biach777 Skrevet 20. november 2007 Del Skrevet 20. november 2007 (endret) Hei... Har fått mange skummle pop-up vinduer i Internett Explorer de 2 siste dagene... Tror det er virus, for de prøver og få meg til og laste ned noe security shitt... Her er noen av de vinduene jeg har fått opp: (Har fått opp en del til, men har ikke giddet og tatt de med) Har aldri slitt med pop-ups før for jeg bruker aldri Internett Explorer, Jeg skjønner ikke hvorfor for Internett Explorer står aldri på... Det er bare pokersider som popper opp.. NOD32 har ikke brydd seg så mye... Maskinen går som vanlig så er ikke så farlig, men det er bare pop-up'sene som er litt skummle... har aldri plagdes med det før! Hjelp?? Takker for svar;) HijackThis Log;) Logfile of HijackThis v1.99.1 Scan saved at 20:00:47, on 20.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe D:\Programfiler\Eset\nod32krn.exe D:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe D:\WINDOWS\SOUNDMAN.EXE D:\Programfiler\Eset\nod32kui.exe D:\Programfiler\iTunes\iTunesHelper.exe D:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe D:\Programfiler\Messenger\msmsgs.exe D:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe D:\Programfiler\Steam\Steam.exe D:\WINDOWS\system32\SSTEM~1\nslookup.exe D:\Programfiler\iPod\bin\iPodService.exe D:\Programfiler\iTunes\iTunes.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\Ati2evxx.exe O:\progs\StatBar\StatBar.exe D:\Programfiler\MSN Messenger\usnsvc.exe D:\Programfiler\Windows Live Safety Center\wlscUploader.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\Documents and Settings\Vegard!\Skrivebord\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [startCCC] "D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "D:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [statBar] O:\progs\StatBar\StatBar.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "D:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Rtpb] "D:\WINDOWS\system32\SSTEM~1\nslookup.exe" --ru -vt yazb O4 - HKCU\..\Run: [Kmnm] "D:\Documents and Settings\Vegard!\Programdata\?ystem32\n?tdde.exe" O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189704018750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45CCD694-5355-462A-87FD-50B1FECC3198}: NameServer = 81.167.36.3,81.167.36.11 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NBService - Nero AG - D:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programfiler\Eset\nod32krn.exe Edit: Leif var plagsom... Endret 20. november 2007 av biach777 Lenke til kommentar
norbat Skrevet 20. november 2007 Del Skrevet 20. november 2007 Det ligger noe rammel der så gjør følgende: Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [Rtpb] "D:\WINDOWS\system32\SSTEM~1\nslookup.exe" --ru -vt yazb O4 - HKCU\..\Run: [Kmnm] "D:\Documents and Settings\Vegard!\Programdata\?ystem32\n?tdde.exe" Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix(c:\combofix.txt) + ny hjt-logg. Lenke til kommentar
biach777 Skrevet 20. november 2007 Forfatter Del Skrevet 20. november 2007 (endret) Det ligger noe rammel der så gjør følgende: Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [Rtpb] "D:\WINDOWS\system32\SSTEM~1\nslookup.exe" --ru -vt yazb O4 - HKCU\..\Run: [Kmnm] "D:\Documents and Settings\Vegard!\Programdata\?ystem32\n?tdde.exe" Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix(c:\combofix.txt) + ny hjt-logg. Har gjort alt helt til jeg kommer til combofix men der får jeg opp feilmeldinge: Først denne: Åsså denne: Edit: Så noen som hadde samme problemet og du var den de spurte:P http://itpro.no/supportforum/index.php?act...164&t=56089 Endret 20. november 2007 av biach777 Lenke til kommentar
norbat Skrevet 20. november 2007 Del Skrevet 20. november 2007 (endret) Skal sjekke..... En midlertidig løsning: Sett pc-datoen tilbake til 17.11. Last ned combofix på nytt. Endret 20. november 2007 av norbat Lenke til kommentar
biach777 Skrevet 20. november 2007 Forfatter Del Skrevet 20. november 2007 (endret) Skal sjekke..... Okey, det funket og sette tiden tilbake;) den er i gang og søker eller hva den gjør;) Endret 20. november 2007 av biach777 Lenke til kommentar
biach777 Skrevet 20. november 2007 Forfatter Del Skrevet 20. november 2007 her er combofix logen: ComboFix 07-11-08.3 - Vegard! 2007-11-17 20:36:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.466 [GMT 1:00] Running from: D:\Documents and Settings\Vegard!\Skrivebord\ComboFix(2).exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Vegard!\Programdata\YSTEM3~1 D:\Documents and Settings\Vegard!\Programdata\YSTEM3~1\n?tdde.exe D:\Programfiler\Fellesfiler\Yazzle1848OinUninstaller.exe D:\WINDOWS\system32\ffhkj.ini D:\WINDOWS\system32\ffhkj.ini2 D:\WINDOWS\system32\jkhff.dll D:\WINDOWS\system32\sstem~1 D:\WINDOWS\system32\sstem~1\nslookup.exe D:\WINDOWS\system32\sstem~1\s?stem\ . ((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))) . 2007-11-20 20:13 51,200 --a------ D:\WINDOWS\NirCmd.exe 2007-11-20 19:50 <DIR> dr-h----- D:\Documents and Settings\Vegard!\Siste 2007-11-16 17:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat 2007-11-16 11:26 <DIR> d-------- D:\Programfiler\Fellesfiler\Adobe 2007-11-11 02:59 <DIR> d-------- D:\Programfiler\iPod 2007-11-10 10:41 <DIR> d--hs---- D:\WINDOWS\ftpcache 2007-11-09 22:24 <DIR> d-------- D:\Programfiler\MSXML 4.0 2007-11-08 20:59 1,120 --a------ D:\WINDOWS\checkip.dat 2007-11-07 13:28 <DIR> d-------- D:\Documents and Settings\Vegard!\SystemRequirementsLab 2007-11-01 20:27 <DIR> d-------- D:\WINDOWS\BDOSCAN8 2007-10-29 15:02 <DIR> d-------- D:\Programfiler\Microsoft SQL Server 2005 Mobile Edition 2007-10-29 15:02 <DIR> d-------- D:\Programfiler\Microsoft SQL Server 2007-10-29 14:45 <DIR> d-------- D:\WINDOWS\Symbols 2007-10-29 14:45 <DIR> d-------- D:\Programfiler\Microsoft.NET 2007-10-29 14:45 <DIR> d-------- D:\Programfiler\Microsoft Visual Studio 8 2007-10-29 14:45 <DIR> d-------- D:\Programfiler\Fellesfiler\Merge Modules 2007-10-29 14:45 <DIR> d-------- D:\Programfiler\Fellesfiler\Business Objects 2007-10-29 14:45 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\PreEmptive Solutions 2007-10-28 10:47 <DIR> d-------- D:\Programfiler\Fellesfiler\Softimage 2007-10-28 10:44 45,056 --------- D:\WINDOWS\system32\XSIChooser.exe 2007-10-28 10:41 <DIR> d-------- D:\Documents and Settings\Vegard!\Programdata\InstallShield 2007-10-27 20:09 3,727,720 --a------ D:\WINDOWS\system32\d3dx9_35.dll 2007-10-27 20:09 1,358,192 --a------ D:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-27 20:09 444,776 --a------ D:\WINDOWS\system32\d3dx10_35.dll 2007-10-27 18:15 <DIR> d-------- D:\Programfiler\Steam 2007-10-25 10:26 53,248 --a------ D:\WINDOWS\bdoscandel.exe 2007-10-21 13:54 <DIR> d-------- D:\WINDOWS\Sun 2007-10-20 12:44 23 --a------ D:\WINDOWS\popcinfot.dat 2007-10-20 11:17 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2007-10-20 11:15 <DIR> d-------- D:\Programfiler\MSXML 6.0 2007-10-20 11:14 <DIR> d-------- D:\WINDOWS\system32\URTTEMP 2007-10-18 14:06 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2007-10-18 14:06 298,104 --a------ D:\WINDOWS\system32\imon.dll 2007-10-18 14:06 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-18 13:42 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Eset . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-20 19:16 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\gtk-2.0 2007-11-20 13:34 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\uTorrent 2007-11-17 20:45 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\LimeWire 2007-11-14 11:56 --------- d-----w D:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-11-11 14:51 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\dvdcss 2007-11-11 02:17 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2007-11-11 02:00 --------- d-----w D:\Programfiler\iTunes 2007-11-11 01:58 --------- d-----w D:\Programfiler\QuickTime 2007-11-08 15:44 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP 2007-11-01 12:23 --------- d-----w D:\Programfiler\Java 2007-11-01 08:41 --------- d-----w D:\Programfiler\Realtek AC97 2007-10-28 16:17 --------- d-----w D:\Documents and Settings\All Users\Programdata\SmartSound Software Inc 2007-10-27 10:17 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\Lavasoft 2007-10-22 13:55 --------- d-----w D:\Documents and Settings\felles\Programdata\uTorrent 2007-10-21 19:38 --------- d-----w D:\Programfiler\Windows Live Safety Center 2007-10-03 13:03 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE 2007-10-03 13:03 249,856 ------w D:\WINDOWS\Setup1.exe 2007-10-03 12:56 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\SolidDocuments 2007-10-03 12:56 --------- d-----w D:\Documents and Settings\All Users\Programdata\SolidDocuments 2007-10-02 20:45 --------- d-----w D:\Documents and Settings\felles\Programdata\dvdcss 2007-09-30 10:25 --------- d-----w D:\Documents and Settings\All Users\Programdata\FLEXnet 2007-09-30 08:46 --------- d-----w D:\Programfiler\LimeWire 2007-09-29 09:06 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\Ahead 2007-09-29 08:32 --------- d-----w D:\Documents and Settings\All Users\Programdata\DVD Shrink 2007-09-27 19:13 --------- d-----w D:\Programfiler\uTorrent 2007-09-22 19:33 --------- d-----w D:\Programfiler\GIMP-2.0 2007-09-22 19:32 --------- d-----w D:\Programfiler\Fellesfiler\GTK 2007-09-21 13:11 --------- d-----w D:\Documents and Settings\Vegard!\Programdata\Bioshock 2007-09-21 13:05 --------- d--h--r D:\Documents and Settings\Vegard!\Programdata\SecuROM 2007-09-20 18:56 --------- d-----w D:\Documents and Settings\felles\Programdata\Ahead 2007-09-20 18:47 --------- d-----w D:\Programfiler\D-Tools 2007-09-17 21:17 --------- d-----w D:\Documents and Settings\felles\Programdata\vlc 2007-09-17 21:00 --------- d-----w D:\Documents and Settings\All Users\Programdata\Pinnacle 2007-09-13 13:39 6,017 -c--a-w D:\WINDOWS\assys.dll 2007-09-13 13:39 40,177 -c--a-w D:\WINDOWS\ffnsys.dll 2007-09-13 13:39 38,982 -c--a-w D:\WINDOWS\rsczsys.dll 2007-09-13 13:39 30,559 -c--a-w D:\WINDOWS\mfnsys.dll 2007-09-13 13:39 227,851 -c--a-w D:\WINDOWS\uawin.dll 2007-09-13 13:39 13,277 -c--a-w D:\WINDOWS\snsys.dll 2007-09-13 13:39 12,558 -c--a-w D:\WINDOWS\gstcore.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70065406-9F91-9F39-B1EC-C46EFD9DCE9F}] D:\WINDOWS\system32\pvirsf.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "NeroFilterCheck"="D:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40] "GrooveMonitor"="D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 D:\WINDOWS\soundman.exe] "DAEMON Tools-1033"="D:\Programfiler\D-Tools\daemon.exe" [2004-03-12 21:43] "nod32kui"="D:\Programfiler\Eset\nod32kui.exe" [2007-10-18 14:04] "QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2007-10-19 20:16] "iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-02 18:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatBar"="O:\progs\StatBar\StatBar.exe" [2005-01-22 00:01] "MsnMsgr"="D:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04] "uTorrent"="D:\Programfiler\uTorrent\uTorrent.exe" [2007-09-13 14:33] "MSMSGS"="D:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24] "Steam"="D:\Programfiler\Steam\Steam.exe" [2007-11-16 13:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnnnm] pmnnnnm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 D:\WINDOWS\system32\jkhff.dll R0 d346bus;d346bus;D:\WINDOWS\system32\DRIVERS\d346bus.sys R0 d346prt;d346prt;D:\WINDOWS\system32\Drivers\d346prt.sys R2 SQLWriter;SQL Server VSS Writer;"D:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe" S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Programfiler\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 . Contents of the 'Scheduled Tasks' folder "2007-11-19 09:48:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-17 20:42:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-17 20:44:01 - machine was rebooted . --- E O F --- Lenke til kommentar
norbat Skrevet 20. november 2007 Del Skrevet 20. november 2007 Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: D:\WINDOWS\assys.dll D:\WINDOWS\ffnsys.dll D:\WINDOWS\rsczsys.dll D:\WINDOWS\mfnsys.dll D:\WINDOWS\uawin.dll D:\WINDOWS\snsys.dll D:\WINDOWS\gstcore.dll Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den om alt blir slettet. Åpne Notisblokk og kopier inn det som står under i fet. Lagre fila som regfix.reg og legg den på skrivebordet. Dobbeltklikk på fila og si ja til å legge til info'n i registeret: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnnnm] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70065406-9F91-9F39-B1EC-C46EFD9DCE9F}] Post ny hjt-logg. Lenke til kommentar
biach777 Skrevet 21. november 2007 Forfatter Del Skrevet 21. november 2007 (endret) Gjort alt det andre, her er en HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 17:09:11, on 18.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe D:\WINDOWS\SOUNDMAN.EXE D:\Programfiler\Eset\nod32kui.exe D:\Programfiler\iTunes\iTunesHelper.exe O:\progs\StatBar\StatBar.exe D:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe D:\Programfiler\Messenger\msmsgs.exe D:\Programfiler\Steam\Steam.exe D:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe D:\WINDOWS\system32\notepad.exe D:\Programfiler\Eset\nod32krn.exe D:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\WINDOWS\system32\svchost.exe D:\Programfiler\iPod\bin\iPodService.exe D:\Programfiler\iTunes\iTunes.exe D:\WINDOWS\system32\wscntfy.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\MSN Messenger\usnsvc.exe D:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\Vegard!\Skrivebord\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {70065406-9F91-9F39-B1EC-C46EFD9DCE9F} - D:\WINDOWS\system32\pvirsf.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [startCCC] "D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "D:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [statBar] O:\progs\StatBar\StatBar.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "D:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189704018750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45CCD694-5355-462A-87FD-50B1FECC3198}: NameServer = 81.167.36.3,81.167.36.11 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NBService - Nero AG - D:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programfiler\Eset\nod32krn.exe Endret 21. november 2007 av biach777 Lenke til kommentar
norbat Skrevet 21. november 2007 Del Skrevet 21. november 2007 Fix følgende linje med hjt: O2 - BHO: (no name) - {70065406-9F91-9F39-B1EC-C46EFD9DCE9F} - D:\WINDOWS\system32\pvirsf.dll (file missing) Hvordan kjører PC-en? Lenke til kommentar
biach777 Skrevet 21. november 2007 Forfatter Del Skrevet 21. november 2007 Fix følgende linje med hjt:O2 - BHO: (no name) - {70065406-9F91-9F39-B1EC-C46EFD9DCE9F} - D:\WINDOWS\system32\pvirsf.dll (file missing) Hvordan kjører PC-en? PC-en kjører perfekt;) ikke noe pop-up!! Takker veldig mye for at du gidder og ta deg tid til sånt.... Takk Lenke til kommentar
norbat Skrevet 21. november 2007 Del Skrevet 21. november 2007 Bare hyggelig. Se i Utforsker om fila D:\WINDOWS\system32\pvirsf.dll, ligger der. Hvis, så sletter du den. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
biach777 Skrevet 21. november 2007 Forfatter Del Skrevet 21. november 2007 Bare hyggelig. Se i Utforsker om fila D:\WINDOWS\system32\pvirsf.dll, ligger der. Hvis, så sletter du den. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Sånn;) Takk Igjen:) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå