kunchun Skrevet 22. september 2007 Del Skrevet 22. september 2007 (endret) Noen som kan finne noe som ikke helt hører hjemme i denne hijack loggen? Sitter på LAN å jeg spammer virus.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:53:43, on 22.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\programfiler\steam\steam.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Ventrilo\Ventrilo.exe C:\mIRC\mirc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Opera\Opera.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentz.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [PKR Pal] "C:\Programfiler\PKR\pkrpal.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe -- End of file - 8903 bytes Endret 22. september 2007 av jubbe Lenke til kommentar
norbat Skrevet 22. september 2007 Del Skrevet 22. september 2007 HJT-loggen ser grei ut. Du kunne ha kjørt en sjekk med Combofix. Den kan kanskje fortelle litt mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
kunchun Skrevet 22. september 2007 Forfatter Del Skrevet 22. september 2007 ComboFix 07-09-21.2 - "Terje Juvstad" 2007-09-22 16:49:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.582 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\myglobalsearch C:\Programfiler\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Programfiler\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Programfiler\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Programfiler\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Programfiler\myglobalsearch\bar\Cache\000A1685.bin C:\Programfiler\myglobalsearch\bar\Cache\0201256A.bin C:\Programfiler\myglobalsearch\bar\Cache\03F1DA27 C:\Programfiler\myglobalsearch\bar\Cache\files.ini C:\Programfiler\myglobalsearch\bar\History\search C:\Programfiler\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))) . 2007-09-22 16:49 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-22 01:20 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-20 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-20 19:34 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 19:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 00:47 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Screenshot Sender 2007-08-28 21:47 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Locktime 2007-08-28 21:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Locktime 2007-08-27 22:22 <DIR> d-------- C:\Programfiler\SystemRequirementsLab 2007-08-27 22:22 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\SystemRequirementsLab 2007-08-26 18:40 <DIR> d-------- C:\Pron 2007-08-26 02:37 <DIR> d-------- C:\WINDOWS\pss 2007-08-26 02:30 3,580,832 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys 2007-08-26 02:30 22,560 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys 2007-08-26 02:30 195,360 --a------ C:\WINDOWS\system32\lvci1100.dll 2007-08-26 02:30 15,558 --a------ C:\WINDOWS\system32\Repository.reg 2007-08-26 02:30 1,921,184 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys 2007-08-26 02:28 <DIR> d-------- C:\Programfiler\Fellesfiler\LogiShrd 2007-08-26 02:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\LogiShrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 16:55 --------- d-------- C:\Programfiler\Steam 2007-09-22 00:27 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\uTorrent 2007-09-21 08:59 --------- d-------- C:\Programfiler\LimeWire 2007-09-20 19:34 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-19 07:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-09-19 00:09 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Hamachi 2007-09-18 13:24 --------- d-------- C:\Programfiler\PKR 2007-09-17 20:05 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-17 20:05 --------- d-------- C:\Programfiler\Sierra Entertainment 2007-09-17 16:12 --------- d-------- C:\Programfiler\Logitech 2007-09-17 16:12 --------- d-------- C:\Programfiler\Fellesfiler\Logitech 2007-09-14 01:00 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Microgaming 2007-09-14 00:22 --------- d-------- C:\Programfiler\PokerStars 2007-09-11 18:50 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Skype 2007-08-26 07:13 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs 2007-08-26 02:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Logitech 2007-08-25 23:12 --------- d-------- C:\Programfiler\TrackMania Nations ESWC 2007-08-25 18:08 --------- d-------- C:\Programfiler\Counter-Strike 1.6 2007-08-20 11:48 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Sports Interactive 2007-08-17 17:37 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\LinkChicSeek 2007-08-17 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\size two sect bold 2007-08-17 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Readme Live Axis Tons 2007-08-17 16:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Face Loud Mp3 Readme 2007-08-17 12:17 --------- d-------- C:\Programfiler\ffdshow 2007-08-17 12:17 --------- d-------- C:\Programfiler\AC3Filter 2007-08-17 12:16 --------- d-------- C:\Programfiler\Cliprex DVD Player Professional 2007-08-16 13:34 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\dvdcss 2007-08-14 16:37 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Real 2007-08-13 12:23 48640 --a------ C:\WINDOWS\mmfs.dll 2007-08-13 01:20 --------- d-------- C:\Programfiler\SurfNolimit 2007-08-10 00:52 --------- d-------- C:\Programfiler\Real 2007-08-10 00:52 --------- d-------- C:\Programfiler\Fellesfiler\xing shared 2007-08-10 00:52 --------- d-------- C:\Programfiler\Fellesfiler\Real 2007-08-05 02:10 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Pro Cycling Manager 2007 2007-08-04 11:52 --------- d-------- C:\Programfiler\Cyanide 2007-08-03 18:05 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Teleca 2007-08-03 05:53 --------- d-------- C:\Programfiler\LinkChicSeek 2007-07-27 00:12 --------- d-------- C:\Programfiler\Visual Pinball 2007-07-24 12:13 --------- d-------- C:\Programfiler\Guitar Pro 5 2007-07-03 03:03 139264 --a------ C:\WINDOWS\War3Unin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LGDCore"="C:\Programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31] "Launch LCDMon"="C:\Programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-08-10 00:52] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 11:33] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53] "PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2007-09-18 13:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Steam"="c:\programfiler\steam\steam.exe" [2007-09-19 14:27] "Start WingMan Profiler"="" [] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\DOCUME~1\TERJEJ~1\START-~1\PROGRA~1\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Programfiler\Save\Save.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\autoplay.exe . Contents of the 'Scheduled Tasks' folder "2007-09-22 14:00:02 C:\WINDOWS\Tasks\AFE730E49184A720.job" - c:\docume~1\terjej~1\progra~1\linkch~1\kind exit dvd.exe "2007-09-16 19:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-22 16:55:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-22 16:56:33 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-22 16:56 . --- E O F --- Lenke til kommentar
norbat Skrevet 23. september 2007 Del Skrevet 23. september 2007 Det ligger en Lop-infeksjon der, så du kan gjøre følgende: Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør deretter en full scan med SuperAntispyware: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post NoLop-loggen ( C:\NoLop.txt ) + SAS-loggen (preferences-statistics/logs) Lenke til kommentar
kunchun Skrevet 23. september 2007 Forfatter Del Skrevet 23. september 2007 Det ligger en Lop-infeksjon der, så du kan gjøre følgende: Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør deretter en full scan med SuperAntispyware: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post NoLop-loggen ( C:\NoLop.txt ) + SAS-loggen (preferences-statistics/logs) 9554279[/snapback] Skal gjøre det nå. Har kjørt superanti spyware scan flere ganger. SÅ har fått fjerna det som spamma viruset. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå