Ullsokk1 Skrevet 19. november 2007 Del Skrevet 19. november 2007 Hei Vet ikke om det er virus eller ikke men det kaller seg ''Pics06'' som jeg var DUST nok til og godta på msn. så når jeg er inne på msn innemellom så sender den automatisk videre til andre. tatt virusscan men finner ikke noe virus. søkte på Pics06 der fant den 2 ting som jeg sletta og reinstallerte msn så trudde jeg det var ferdig så kom det nå igjen! Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Kjør gjennom langversjonen i følgende post. https://www.diskusjon.no/index.php?showtopic=691246 Loggene det etterspørres legger du i din egen post, så ser vi hva som evt. må gjøres videre. Lenke til kommentar
Ullsokk1 Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 (endret) Noe hjelp? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:45:19, on 19.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\BitTorrent_DNA\dna.exe C:\Drivere\Nedlasted driver til trådløst\wlancfg5.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/no/ý R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sansaDispatch] C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6040 bytes Endret 19. november 2007 av Ullsokk1 Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Ja, Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Ullsokk1 Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 Det skjedde ikke noe kom bare at den hadde expira og så kom det etterpå combofix is now uninstalled Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Sorry, ta denne linken isteden: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe Lenke til kommentar
Ullsokk1 Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 (endret) Dette er hva jeg fikk ComboFix 07-11-08.3 - Sondre 2007-11-19 17:34:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.614 [GMT 1:00] Running from: C:\Documents and Settings\Sondre.PRIVAT\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Config.ini . ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))) . 2007-11-19 17:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-19 17:10 d-------- C:\Documents and Settings\Sondre.PRIVAT\Programdata\AVG7 2007-11-19 17:10 d-------- C:\Documents and Settings\LocalService.NT-MYNDIGHET\Programdata\AVG7 2007-11-19 17:10 d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Grisoft 2007-11-19 17:00 d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Avg7 2007-11-19 16:45 d-------- C:\Programfiler\Trend Micro 2007-11-18 22:02 757,878 --a------ C:\WINDOWS\pics08.zip 2007-11-17 18:22 d-------- C:\WINDOWS\system32\QuickTime 2007-11-17 18:22 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll 2007-11-17 16:27 d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2007-11-16 19:20 d-------- C:\Programfiler\RivaTuner v2.06 2007-11-13 14:34 d-------- C:\Programfiler\DVD Decrypter 2007-11-12 18:32 d-------- C:\Programfiler\Movies To DVD 2007-11-12 18:32 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll 2007-11-12 18:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-11-12 18:32 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll 2007-11-12 18:32 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2007-11-12 18:32 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-11-12 18:32 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-11-12 18:32 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2007-11-12 18:32 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2007-11-05 20:56 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-11-05 20:50 d-------- C:\Programfiler\ATI Technologies 2007-11-05 20:50 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-11-05 16:22 d--h----- C:\WINDOWS\msdownld.tmp 2007-11-05 15:51 d-------- C:\Programfiler\TrackMania Nations ESWC 2007-10-29 20:34 d-------- C:\Documents and Settings\Sondre.PRIVAT\Programdata\teamspeak2 2007-10-28 00:27 d-------- C:\Documents and Settings\Sondre.PRIVAT\Programdata\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 16:35 --------- d-----w C:\Documents and Settings\Sondre.PRIVAT\Programdata\BitTorrent DNA 2007-11-19 13:58 --------- d-----w C:\Documents and Settings\Sondre.PRIVAT\Programdata\BitTorrent 2007-11-19 09:51 --------- d-----w C:\Programfiler\Steam 2007-11-19 09:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-19 09:50 --------- d-----w C:\Programfiler\EA GAMES 2007-11-18 11:43 --------- d-----w C:\Programfiler\MSN Messenger 2007-11-17 12:13 --------- d-----w C:\Programfiler\GameSpy Arcade 2007-11-17 11:24 757,760 ----a-w C:\WINDOWS\system32\NTSpool.exe 2007-11-17 11:14 --------- d-----w C:\Documents and Settings\Sondre.PRIVAT\Programdata\LimeWire 2007-11-05 14:50 --------- d-----w C:\Programfiler\Skype 2007-10-29 19:38 --------- d-----w C:\Documents and Settings\Sondre.PRIVAT\Programdata\Skype 2007-10-28 10:38 --------- d-----w C:\Programfiler\VstPlugins 2007-10-27 23:22 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-10-24 17:23 --------- d-----w C:\Programfiler\Image-Line 2007-10-24 16:32 --------- d-----w C:\Programfiler\BitLord 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-04 16:19 --------- d-----w C:\Programfiler\Winamp 2007-10-04 13:53 --------- d-----w C:\Programfiler\Fellesfiler\Real 2007-10-04 08:40 --------- d-----w C:\Documents and Settings\Sondre.PRIVAT\Programdata\FarStone 2007-10-04 08:32 --------- d-----w C:\Programfiler\DAEMON Tools 2007-10-04 08:30 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-03 19:47 --------- d-----w C:\Programfiler\LimeWire 2007-10-03 08:16 --------- d-----w C:\Programfiler\BitTorrent_DNA 2007-10-03 08:16 --------- d-----w C:\Programfiler\BitTorrent 2007-10-02 15:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-02 15:18 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-30 16:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-09-26 19:26 --------- d-----w C:\Programfiler\Google 2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2004-07-02 11:19 40,960 ----a-w C:\WINDOWS\inf\WG311v2\imdinst.exe 2004-06-17 22:41 386,688 ----a-w C:\WINDOWS\inf\WG311v2\netwg311_XP.sys 2004-04-04 12:07 84,912 ----a-w C:\WINDOWS\inf\WG311v2\FwRad17.bin 2004-04-04 12:07 83,320 ----a-w C:\WINDOWS\inf\WG311v2\FwRad16.bin 2004-02-04 11:53 62,865 ----a-w C:\WINDOWS\inf\WG311v2\odysseyIM3.sys 2004-02-04 11:53 12,739 ----a-w C:\WINDOWS\inf\WG311v2\odNetInstall.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-02-02 17:28 C:\WINDOWS\soundman.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23] "SansaDispatch"="C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 17:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "BitTorrent DNA"="C:\Programfiler\BitTorrent_DNA\dna.exe" [2007-10-03 09:16] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] C:\Documents and Settings\Sondre.PRIVAT\Start-meny\Programmer\Oppstart\ Stardock ObjectDock.lnk - C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe [2007-02-06 16:49:44] C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\ NETGEAR WG311v2 Smart Configuration.lnk - C:\Drivere\Nedlasted driver til tr†dl›st\wlancfg5.exe [2004-10-14 12:32:18] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^3Com Wireless 11g USB Adapter.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\3Com Wireless 11g USB Adapter.lnk backup=C:\WINDOWS\pss\3Com Wireless 11g USB Adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sondre.PRIVAT^Start-meny^Programmer^Oppstart^Registration Heroes of Might & Magic 5.LNK] path=C:\Documents and Settings\Sondre.PRIVAT\Start-meny\Programmer\Oppstart\Registration Heroes of Might & Magic 5.LNK backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameDrive] "C:\Programfiler\FarStone\GameDrive\GDP\GDTask.exe" /AutoRestore [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Programfiler\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programfiler\Winamp\winampa.exe R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys R3 RivaTuner32;RivaTuner32;\??\C:\Programfiler\RivaTuner v2.06\RivaTuner32.sys S0 FGXSCSI;FGXSCSI;C:\WINDOWS\system32\DRIVERS\fgxscsi.sys S3 3Com_A02;3com Driver;C:\WINDOWS\system32\DRIVERS\3C254G50.sys *Newly Created Service* - AVG7ALRT *Newly Created Service* - AVG7CORE *Newly Created Service* - AVG7RSXP *Newly Created Service* - AVG7UPDSVC *Newly Created Service* - AVGCLEAN *Newly Created Service* - AVGEMS *Newly Created Service* - AVGTDI *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 17:36:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-19 17:36:28 . --- E O F --- Endret 19. november 2007 av Ullsokk1 Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\NTSpool.exe C:\WINDOWS\pics08.zip Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den om du får som resultat at de ble slettet. Post ny hjt-logg. Lenke til kommentar
Jarmo Skrevet 19. november 2007 Del Skrevet 19. november 2007 Pass på denne ormen http://www.nettavisen.no/it/article1450364.ece Lenke til kommentar
Ullsokk1 Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 (endret) virka som gikk greit detta tusen takk for all hjelpen! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:05:09, on 19.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\BitTorrent_DNA\dna.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Drivere\Nedlasted driver til trådløst\wlancfg5.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/no/ý R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sansaDispatch] C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.06\RivaTuner.exe" /S O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5871 bytes Endret 19. november 2007 av Ullsokk1 Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe Fortell så om du fortsatt opplever problemer med MSN (En ny logg fra combofix skader ikke ) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå