Tore Skrevet 5. oktober 2007 Del Skrevet 5. oktober 2007 (endret) Hei, da har jeg en merkelig greie som begynner å irritere... veldig... ved ujevne mellomrom så åpner Firefox seg å går til siden nevnt i tittelen, i tillegg så flytter musepekeren seg til midten av skjermen, dette er meget irriterende med at jeg spiller endel å da lukkes store spillet å firefox starter å jeg kommer ikke inn på spillet igjen... Og når jeg står opp om morgenen er 6-15sider med "diymov.com" åpnet å venter på meg... Det er ikke noe problemer utenom at dette tar over PC-en å flytter musepekeren ved ugjevne mellomrom... Mener dette kom med et program som gjorde konvertering av filmer til PS3 støttede formater, fungerte fint det, men dette startet ikke lenge etterpå... Alle spor av programmet (jeg har funnet) er fjernet... Har kjørt Avast Home 4.7, Ad-aware, Spybot S&D, SAS og highJackThis uten å se noe... Enest at SAS mente File item : Adaware.Tracing Cookie var skumle saker, fjernet denne... Håper et trent øye kan avse et øye eller to til den siste HJT loggen... Eller komme med forslag til hva jeg kan prøve... lsass.exe? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 22:42:53, on 05.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\Oplmsb01.exe C:\WINDOWS\temp\lsass.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Lovlig Programmer\HighJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BRUK FIREFOX.! O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100 O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\temp\lsass.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) Endret 6. oktober 2007 av Scorpioen84 Lenke til kommentar
jennnereer Skrevet 5. oktober 2007 Del Skrevet 5. oktober 2007 Hei, da har jeg en merkelig greie som begynner å irritere... veldig... ved ujevne mellomrom så åpner Firefox seg å går til siden nevnt i tittelen, i tillegg så flytter musepekeren seg til midten av skjermen, dette er meget irriterende med at jeg spiller endel å da lukkes store spillet å firefox starter å jeg kommer ikke inn på spillet igjen... Og når jeg står opp om morgenen er 6-15sider med "diymov.com" åpnet å venter på meg... Det er ikke noe problemer utenom at dette tar over PC-en å flytter musepekeren ved ugjevne mellomrom... Mener dette kom med et program som gjorde konvertering av filmer til PS3 støttede formater, fungerte fint det, men dette startet ikke lenge etterpå... Alle spor av programmet (jeg har funnet) er fjernet... Har kjørt Avast Home 4.7, Ad-aware, Spybot S&D, SAS og highJackThis uten å se noe... Enest at SAS mente File item : Adaware.Tracing Cookie var skumle saker, fjernet denne... Håper et trent øye kan avse et øye eller to til den siste HJT loggen... Eller komme med forslag til hva jeg kan prøve... lsass.exe? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 22:42:53, on 05.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\Oplmsb01.exe C:\WINDOWS\temp\lsass.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Lovlig Programmer\HighJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BRUK FIREFOX.! O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100 O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\temp\lsass.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) 9645277[/snapback] Hadde selv problemer med et spywareprogram som flere ganger poppet opp når jeg surfet. Brukte Lavasoft's AdAware og fjernet programmet. Kom alltid opp en liten boks hvor det stod noe om at det var spor etter alle "voksensider du har besøkt" Verdt et forsøk. Lavasoft.com Lenke til kommentar
norbat Skrevet 5. oktober 2007 Del Skrevet 5. oktober 2007 (endret) Last ned SDFix.exe. Pakk ut programmet. Restart i sikker modus (tapp f8 under oppstart) Kjør RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) som du poster Edit: lsass.exe filen i temp-mappa er nok en luring her ja SDFix vil fjerne den. Endret 5. oktober 2007 av norbat Lenke til kommentar
Tore Skrevet 5. oktober 2007 Forfatter Del Skrevet 5. oktober 2007 Her er SDFix logg. Klikk for å se/fjerne innholdet nedenfor SDFix: Version 1.107 Run by Desktop on 05.10.2007 at 22:56 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\Temp\lsass.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\racer\\racer.exe"="C:\\Program Files\\racer\\racer.exe:*:Enabled:racer" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\day of defeat source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life 2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Documents and Settings\\Desktop\\Desktop\\counter strike\\hl.exe"="C:\\Documents and Settings\\Desktop\\Desktop\\counter strike\\hl.exe:*:Disabled:Half-Life Launcher" "C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application" "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla" "C:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"="C:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe:*:Enabled:FlatOut2" "C:\\Program Files\\Soldat\\Soldat.exe"="C:\\Program Files\\Soldat\\Soldat.exe:*:Enabled:Soldat" "C:\\Program Files\\MicroStar\\WLANUtility\\APUtility.exe"="C:\\Program Files\\MicroStar\\WLANUtility\\APUtility.exe:*:Enabled:APUtility Configs AP " "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\race\\Race_Steam.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\race\\Race_Steam.exe:*:Enabled:Race" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\BitGrabber\\BitGrabber.exe"="C:\\Program Files\\BitGrabber\\BitGrabber.exe:*:Enabled:Torrent P2P application" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\half-life\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM" "C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"="C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe:*:Enabled:Avid Editor" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\source sdk base\\hl2.exe:*:Enabled:hl2" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console" "C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"="C:\\Program Files\\TVersity\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server" "C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\Scorpioen84\\team fortress 2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Finished! Ser lsass.exe er markert som trojan å fjernet.! (nevnte jo den i første post) Skal jeg lage restorepoint nå.? Først se om det faktisk har sluttet med tullet kanskje... Takk så lenge o'spywarefrie norbat oraklet Lenke til kommentar
norbat Skrevet 5. oktober 2007 Del Skrevet 5. oktober 2007 Vi kan slette alle restore-punkt etterpå..... Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Tore Skrevet 5. oktober 2007 Forfatter Del Skrevet 5. oktober 2007 (endret) Oppdattert combofix-logg Klikk for å se/fjerne innholdet nedenfor ComboFix 07-10-05.3 - Desktop 2007-10-06 0:36:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1473 [GMT 2:00] Running from: C:\Documents and Settings\Desktop\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-06 00:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-05 22:56 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-05 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-05 22:21 <DIR> d-------- C:\Documents and Settings\Desktop\Application Data\SUPERAntiSpyware.com 2007-10-05 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-09-29 23:13 <DIR> d-------- C:\Program Files\PowerISO 2007-09-26 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision 2007-09-26 22:42 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-09-26 22:42 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-09-26 22:42 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared 2007-09-08 22:05 <DIR> d-------- C:\Documents and Settings\Desktop\Application Data\DVD Profiler 2007-09-08 22:01 <DIR> d-------- C:\Program Files\DVD Profiler . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-05 23:11 --------- d-------- C:\Program Files\Steam 2007-10-05 22:54 --------- d-------- C:\Documents and Settings\Desktop\Application Data\uTorrent 2007-10-05 22:21 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-04 20:43 --------- d-------- C:\Documents and Settings\Desktop\Application Data\OpenOffice.org2 2007-09-29 23:18 --------- d-------- C:\Documents and Settings\Desktop\Application Data\dvdcss 2007-09-26 22:42 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-23 21:57 --------- d-------- C:\Program Files\Google 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-26 20:00 --------- d-------- C:\Program Files\TVersity 2007-08-15 23:36 --------- d-------- C:\Program Files\MSXML 6.0 2007-08-15 23:35 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-12 22:57 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-12 22:57 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-09 17:04 --------- d-------- C:\Documents and Settings\Desktop\Application Data\Media Player Classic 2007-08-09 16:34 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "PwrUpTweakMe"="C:\WINDOWS\system32\PuXpTwks.exe" [2004-06-12 18:51] "LanguageMonitor"="C:\WINDOWS\system32\Oplmsb01.exe" [2004-01-09 16:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-03-05 23:19] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-20 02:00:07] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoFavoritesMenu"=1 (0x1) "NoTrayContextMenu"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-06 00:37:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice] "ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe\"" . Completion time: 2007-10-06 0:38:08 . --- E O F --- Ikke skjedd noe tull på denne timen vertfall.... Endret 6. oktober 2007 av Scorpioen84 Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 (endret) Høres bra ut Den combofix-loggen så litt avstumpet ut. Ønsker gjerne å se starten på loggen + ny HJT-logg. Endret 6. oktober 2007 av norbat Lenke til kommentar
Tore Skrevet 6. oktober 2007 Forfatter Del Skrevet 6. oktober 2007 HJT logg.. Logg i post over er rettet, vet ikke hva som skjedde der.. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 13:20:29, on 06.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\Oplmsb01.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE E:\Lovlig Programmer\HighJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK O4 - HKLM\..\Run: [LanguageMonitor] C:\WINDOWS\system32\Oplmsb01.exe OKI B4100 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) Synes den ser meget ren & pen ut... Ikke kommet noen ting i løpet av natten heller... Lenke til kommentar
norbat Skrevet 6. oktober 2007 Del Skrevet 6. oktober 2007 (endret) Ser fint ut dette, Scorpioen84. (Du kan godt fjerne combofix og SDFix da du heller laster ned ny ved behov. Slett ComboFix.exe fila, C:\WINDOWS\nircmd.exe og C:\combofix.txt + SDFix-mappa og report.txt) Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Endret 6. oktober 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå