Orochimaru Skrevet 19. november 2007 Del Skrevet 19. november 2007 Jaja.. Da var det på den igjen. Denne gangen er det Virus igjen som igjennoppretter seg. Håper noen kan hjelpe meg. Har egentlig veldig lyst til å kjøre SmithFraudFix. Men jeg trenger råd om det er nødvendig. HijackThis ile of Trend Micro HijackThis v2.0.2 Scan saved at 18:56:31, on 19.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe C:\Programfiler\F-Secure\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\mHotkey.exe C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programfiler\F-Secure\FSGUI\fsguidll.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Wireless LAN Utility\SiWake.exe C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe C:\Programfiler\Wireless LAN Utility\SiSCFG.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and settings\Admin\Skrivebord\test.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itavisen.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\programfiler\ncsoft\launcher\NCLauncher.exe /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Toshiba PushButton Manager v1.381.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103809220312 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{30ACEF21-6FAD-4F0F-899F-3359C7A8274C}: NameServer = 217.13.7.140 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BOCore - COMODO - C:\Programfiler\Comodo\CBOClean\BOCORE.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe O23 - Service: FSMA - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\retrorun.exe O23 - Service: Retrospect Helper - EMC Dantz - C:\Programfiler\Dantz\Retrospect 7.0\rthlpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9749 bytes Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 (endret) Hvem forteller om dette viruset, får du noe navn på det og evt. hvor skal det ligge? HJT-loggen ser grei ut. Du kunne ha forsøk combofix. Loggen der kan evt. si noe mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Endret 19. november 2007 av norbat Lenke til kommentar
Orochimaru Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 (endret) Den ligger i System Volume. Skal finne rapporten.. Backdoor.Win32.SdBot.cic... <---Dangerous? Farligheten ligger i System Volume Recovery faktisk! Her er retningen der den ligger. C:\System Volume Information\_restore{556F4475-710F-4A4A-BB23-680701BA7D65}\RP737\A0139446.rbf F-Secure melder klart og tydelig ifra. Men etter at jeg satt den i Karantene og sletta den derfra, har den ikke vist seg. Men jeg vil være sikker. EDIT: Dette fant jeg om dette Viruset: The backdoor's file is a PE executable about 71 kilobytes long, packed with Exe32Pack file compressor. The backdoor contains the PSEXEC utility in its body. When the backdoor's file is started, it copies itself as WUPDATED.EXE file to Windows System folder and then creates the following startup key value in the Registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Configuration Loaded"="WUPDATED.EXE" The backdoor can also create the following key value: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Configuration Loaded"="WUPDATED.EXE" When the backdoor is active, it connects to an IRC server (on port 6667), joins a certain channel and acts as a bot there. The backdoor starts IDENTD server on port 113. The backdoor tries to contact the following IRC servers: irc.undernet.org kan3.de The backdoor joins the following password-protected IRC channels: #maerchenland #kellyfamily Here's how the code of the backdoor looks in disassembler's window: A hacker can send commands to the bots to control infected computers. A hacker can do any of the following: * perform ping, SYN, ICMP and UDP flood * get system information including information about OS, network and drives * update the backdoor's file from Internet * operate backdoor's bot (nick change, join/part channels, etc.) * redirect traffic on certain ports * open a URL with default web browser * steal CD keys from popular games * spread to computers via LAN (performs dictionary attack on share passwords) * join and spy on certain IRC channels * start remote processes using PSEXEC.EXE utility (extracted from the backdoor) * download and execute files SdBot.vc steals CD keys for the following games if they are installed on an infected computer: Half-Life Unreal Tournament 2003 Counter-Strike (Retail) Project IGI 2 Battlefield 1942 Battlefield 1942 Road To Rome Rainbow Six III RavenShield Neverwinter Knights Soldier of Fortune 2 The Gladiators Need for Speed Hot Persuit 2 FIFA 2003 Command & Conquer Generals Red Alert 2 Tiberian Sun MED andre ord: Et @Ikke ufarligt virus@ Endret 19. november 2007 av Orochimaru Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Ok, Du kan nullstille gjenopprettingsmappa ved å gjøre følgende: Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Orochimaru Skrevet 19. november 2007 Forfatter Del Skrevet 19. november 2007 ComboFix 07-11-08.3 - Admin 2007-11-19 21:15:27.2 - NTFSx86 Running from: C:\Documents and settings\Admin\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))) . 2007-11-18 21:02 <DIR> d-------- C:\Documents and settings\All Users\Programdata\Grisoft 2007-11-18 21:02 <DIR> d-------- C:\Documents and settings\Admin\Programdata\Grisoft 2007-11-18 21:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:33 <DIR> d-------- C:\Programfiler\Cheat Engine 2007-11-18 17:18 <DIR> d-------- C:\Programfiler\NCSoft 2007-11-18 17:13 <DIR> d-------- C:\Documents and settings\Admin\Programdata\InstallShield 2007-11-18 15:57 <DIR> d-------- C:\Documents and settings\Admin\Programdata\GetRightToGo 2007-11-16 22:44 <DIR> d-------- C:\WINDOWS\system32\windows media 2007-11-16 22:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2007-11-16 22:43 <DIR> d-------- C:\Programfiler\Windows Media Components 2007-11-13 18:37 <DIR> d-------- C:\Programfiler\Lionhead Studios Ltd 2007-11-13 17:39 <DIR> d-------- C:\Documents and settings\All Users\Programdata\Comodo 2007-11-13 17:39 <DIR> d-------- C:\Documents and settings\Admin\Programdata\Comodo 2007-11-13 07:12 <DIR> d-------- C:\Programfiler\Comodo 2007-11-13 07:12 <DIR> d-------- C:\Documents and settings\All Users\Programdata\BOC425 2007-11-13 07:12 235,008 --a------ C:\WINDOWS\UNBOC.EXE 2007-11-13 07:12 208,896 --a------ C:\WINDOWS\CMDLIC.DLL 2007-11-12 16:51 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-11-12 16:51 59,947 --a------ C:\WINDOWS\War3Unin.dat 2007-11-12 16:51 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-10-29 14:49 <DIR> d-------- C:\Documents and settings\All Users\Programdata\Lavasoft 2007-10-28 21:23 <DIR> d-------- C:\Programfiler\Disc2Phone 2007-10-28 16:19 <DIR> d-------- C:\Programfiler\GameSpy Arcade 2007-10-24 21:11 <DIR> dr-h----- C:\Documents and settings\Admin\Siste 2007-10-23 15:34 <DIR> d-------- C:\Documents and settings\Admin\Programdata\AdobeUM 2007-10-23 15:33 <DIR> d-------- C:\Programfiler\Morrison Schwartz 2007-10-23 14:15 382,352 --a------ C:\Documents and settings\Admin\jdk-6u3-windows-i586-p-iftw.exe 2007-10-23 14:13 <DIR> d-------- C:\Documents and settings\Admin\.SunDownloadManager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 20:02 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-11-18 16:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-16 23:24 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2007-11-16 15:00 --------- d-----w C:\Documents and settings\Admin\Programdata\LimeWire 2007-11-13 18:26 --------- d-----w C:\Programfiler\Steam 2007-11-13 17:34 --------- d-----w C:\Programfiler\Warcraft III 2007-11-11 21:00 --------- d-----w C:\Programfiler\Lavasoft 2007-11-11 21:00 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-10-29 17:40 212 ----a-w C:\delete.bat 2007-10-29 11:35 --------- d-----w C:\Programfiler\LucasArts 2007-10-28 16:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-10-22 15:43 --------- d-----w C:\Documents and settings\Admin\Programdata\F-Secure 2007-10-18 18:39 --------- d-----w C:\Programfiler\F-Secure 2007-10-18 18:39 --------- d-----w C:\Documents and settings\All Users\Programdata\F-Secure 2007-10-18 18:05 534 ----a-w C:\Documents and settings\Admin\Programdata\wklnhst.dat 2007-10-15 20:05 --------- d-----w C:\Programfiler\StarWarsGalaxies 2007-10-15 16:26 --------- d-----w C:\Programfiler\Sony 2007-10-04 17:41 --------- d-----w C:\Documents and settings\Admin\Programdata\Panasonic 2007-10-03 17:53 --------- d-----w C:\Programfiler\Wireless LAN Utility 2007-10-03 17:52 --------- d-----w C:\Programfiler\SiS162u 2007-10-03 17:30 --------- d-----w C:\Programfiler\World of Warcraft 2007-10-03 17:23 --------- d-----w C:\Documents and settings\Admin\Programdata\Azureus 2007-10-03 17:18 --------- d-----w C:\Documents and settings\All Users\Programdata\Azureus 2007-10-03 17:11 --------- d-----w C:\Programfiler\Azureus 2007-09-30 19:19 --------- d-----w C:\Documents and settings\Admin\Programdata\SUPERAntiSpyware.com 2007-09-30 19:15 --------- d-----w C:\Documents and settings\Admin\Programdata\Lavasoft 2007-09-30 18:13 --------- d-----w C:\Programfiler\SpeedFan 2007-09-30 17:03 --------- d-----w C:\Programfiler\MSN Messenger 2007-09-27 14:37 36,864 ----a-w C:\WINDOWS\system32\RtlGina2.dll 2007-09-25 14:13 --------- d-----w C:\Programfiler\DAEMON Tools 2007-09-25 13:31 --------- d-----w C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2004-12-23 14:27:21 8 --sh--r C:\WINDOWS\system32\F30928A2D0.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] "Snarvei til egenskapsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Cmaudio"="cmicnfg.cpl" [] "Dit"="Dit.exe" [2004-07-20 18:18 C:\WINDOWS\Dit.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe] "CHotkey"="mHotkey.exe" [2004-02-24 14:05 C:\WINDOWS\mHotkey.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "PCMService"="C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe" [2004-10-29 20:34] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.exe" [2007-08-30 16:36] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-11-02 15:13] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00] "F-Secure TNB"="C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" [2007-08-30 16:35] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46] "PlayNC Launcher"="C:\programfiler\ncsoft\launcher\NCLauncher.exe" [2007-11-18 17:21] C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\ SiWake.lnk - C:\Programfiler\Wireless LAN Utility\SiWake.exe [2007-10-03 18:53:05] Toshiba PushButton Manager v1.381.lnk - C:\Programfiler\INITIO\Toshiba PushButton Manager v1.381\inihid.exe [2005-12-28 22:50:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R1 SSHDRV79;SSHDRV79;\??\C:\WINDOWS\system32\drivers\SSHDRV79.sys R2 cnmpar21;Canon BJ Port Driver Cnmpar21;\??\C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\cnmpar21.sys R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Programfiler\Comodo\CBOClean\BOCDRIVE.sys R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programfiler\F-Secure\Anti-Virus\minifilter\fsgk.sys R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 ICAM5USB;Intel® PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys S3 idrmkl;idrmkl;\??\C:\DOCUME~1\Avatar\LOKALE~1\Temp\idrmkl.sys S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 21:18:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-19 21:18:57 C:\ComboFix2.txt ... 2007-09-26 14:42 . --- E O F --- ComboFix Loggen. Fant den noe? =p Forresten. norbat. Kan du gi meg linken til SmithFraudFix? Jeg tenker å bruke den. Men jeg vil være sikker på riktig link. Takk. Lenke til kommentar
norbat Skrevet 19. november 2007 Del Skrevet 19. november 2007 Loggen ser grei ut. Ser egentlig ingen grunn til at du skal kjøre smitfraudfix, men jeg kan ikke nekte deg det Smitfraudfix. I steden for å rense, kan du jo kjøre et søk (valg 1), for å se om det finner det du er ute etter. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå