Ravenlord Skrevet 25. oktober 2007 Del Skrevet 25. oktober 2007 (endret) Holder på å fikse en pc for en jeg kjenner, den var godt infisert. HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:45:55, on 25.10.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\regsvr32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://no.yahoo.com/" target="_blank">http://no.yahoo.com/</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop</a> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: (no name) - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - <a href="http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab" target="_blank">http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab</a> O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bxsbang - {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll O21 - SSODL: ocgrep - {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10542 bytes Combofix ComboFix 07-10-25.4 - kyrre 2007-10-25 20:49:44.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.322 [GMT 2:00] Running from: F:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData.\bexkbelm.dll . ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-25 20:32 51,200 --a------ C:\Windows\NirCmd.exe 2007-10-25 20:30 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-25 20:04 <DIR> d-------- C:\Users\All Users\Lavasoft 2007-10-25 20:04 <DIR> d-------- C:\ProgramData\Lavasoft 2007-10-25 20:04 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-25 17:30 <DIR> d-------- C:\Program Files\CCleaner 2007-10-25 16:11 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-10-25 16:11 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-10-25 16:10 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\SUPERAntiSpyware.com 2007-10-25 16:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-25 16:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-25 16:08 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2007-10-25 16:08 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2007-10-22 13:05 <DIR> d-------- C:\Program Files\rdpwczkq 2007-10-22 12:58 284,160 --a------ C:\Windows\ocgrep.dll 2007-10-22 12:58 260,096 --a------ C:\Windows\bxsbang.dll 2007-10-22 12:58 107,520 --a------ C:\Windows\kthemup.exe 2007-10-18 18:54 0 --a------ C:\Windows\nsreg.dat 2007-10-18 18:53 <DIR> d-------- C:\Program Files\Real 2007-10-18 18:53 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-10-18 18:53 <DIR> d-------- C:\Program Files\Common Files\Real 2007-10-18 18:52 3,424 --a------ C:\Windows\mozver.dat 2007-10-18 17:49 <DIR> d-------- C:\Users\All Users\Adobe 2007-10-18 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-10-14 12:03 <DIR> d-a------ C:\Users\All Users\TEMP 2007-10-14 12:03 <DIR> d-a------ C:\ProgramData\TEMP 2007-10-14 12:02 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\SpinTop 2007-10-14 12:02 <DIR> d-------- C:\Program Files\Chessmaster Challenge 2007-10-11 12:43 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\AdobeUM 2007-10-11 03:02 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2007-10-11 03:02 737,792 --a------ C:\Windows\System32\inetcomm.dll 2007-10-11 03:02 84,480 --a------ C:\Windows\System32\INETRES.dll 2007-10-04 02:22 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\Symantec 2007-10-04 02:17 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-10-04 02:15 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2007-10-03 01:40 2,048 --a------ C:\Windows\System32\tzres.dll 2007-10-03 01:38 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2007-10-03 01:38 2,048 --a------ C:\Windows\System32\msxml3r.dll 2007-10-03 01:37 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2007-10-03 01:37 2,048 --a------ C:\Windows\System32\msxml6r.dll 2007-10-03 01:34 750,080 --a------ C:\Windows\System32\qmgr.dll 2007-10-03 00:49 <DIR> d-------- C:\Windows\PCHEALTH 2007-10-03 00:49 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-02 15:57 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2007-10-02 15:57 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2007-10-02 15:57 549,720 --a------ C:\Windows\System32\wuapi.dll 2007-10-02 15:57 80,896 --a------ C:\Windows\System32\wudriver.dll 2007-10-02 15:57 53,080 --a------ C:\Windows\System32\wuauclt.exe 2007-10-02 15:57 43,352 --a------ C:\Windows\System32\wups2.dll 2007-10-02 15:57 33,624 --a------ C:\Windows\System32\wups.dll 2007-10-02 15:56 163,000 --a------ C:\Windows\System32\wuwebv.dll 2007-10-02 15:56 31,232 --a------ C:\Windows\System32\wuapp.exe 2007-10-02 11:20 <DIR> d-------- C:\Program Files\Symantec 2007-10-02 11:13 <DIR> d-------- C:\Users\All Users\Telenor 2007-10-02 11:13 <DIR> d-------- C:\ProgramData\Telenor 2007-10-02 11:11 <DIR> d-------- C:\Program Files\Telenor . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-25 17:57 --------- d-----w C:\ProgramData\Symantec 2007-10-25 08:38 13,025 ----a-w C:\Users\kyrre\AppData\Roaming\nvModes.dat 2007-10-18 16:52 --------- d-----w C:\Program Files\Google 2007-10-15 22:37 --------- d-----w C:\Users\kyrre\AppData\Roaming\Azureus 2007-10-15 16:02 --------- d-----w C:\ProgramData\Roxio 2007-10-15 15:39 --------- d-----w C:\Users\kyrre\AppData\Roaming\Roxio 2007-10-11 17:40 --------- d-----w C:\Program Files\Java 2007-10-11 01:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-10-11 01:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-10-11 01:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-10-04 00:32 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2007-10-04 00:32 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2007-10-04 00:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-02 23:39 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2007-10-02 23:39 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-10-02 23:39 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-10-02 23:39 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys 2007-10-02 23:39 61,952 ----a-w C:\Windows\System32\cmifw.dll 2007-10-02 23:39 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-10-02 23:39 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2007-10-02 23:39 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2007-10-02 23:39 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys 2007-10-02 23:39 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2007-10-02 23:39 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2007-10-02 23:39 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS 2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\Windows\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf 2007-09-18 12:43 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys 2007-09-18 12:43 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys 2007-09-18 12:43 278,576 ----a-w C:\Windows\system32\drivers\srtsp.sys 2007-05-30 19:47 0 ----a-w C:\Users\kyrre\AppData\Roaming\wklnhst.dat 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-25 05:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-04 02:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 14:34] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 06:25] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 06:25] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 06:25] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 07:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 18:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 C:\Windows\System32\oobefldr.dll] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bxsbang"= {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll [2007-10-22 11:07 260096] "ocgrep"= {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll [2007-10-22 11:07 284160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071020.001\IDSvix86.sys R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-08 18:43:51 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - kyrre.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a> Rootkit scan 2007-10-25 20:56:42 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 20:58:28 - machine was rebooted . --- E O F --- Sletter hele tiden spyshredder og det fra oppstarten men de kommer bare tilbake. Endret 25. oktober 2007 av Ravenlord Lenke til kommentar
Gunnar B Skrevet 25. oktober 2007 Del Skrevet 25. oktober 2007 http://www.bleepingcomputer.com/forums/topic98791.html Lenke til kommentar
Ravenlord Skrevet 25. oktober 2007 Forfatter Del Skrevet 25. oktober 2007 Har fjernet alt slikt ved hjelp av SAS og spybot. Lenke til kommentar
Ravenlord Skrevet 25. oktober 2007 Forfatter Del Skrevet 25. oktober 2007 Fjerna O21 - SSODL: bxsbang - {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll O21 - SSODL: ocgrep - {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll Og sletta filene i safe mode. Lenke til kommentar
norbat Skrevet 25. oktober 2007 Del Skrevet 25. oktober 2007 Hei, Ravenlord. Sier du har det nå er fikset eller sliter du fortsatt med at det kommer tilbake? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå