 21:16 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-20 21:16 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-09-20 21:16 --------- d-------- C:\Programfiler\Symantec 2007-09-20 21:16 --------- d-------- C:\Programfiler\Norton Internet Security 2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-13 22:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec 2007-09-13 22:02 --------- d-------- C:\Programfiler\MSN Messenger 2007-08-17 21:35 --------- d-------- C:\Programfiler\ReaConverter 5.0 Pro 2007-08-16 18:48 --------- d-------- C:\Programfiler\Synology Assistant 2007-08-16 18:36 --------- d-------- C:\Programfiler\IrfanView 2007-08-15 12:37 --------- d-------- C:\DOCUME~1\Bente\PROGRA~1\CyberLink 2007-08-09 21:24 --------- d-------- C:\DOCUME~1\Bente\PROGRA~1\Skype 2007-07-31 21:59 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-07-31 21:45 --------- d-------- C:\Programfiler\Fellesfiler\PlayOnline 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-29 17:14 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-29 17:14 249856 --------- C:\WINDOWS\Setup1.exe 2007-07-26 22:30 --------- d-------- C:\Programfiler\Tablet 2007-07-26 22:18 --------- d-------- C:\Programfiler\Logitech 2007-07-26 22:17 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe 2007-07-26 22:17 --------- d-------- C:\Programfiler\Fellesfiler\Logitech 2007-07-26 21:50 --------- d-------- C:\Programfiler\Canon 2007-07-26 21:47 --------- d--h----- C:\DOCUME~1\ALLUSE~1\PROGRA~1\CanonBJ 2007-07-26 21:13 --------- d-------- C:\Programfiler\Opdicom 2007-07-26 21:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Opdicom 2007-07-26 20:09 --------- d-------- C:\Programfiler\Pro Imaging Powertoys 2007-07-26 20:09 --------- d-------- C:\Programfiler\Fellesfiler\Nikon 2007-07-26 19:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Adobe Systems 2007-07-26 19:47 --------- d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2007-07-14 13:06 94208 --a------ C:\WINDOWS\ScUnin.exe 2007-07-13 19:06 737280 --a------ C:\WINDOWS\iun6002.exe 2007-07-13 16:35 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-13 16:35 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-13 14:26 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2003-12-19 20:36 40960 --a------ C:\Programfiler\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-07-26 10:16 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 23:59] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-01-14 01:11] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "ASUS Probe"="c:\programfiler\asus\pc probe ii\AsusProb.exe" [2002-12-06 16:07] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "RemoteControl"="C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "DiskeeperSystray"="C:\Programfiler\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 19:53] "TotalRecorderScheduler"="C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-07-13 11:00] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "PDUiP6600DMon"="C:\Programfiler\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 09:35] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15] "LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2004-02-25 17:15] "LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2004-02-25 17:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-26 22:17:12] Start OpdiTracker.lnk - C:\Programfiler\Opdicom\OpdiTracker\OptT3STA.exe [2005-01-06 12:04:16] TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [2003-12-04 18:48:40] C:\DOCUME~1\Bente\START-~1\PROGRA~1\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Java SATARaid.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Java SATARaid.lnk backup=C:\WINDOWS\pss\Java SATARaid.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent] "C:\Programfiler\CyberLink DVD Solution\PowerVCR II\Agent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent] "C:\Programfiler\CyberLink DVD Solution\PowerVCR II\RemoteAgent.exe" R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S3 3Com_A02;3com Driver;C:\WINDOWS\system32\DRIVERS\3C254G50.sys S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys S3 w3304an5;WN3X0X Wireless Adapter;\??\C:\PROGRA~1\3Com\3COMOF~2\drivers\WINXP\w3304an5.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c84bd7c-3147-11dc-b085-806d6172696f}] AutoRun\command- Y:\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-08-27 18:25:20 C:\WINDOWS\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Bente.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 21:22:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-20 21:23:54 . --- E O F --- Jeg skjønner ikke så mye av alle disse tallene og linjene, men kjempefint at du hjelper meg. Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 Loggen(e) ser fine ut. Plages du fortsatt med popups? En runde med CCleaner eller diskopprydding bør man gjøre av og til. Det fjerne en del temp-filer og andre midlertidige filer. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker'. Lenke til kommentar
Roger-Ramjet Skrevet 20. september 2007 Forfatter Del Skrevet 20. september 2007 Takk Nå er det ikke popups eller noe trojaner warninger Kjempebra. Da håper jeg dette går ei stund til. Takk så mye Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 (endret) Vel, det var du som gjorde jobben (vundofix) Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt! Edit: Hvis du ikke har noe eget antispywareprogram, anbefaler jeg SuperAntispyware (free) Den kan hentes her: SAS. installer, oppdater og kjør en full (Complete) scan. Endret 20. september 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå