BorN Skrevet 27. november 2007 Del Skrevet 27. november 2007 (endret) Her er en Hijackthis logg, pga en klage fra Telenor, som sa at det var mistanke at en av våre tre maskiner hadde misbrukt nettet. Mest sannsynlig et virus som hadde masseutsendt eposter. Legger ut loggen fra broren min sin PC, deretter de to andre innen kort tid. Loggen fra min brors maskin: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:08, on 27.11.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\ctfmon.exe C:\Programfiler\BitTorrent_DNA\dna.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe E:\Programfiler\BitTorrent\bittorrent.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programfiler\Pando Networks\Pando\pando.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe E:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\datamaskinnavn\Skrivebord\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Programfiler\Snyuronv\sbjjhkie.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb124\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {81DBA94B-731E-47D2-8C31-5776E56C67F2} - C:\WINDOWS\system32\ssqrp.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Programfiler\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: (no name) - {CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} - C:\WINDOWS\system32\yayabby.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Programfiler\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb124\Dealio.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "E:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NetLimiter] E:\Programfiler\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [ahqrofsd] rundll32.exe "C:\Programfiler\ahqrofsd\ufwxgpwf.dll",Init O4 - HKLM\..\Run: [wrcnatkb] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\wrcnatkb.dll" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ultimate Defender] "C:\Programfiler\Ultimate Defender\UltimateDefender.exe" hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [bitTorrent] "E:\Programfiler\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [steam] "e:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [Pando] "C:\Programfiler\Pando Networks\Pando\pando.exe" /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\datamaskinnavn\Programdata\Dealio\kb124\res\DealioSearch.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb124\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb124\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191780595562 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll O20 - Winlogon Notify: yayabby - C:\WINDOWS\SYSTEM32\yayabby.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\SrvLnch\SrvLnch.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 11586 bytes Loggen fra min maskin: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:20, on 27.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Norton Internet Security\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Norton Internet Security\ccPxySvc.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\Programfiler\MultiRes\MultiRes.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe F:\Programfiler\DVD Solution 2.0\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Håkon\Skrivebord\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.start.no/bin/mssearch/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Programfiler\Internet Download Manager\IDMIECC.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll O4 - HKLM\..\Run: [MultiRes] C:\Programfiler\MultiRes\MultiRes.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [smapp] C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RemoteControl] "F:\Programfiler\DVD Solution 2.0\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bootSkin Startup Jobs] "F:\Programfiler\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "f:\spill\valve(2)\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download All Links with IDM - F:\Programfiler\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - F:\Programfiler\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Snip to my eSnips account - C:\Programfiler\eSnips\res\SnipIt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.start.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {76E11BD9-E2F5-4F12-9922-A372B26B0F56} (tabCtl Class) - http://hk.tine.no/komponent/ddTabHandler.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPxySvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programfiler\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - http://deiligst.no/pics/31/31669.jpg -- End of file - 11208 bytes Redigert: Endret datamaskinnavnene i loggene Endret 27. november 2007 av BorN Lenke til kommentar
norbat Skrevet 27. november 2007 Del Skrevet 27. november 2007 Din brors pc: Har flere typer infeksjoner og bør da gjøre følgende: Kjør langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 Loggene kan du poste her i din egen post. Din pc: Ingen infeksjoner. Mest litt opprydding. Avinstaller ett av antivirusprogrammene dine. Foreslår at du beholder NIS og fjerner AVG. Kjør en diskopprydding: Tilbehør->systemverktøy->diskopprydding. Lenke til kommentar
BorN Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 (endret) Foreldrenes PC: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:07, on 27.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\datamaskinnavn\KNOPPIX_V3.9-2005-05-27-EN3333\Skrivebord\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.start.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll O2 - BHO: - {C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3} - C:\WINDOWS\lbbho.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Programfiler\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MedievalLords_ML.exe] D:\Tore\Program\MEDIEV~1.EXE /r O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099684035124 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab O16 - DPF: {76E11BD9-E2F5-4F12-9922-A372B26B0F56} (tabCtl Class) - http://hk.tine.no/komponent/ddTabHandler.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programfiler\SPAMfighter\sfus.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - http://www.sparebank1.no/weblink/felles/wl..._Beregn_OTP.jpg -- End of file - 9830 bytes Redigert: Takk, du er rask! Uffda, det var brorens PC jeg fryktet: Bakgrunn: Jeg lagde en tråd om problemet: "LØST: Virus (exe og bat-fil), manglet mange systemfiler, inkludert Chkdsk" og vi installerte altså Windows XPpå nytt. Det neste vi igjorde (og som ikke står i den tråden) er at vi søkte gjennom hele maskina med Norton Anti-Virus og Ad-Aware uten å finne noen virus / spyware. Hijackthis-loggen i førsteposten ble lagd etter dette, noe som viser at Norton Anti-Virus ikke er nok beskyttelse. Men jeg skal fyre løs på langversjonen før jeg klager no mer på Norton Redigert2: Når det gjelder min egen PC, så har jeg både AVG og Norton Internet Security fordi jeg bare bruker NIS-brannmuren, og AVG til virusskanner. Har avinstallert selve Norton Anti-Virus, så det eneste programmet som skanner i bakgrunnen er AVG. Mener jeg å tro. Okay, foreldrenes PC er også infisert. Dette var verre enn jeg trodde... Poster nytt svar så snart jeg har fått skannet igjennom. Kan ta litt tid med foreldrenes PC, da dette er en litt gammel laptop. (Redigert3: Endret datamaskinnavnene i loggene) Endret 27. november 2007 av BorN Lenke til kommentar
norbat Skrevet 27. november 2007 Del Skrevet 27. november 2007 (endret) Foreldrenes pc:: Infisert. Kjør gjennom langversjonen på den PC-en også og post loggene i denne posten. Edit: Norton er et glimrende av-prog, så det skulle egentlig være unødvendig å kjøre AVG. Endret 27. november 2007 av norbat Lenke til kommentar
BorN Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 Foreldrenes pc:: Infisert.Kjør gjennom langversjonen på den PC-en også og post loggene i denne posten. Edit: Norton er et glimrende av-prog, så det skulle egentlig være unødvendig å kjøre AVG. Okay, kjører gjennom langversjonen på foreldrenes PC også da. OT: Joda, Norton er bra nok det, men det var ikke bra nok til at jeg betalte ett nytt år med oppdateringer for programmet. Det som er grunnen. Når det gjelder brannmuren jeg har nå så finnes det kanskje andre brannmurer som klassifiseres som "bedre". Jeg prøvde en gratis-brannmur som jeg ikke husker navnet på, men den var unaturlig irriterende med at den poppet opp hver gang jeg gjorde noe. Med NIS trenger du bare å velge en gang per program, noe som er fornuftig. Men for all del, har du forslag om andre brannmurer jeg kan bruke i tillegg til AVG så er jeg åpen for det Lenke til kommentar
norbat Skrevet 27. november 2007 Del Skrevet 27. november 2007 Hvis dere har Telenor som ISP, så ligger det et gratisabon. på NIS 2007 for 1 bruker der. Eller så kan du se i 'Den store sikkerhetsguiden' for tips til evt. brannmur. Lenke til kommentar
BorN Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 (endret) Okay, da var skanning av min brors PC ferdig. ComboFix Logg: ComboFix 07-11-19.4 - misterbroder 2007-11-27 22:20:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1044.18.1399 [GMT 1:00] Running from: C:\Documents and Settings\misterbroder\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata.\wrcnatkb.dll C:\Programfiler\Fellesfiler\microsoft shared\web folders\ibm00001.dll C:\Programfiler\SecCenter C:\Programfiler\SecCenter\scprot4.exe.bak C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\tnrtmwuk C:\WINDOWS\system32\tnrtmwuk\bg1.gif C:\WINDOWS\system32\tnrtmwuk\bgtop.gif C:\WINDOWS\system32\tnrtmwuk\bottom1.gif C:\WINDOWS\system32\tnrtmwuk\essentials.gif C:\WINDOWS\system32\tnrtmwuk\icon1.ico C:\WINDOWS\system32\tnrtmwuk\install1.gif C:\WINDOWS\system32\tnrtmwuk\left1.gif C:\WINDOWS\system32\tnrtmwuk\li.gif C:\WINDOWS\system32\tnrtmwuk\logo.gif C:\WINDOWS\system32\tnrtmwuk\main.htm C:\WINDOWS\system32\tnrtmwuk\mainframe.htm C:\WINDOWS\system32\tnrtmwuk\reinstall1.gif C:\WINDOWS\system32\tnrtmwuk\right1.gif C:\WINDOWS\system32\tnrtmwuk\s1.htm C:\WINDOWS\system32\tnrtmwuk\s2.htm C:\WINDOWS\system32\tnrtmwuk\s3.htm C:\WINDOWS\system32\tnrtmwuk\SMTop1.gif C:\WINDOWS\system32\tnrtmwuk\SMTop2.gif C:\WINDOWS\system32\tnrtmwuk\SMTop3.gif C:\WINDOWS\system32\tnrtmwuk\SMTop4.gif C:\WINDOWS\system32\tnrtmwuk\soft1_off.gif C:\WINDOWS\system32\tnrtmwuk\soft1_off_ext.gif C:\WINDOWS\system32\tnrtmwuk\soft1_on.gif C:\WINDOWS\system32\tnrtmwuk\soft1_on_ext.gif C:\WINDOWS\system32\tnrtmwuk\soft2_off.gif C:\WINDOWS\system32\tnrtmwuk\soft2_off_ext.gif C:\WINDOWS\system32\tnrtmwuk\soft2_on.gif C:\WINDOWS\system32\tnrtmwuk\soft2_on_ext.gif C:\WINDOWS\system32\tnrtmwuk\soft3_off.gif C:\WINDOWS\system32\tnrtmwuk\soft3_off_ext.gif C:\WINDOWS\system32\tnrtmwuk\soft3_on.gif C:\WINDOWS\system32\tnrtmwuk\soft3_on_ext.gif C:\WINDOWS\system32\tnrtmwuk\softbottom_off.gif C:\WINDOWS\system32\tnrtmwuk\softbottom_on.gif C:\WINDOWS\system32\tnrtmwuk\softleft_off.gif C:\WINDOWS\system32\tnrtmwuk\softleft_on.gif C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk1.exe C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe C:\WINDOWS\system32\tnrtmwuk\top1.gif C:\WINDOWS\system32\tnrtmwuk\top2.gif C:\WINDOWS\system32\tnrtmwuk\turnoff1.gif C:\WINDOWS\system32\tnrtmwuk\turnon1.gif C:\WINDOWS\system32\winmqx32.dll C:\WINDOWS\system32\xpdx.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 22:13 <DIR> dr-h----- C:\Documents and Settings\misterbroder\Siste 2007-11-27 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-11-27 15:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-25 21:31 292,864 --a--c--- C:\WINDOWS\system32\dllcache\ddraw.dll 2007-11-25 21:31 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-11-25 21:31 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-11-25 21:31 68,096 --a--c--- C:\WINDOWS\system32\dllcache\dpnhupnp.dll 2007-11-25 21:31 24,064 --a--c--- C:\WINDOWS\system32\dllcache\ddrawex.dll 2007-11-25 21:31 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-11-25 21:31 13,312 --a--c--- C:\WINDOWS\system32\dllcache\msdmo.dll 2007-11-24 23:53 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-11-24 23:53 1,798,144 --a--c--- C:\WINDOWS\system32\dllcache\qedit.dll 2007-11-24 23:53 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-11-24 23:53 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-11-24 23:53 733,184 --a--c--- C:\WINDOWS\system32\dllcache\qedwipes.dll 2007-11-24 23:53 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-11-24 23:53 470,528 --a--c--- C:\WINDOWS\system32\dllcache\qdvd.dll 2007-11-24 23:53 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-11-24 23:53 354,816 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll 2007-11-24 23:53 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-11-24 23:53 316,928 --a--c--- C:\WINDOWS\system32\dllcache\qdv.dll 2007-11-24 23:53 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-11-24 23:53 257,024 --a--c--- C:\WINDOWS\system32\dllcache\qcap.dll 2007-11-24 23:53 223,232 --a------ C:\WINDOWS\system32\gcdef.dll 2007-11-24 23:53 223,232 --a--c--- C:\WINDOWS\system32\dllcache\gcdef.dll 2007-11-24 23:53 208,896 --a--c--- C:\WINDOWS\system32\dllcache\joy.cpl 2007-11-24 23:53 173,056 --a------ C:\WINDOWS\system32\qasf.dll 2007-11-24 23:53 173,056 --a--c--- C:\WINDOWS\system32\dllcache\qasf.dll 2007-11-24 23:53 130,304 --a--c--- C:\WINDOWS\system32\dllcache\ks.sys 2007-11-24 23:53 83,968 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-11-24 23:53 52,224 --a------ C:\WINDOWS\system32\msdvbnp.ax 2007-11-24 23:53 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax 2007-11-24 23:53 52,096 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2007-11-24 23:53 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-11-24 23:53 48,512 --a--c--- C:\WINDOWS\system32\dllcache\stream.sys 2007-11-24 23:53 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll 2007-11-24 23:53 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-11-24 23:53 47,104 --a--c--- C:\WINDOWS\system32\dllcache\wstdecod.dll 2007-11-24 23:53 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-11-24 23:53 31,744 --a------ C:\WINDOWS\system32\pid.dll 2007-11-24 23:53 31,744 --a--c--- C:\WINDOWS\system32\dllcache\pid.dll 2007-11-24 23:53 30,208 --a------ C:\WINDOWS\system32\psisrndr.ax 2007-11-24 23:53 30,208 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax 2007-11-24 23:53 18,688 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2007-11-24 23:53 16,896 --a--c--- C:\WINDOWS\system32\dllcache\msyuv.dll 2007-11-24 23:53 16,896 --a--c--- C:\WINDOWS\system32\dllcache\bdaplgin.ax 2007-11-24 23:53 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-11-24 23:53 14,976 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2007-11-24 23:53 11,392 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys 2007-11-24 23:53 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-11-24 23:53 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-11-24 23:53 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-11-24 23:53 4,096 --a--c--- C:\WINDOWS\system32\dllcache\swenum.sys 2007-11-24 23:49 <DIR> d-------- C:\Programfiler\directx 2007-11-24 19:34 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-24 19:23 167,704 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-11-24 17:26 479,744 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2007-11-24 17:26 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll 2007-11-24 17:26 345,600 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll 2007-11-24 17:26 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll 2007-11-24 17:26 246,784 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll 2007-11-24 17:26 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll 2007-11-24 17:26 182,784 --a--c--- C:\WINDOWS\system32\dllcache\snmpsmir.dll 2007-11-24 17:26 175,104 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsa.dll 2007-11-24 17:26 134,339 --a--c--- C:\WINDOWS\system32\dllcache\imekr.lex 2007-11-24 17:26 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll 2007-11-24 17:26 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe 2007-11-24 17:26 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys 2007-11-24 17:26 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll 2007-11-24 17:26 75,264 --a--c--- C:\WINDOWS\system32\dllcache\phon.ime 2007-11-24 17:26 72,192 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll 2007-11-24 17:26 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe 2007-11-24 17:26 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll 2007-11-24 17:26 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll 2007-11-24 17:26 61,440 --a--c--- C:\WINDOWS\system32\dllcache\unicdime.ime 2007-11-24 17:26 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe 2007-11-24 17:26 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll 2007-11-24 17:26 36,864 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll 2007-11-24 17:26 29,184 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe 2007-11-24 17:26 24,576 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime 2007-11-24 17:26 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe 2007-11-24 17:26 14,336 --a--c--- C:\WINDOWS\system32\dllcache\tsprof.exe 2007-11-24 17:26 11,264 --a--c--- C:\WINDOWS\system32\dllcache\pmxmcro.dll 2007-11-24 17:26 10,240 --a--c--- C:\WINDOWS\system32\dllcache\snmpstup.dll 2007-11-24 17:26 8,192 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe 2007-11-24 17:26 6,656 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe 2007-11-24 17:26 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll 2007-11-24 17:26 5,120 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll 2007-11-24 17:25 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe 2007-11-24 17:25 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll 2007-11-24 17:25 201,216 --a--c--- C:\WINDOWS\system32\dllcache\cintime.dll 2007-11-24 17:25 108,827 --a--c--- C:\WINDOWS\system32\dllcache\hanja.lex 2007-11-24 17:25 57,400 --a--c--- C:\WINDOWS\system32\dllcache\cplexe.exe 2007-11-24 17:25 36,864 --a--c--- C:\WINDOWS\system32\dllcache\hanjadic.dll 2007-11-24 17:25 32,827 --a--c--- C:\WINDOWS\system32\dllcache\tcptest.exe 2007-11-24 17:25 21,504 --a--c--- C:\WINDOWS\system32\dllcache\cintlgnt.ime 2007-11-24 17:25 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-24 17:25 18,944 --a--c--- C:\WINDOWS\system32\dllcache\cprofile.exe 2007-11-24 17:25 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-24 17:25 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 21:31 --------- d-----w C:\Documents and Settings\misterbroder\Programdata\BitTorrent DNA 2007-11-27 21:31 --------- d-----w C:\Documents and Settings\misterbroder\Programdata\BitTorrent 2007-11-27 21:18 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-11-27 21:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2007-11-24 18:10 --------- d-----w C:\Programfiler\MSN Messenger 2007-11-23 15:45 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-11 02:33 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-10-19 16:50 278,695,200 ----a-w C:\Programfiler\TmNationsESWC_Setup.exe 2007-10-19 16:25 45,061,977 ----a-w C:\Programfiler\TmNationsESWC_Setup.exe.part 2007-10-12 23:50 --------- d-----w C:\Programfiler\NASA 2007-10-12 20:29 --------- d-----w C:\Programfiler\MSXML 4.0 2007-10-11 17:04 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-10-11 17:01 --------- d-----w C:\Programfiler\Logitech 2007-10-11 17:01 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd 2007-10-11 17:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2007-10-10 17:29 --------- d-----w C:\Programfiler\Fellesfiler\DAZ 2007-10-07 21:36 --------- d-----w C:\Programfiler\Sierra On-Line 2007-10-07 21:25 --------- d-----w C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2007-10-07 20:53 --------- d-----w C:\Programfiler\Google 2007-10-07 18:24 --------- d-----w C:\Programfiler\BitTorrent_DNA 2007-10-06 14:51 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-10-06 14:51 --------- d-----w C:\Documents and Settings\misterbroder\Programdata\Logitech 2007-10-06 14:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-10-06 14:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-10-06 14:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-10-06 12:56 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2007-10-05 18:43 17,119 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-10-05 18:43 --------- d-----w C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor 2007-10-05 18:43 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-10-04 17:59 --------- d-----w C:\Documents and Settings\misterbroder\Programdata\AdobeUM 2007-10-04 13:45 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 13:45 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 13:45 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 13:45 --------- d-----w C:\Programfiler\Symantec 2007-10-03 22:18 --------- d-----w C:\Programfiler\Realtek 2007-10-03 21:29 --------- d-----w C:\Programfiler\NVIDIA Corporation 2007-10-03 13:44 --------- d-----w C:\Programfiler\THQ 2007-10-03 04:19 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-10-03 04:18 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-10-02 21:26 --------- d-----w C:\Programfiler\microsoft frontpage 2007-10-02 21:25 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-10-02 21:25 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-10-02 21:25 --------- d-----w C:\Programfiler\Elektroniske tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}] 2007-11-24 14:15 106496 --a------ C:\Programfiler\Snyuronv\sbjjhkie.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}] 2007-11-24 14:14 39424 --a------ C:\WINDOWS\system32\yayabby.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-25 13:00] "BitTorrent DNA"="C:\Programfiler\BitTorrent_DNA\dna.exe" [2007-10-07 19:24] "BitTorrent"="E:\Programfiler\BitTorrent\bittorrent.exe" [2007-09-19 00:37] "Steam"="e:\programfiler\steam\steam.exe" [2007-11-15 23:10] "Pando"="C:\Programfiler\Pando Networks\Pando\pando.exe" [2007-11-02 16:36] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2003-04-25 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="E:\Programfiler\Norton Internet Security\osCheck.exe" [2007-01-14 00:11] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58] "LVCOMSX"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" [2006-11-15 21:01] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "QuickTime Task"="E:\Programfiler\QuickTime\QTTask.exe" [2007-10-19 20:16] "NetLimiter"="E:\Programfiler\NetLimiter\NetLimiter.exe" [2004-03-31 14:23] "au"="C:\Programfiler\Dealio\DealioAU.exe" [2007-10-09 12:47] "NvMediaCenter"="RUNDLL32.exe" [2003-04-25 13:00 C:\WINDOWS\system32\rundll32.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 09:14 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 09:26 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-25 13:00] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-06 15:51:00] Logitech SetPoint.lnk - E:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-10-06 15:49:57] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}"= C:\WINDOWS\system32\yayabby.dll [2007-11-24 14:14 39424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabby] yayabby.dll 2007-11-24 14:14 39424 C:\WINDOWS\system32\yayabby.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\System32\drivers\OVSound2.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\System32\Drivers\LUsbFilt.Sys R3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\System32\DRIVERS\OVCE.sys S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\System32\DRIVERS\rt2500usb.sys S3 XDva045;XDva045;\??\C:\WINDOWS\system32\XDva045.sys . Contents of the 'Scheduled Tasks' folder "2007-11-23 17:28:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-11-26 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - misterbroder.job" - E:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 22:34:31 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 22:36:48 - machine was rebooted . --- E O F --- SUPERAntiSpyware (SAS) logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/27/2007 at 11:05 PM Application Version : 3.9.1008 Core Rules Database Version : 3351 Trace Rules Database Version: 1350 Scan type : Complete Scan Total Scan Time : 00:23:55 Memory items scanned : 552 Memory threats detected : 2 Registry items scanned : 5208 Registry threats detected : 18 File items scanned : 32402 File threats detected : 16 Adware.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\YAYABBY.DLL C:\WINDOWS\SYSTEM32\YAYABBY.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayabby C:\WINDOWS\SYSTEM32\SSQPMLK.DLL C:\WINDOWS\SYSTEM32\TUVVWVS.DLL Adware.Vundo Variant C:\WINDOWS\SYSTEM32\JKKJJ.DLL C:\WINDOWS\SYSTEM32\JKKJJ.DLL HKLM\Software\Classes\CLSID\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} HKCR\CLSID\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} HKCR\CLSID\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}\InprocServer32 HKCR\CLSID\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{F53E2093-AF92-49E9-BD3A-B2B33B726536} HKCR\CLSID\{F53E2093-AF92-49E9-BD3A-B2B33B726536} HKCR\CLSID\{F53E2093-AF92-49E9-BD3A-B2B33B726536}\InprocServer32 HKCR\CLSID\{F53E2093-AF92-49E9-BD3A-B2B33B726536}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F53E2093-AF92-49E9-BD3A-B2B33B726536} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} HKCR\CLSID\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B} Trojan.Downloader-Gen/MobRules HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E} HKCR\CLSID\{158A95B4-1F79-3B06-78BF-0424CDB17C2E} HKCR\CLSID\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}\InprocServer32 HKCR\CLSID\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}\InprocServer32#ThreadingModel HKCR\CLSID\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}\InprocServer32#t C:\PROGRAMFILER\SNYURONV\SBJJHKIE.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D071876-8D98-4C90-B619-AFB97DFFBA11}\RP8\A0020057.DLL Trojan.Downloader-Gen/JLove C:\PROGRAMFILER\AHQROFSD\UFWXGPWF.DLL Malware.Ultimate Defender C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TNRTMWUK\TNRTMWUK1.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TNRTMWUK\TNRTMWUK2.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TNRTMWUK\TNRTMWUK3.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D071876-8D98-4C90-B619-AFB97DFFBA11}\RP8\A0020058.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D071876-8D98-4C90-B619-AFB97DFFBA11}\RP8\A0020059.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D071876-8D98-4C90-B619-AFB97DFFBA11}\RP8\A0020060.EXE Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D071876-8D98-4C90-B619-AFB97DFFBA11}\RP8\A0020072.DLL Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\JJKKJ.INI BearShare File Sharing Client E:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:46, on 27.11.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programfiler\BitTorrent_DNA\dna.exe E:\Programfiler\BitTorrent\bittorrent.exe C:\Programfiler\Pando Networks\Pando\pando.exe E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe E:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\notepad.exe C:\Documents and Settings\misterbroder\Skrivebord\Anti ANTI anti-anti-anti\Hijackthis\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb124\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Programfiler\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Programfiler\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb124\Dealio.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "E:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NetLimiter] E:\Programfiler\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [bitTorrent] "E:\Programfiler\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [steam] "e:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [Pando] "C:\Programfiler\Pando Networks\Pando\pando.exe" /Minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\misterbroder\Programdata\Dealio\kb124\res\DealioSearch.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb124\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb124\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191780595562 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\SrvLnch\SrvLnch.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 10920 bytes Venter spent! Redigert: Endret datamaskinnavn i loggene. Endret 27. november 2007 av BorN Lenke til kommentar
norbat Skrevet 27. november 2007 Del Skrevet 27. november 2007 (endret) Åpne notisblokk, kopier inn det som er i fet skrift under, lagre fila som regfixbror.reg og legg den på skrivebordet. Dobbeltklikk på fila og si ja til å legge til informasjonen: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{CDEFFD4C-B15D-4C79-8500-0ED4CF6AC68B}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabby] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=- Ut over dette ser loggene greie. VIKTIG: Deretter går du på Windows Update og oppdaterer PC-en (inkl. SP2) Endret 27. november 2007 av norbat Lenke til kommentar
BorN Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 Takk, du er en kjernekar! Her er også den valgfrie loggen fra Rootchk / Rootkit som gjelder min brors PC. Men den fant ikke noe? ********************************* ROOTCHK-(25-11-07)-LOG, by ejvindh 27.11.2007 23:37:37,95 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 23:37:38 Windows 5.1.2600 Service Pack 1 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Kommer med logger fra foreldras PC så fort som den er ferdig også. Lenke til kommentar
BorN Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 (endret) Resultater, mine Foreldres trege PC: ComboFix logg: ComboFix 07-11-19.4 - Datamaskinnavn 2007-11-27 22:23:47.1 - FAT32x86 Running from: C:\Documents and Settings\Datamaskinnavn\KNOPPIX_V3.9-2005-05-27-EN3333\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 21:54 <DIR> dr-h----- C:\Documents and Settings\Datamaskinnavn\Siste 2007-10-30 10:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Ankiro 2007-10-30 10:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Application 2007-10-30 10:19 <DIR> d-------- C:\Programfiler\SPAMfighter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-30 17:18 --------- d-----w C:\Programfiler\Pivot Stickfigure Animator 2007-09-29 00:26 --------- d-----w C:\Programfiler\MSXML 4.0 2005-01-09 13:55 2,148 ----a-w C:\Documents and Settings\Datamaskinnavn\minf.dat 2003-03-25 11:33 13,068,936 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe 2003-03-25 11:33 13,068,936 ----a-r C:\Documents and Settings\Datamaskinnavn\mpsetup.exe 2003-03-25 11:33 13,068,936 ----a-r C:\Documents and Settings\Default User\mpsetup.exe 2004-12-06 15:14 57,344 --sha-w C:\WINDOWS\lbbho.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}] 2006-07-18 22:20 111616 --a------ C:\WINDOWS\VirtualDNS.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3}] 2004-12-06 16:14 57344 --ahs---- C:\WINDOWS\lbbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [] "MedievalLords_ML.exe"="D:\Tore\Program\MEDIEV~1.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 10:54] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 08:51] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06] "SPAMfighter Agent"="C:\Programfiler\SPAMfighter\SFAgent.exe" [2007-10-25 15:29] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03] "ALUAlert"="C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe" [2004-12-14 12:24] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 08:51] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 09:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-02-11 01:51 118784 --a------ C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-11 01:55 155648 --a------ C:\WINDOWS\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-03-14 19:05 257088 --a------ C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2004-01-20 11:45 1757184 --a------ C:\WINDOWS\kdx\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] Alaunch [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2004-07-05 18:52 315392 --a------ C:\Programfiler\Launch Manager\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau] C:\Programfiler\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-21 11:52 40960 --a------ C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2004-12-06 21:31 36975 --a------ C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2004-05-20 19:57 532480 --a------ C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2004-05-20 19:57 98304 --a------ C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] C:\Programfiler\WildTangent\Apps\CDA\GameDrvr.exe /startup C:\Programfiler\WildTangent\Apps\CDA\cdaEngine0500.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccPwdSvc"=3 (0x3) "MDM"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "anbmService"=2 (0x2) "iPodService"=3 (0x3) R1 SMBHC;Vertskontrollerdriver for Microsoft SM Bus;C:\WINDOWS\system32\DRIVERS\SMBHC.sys R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programfiler\SPAMfighter\sfus.exe R2 X4HS32;X4HS32;\??\C:\Programfiler\EXEtender\X4HS32.Sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys R3 SMBBATT;Driver for Microsoft Smart Battery;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys S1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys . Contents of the 'Scheduled Tasks' folder "2007-11-27 18:41:02 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE "2005-05-24 14:42:04 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" "2005-05-24 14:42:30 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job" "2005-09-18 13:52:52 C:\WINDOWS\Tasks\dfrg.job" - C:\WINDOWS\system32\dfrg.msc . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 22:31:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 22:36:05 - machine was rebooted . --- E O F --- SUPERAntiSpyware logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/27/2007 at 11:50 PM Application Version : 3.9.1008 Core Rules Database Version : 3351 Trace Rules Database Version: 1350 Scan type : Complete Scan Total Scan Time : 00:50:51 Memory items scanned : 436 Memory threats detected : 0 Registry items scanned : 5506 Registry threats detected : 33 File items scanned : 36720 File threats detected : 9 Trojan.VirtualDNS HKLM\Software\Classes\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6} HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6} HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6} HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}#AppID HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\Control HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\InprocServer32 HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\InprocServer32#ThreadingModel HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\MiscStatus HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\MiscStatus\1 HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\ProgID HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\ToolboxBitmap32 HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\TypeLib HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\Version HKCR\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}\VersionIndependentProgID C:\WINDOWS\VIRTUALDNS.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6} Adware.RelatedLinks HKLM\Software\Classes\CLSID\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3} HKCR\CLSID\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3} HKCR\CLSID\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3} HKCR\CLSID\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3}\InprocServer32 HKCR\CLSID\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3}\InprocServer32#ThreadingModel C:\WINDOWS\LBBHO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3} Adware.IWantSearchBar HKU\S-1-5-21-56604596-3095290957-2122901767-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Trojan.CWS/HWY HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} Adware.Tracking Cookie C:\Documents and Settings\Datamaskinnavn\Cookies\Datamaskinnavn@tradedoubler[2].txt C:\Documents and Settings\Datamaskinnavn\Cookies\[email protected][2].txt C:\Documents and Settings\Datamaskinnavn\Cookies\Datamaskinnavn@adtech[1].txt C:\Documents and Settings\Datamaskinnavn\Cookies\[email protected][2].txt C:\Documents and Settings\Datamaskinnavn\Cookies\[email protected][1].txt C:\Documents and Settings\Datamaskinnavn\Cookies\Datamaskinnavn@casalemedia[1].txt Adware.IST/ISTBar (Slotch Bar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{386A771C-E96A-421F-8BA7-32F1B706892F} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ISTactivex.dll [ ] HKU\S-1-5-21-56604596-3095290957-2122901767-1005\Software\Microsoft\Internet Explorer\Main#BandRest HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest Trojan.NewDotNet HKU\.DEFAULT\Software\New.net HKU\S-1-5-19\Software\New.net HKU\S-1-5-18\Software\New.net Adware.IST/YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [ ] C:\WINDOWS\Downloaded Program Files\ysbactivex.inf Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:16:16, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam\Quickcam.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\SPAMfighter\SFAgent.exe C:\Programfiler\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Datamaskinnavn\KNOPPIX_V3.9-2005-05-27-EN3333\Skrivebord\Hijackthis - brukt\Test.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.start.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Programfiler\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MedievalLords_ML.exe] D:\Tore\Program\MEDIEV~1.EXE /r O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099684035124 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab O16 - DPF: {76E11BD9-E2F5-4F12-9922-A372B26B0F56} (tabCtl Class) - http://hk.tine.no/komponent/ddTabHandler.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programfiler\SPAMfighter\sfus.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - http://www.sparebank1.no/weblink/felles/wl..._Beregn_OTP.jpg -- End of file - 9849 bytes Redigert: Dobbelpost indeed. Jeg er oppmerksom på det - men for sent. Redigert2: Endret datamaskinnavn i loggene. Endret 27. november 2007 av BorN Lenke til kommentar
norbat Skrevet 28. november 2007 Del Skrevet 28. november 2007 (endret) Foreldrenes pc: Vurder om SweetIM er noe dere må ha. Hvis ikke, avinstaller fra legg til / fjern programmer. Bruk utforsker etterpå til å slette mappa: C:\Programfiler\Macrogaming Vi skal fix noe i registeret, så gjør følgende: Åpne notisblokk og kopier inn det som er i fet tekst under, lagre fila som regfixforeldre.reg, dobbeltklikk på fila og si ja til å legge til info.... Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C80EE6D1-9A7C-46AD-9B2A-ABE18CBBA3B3}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] Bruk utforsker til å finne og slette fila (i fet): C:\WINDOWS\lbbho.dll Restart PC-en Post ny hjt-logg. Det kjøres både Norton og AVG. Hvilket av-prog er det som brukes? Endret 28. november 2007 av norbat Lenke til kommentar
BorN Skrevet 28. november 2007 Forfatter Del Skrevet 28. november 2007 (endret) SweetIM er absolutt noe vi ikke behøver, så den skal bli slettet. Norton er tidligere "slettet", og AVG Free er av-programmet som blir brukt. Må ordne brannmur på denne maskina ser jeg nå. Kommer med hijackthis-logg senere idag etter å ha gjort endringene. Redigert: SweetIM fantes ikke i legg til / fjern programmer. Heller ikke fant jeg mappa C:\Programfiler\Macrogaming. Registerendringen er utført. Fant heller ikke C:\WINDOWS\lbbho.dll. (skjulte filer og systemfiler er satt til å vises) Fant bare en harmløs lbbho.ini i C:\Windows-mappa som i notepad viser denne linja: <root time="31" guid="5A1C4235-659D-4FBD095B8-4A511B7C1486" dayerr="27"/> Må stikke snart, tror ikke jeg får posta hijackthis-logg før denne Treige maskina har rukket å restarte seg... Endret 28. november 2007 av BorN Lenke til kommentar
BorN Skrevet 29. november 2007 Forfatter Del Skrevet 29. november 2007 Hijackthis-logg fra mine foreldres PC: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:35:49, on 29.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam\Quickcam.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\SPAMfighter\SFAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Documents and Settings\datamaskinnavn\KNOPPIX_V3.9-2005-05-27-EN3333\Skrivebord\Hijackthis - brukt\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.start.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Programfiler\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MedievalLords_ML.exe] D:\Tore\Program\MEDIEV~1.EXE /r O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099684035124 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab O16 - DPF: {76E11BD9-E2F5-4F12-9922-A372B26B0F56} (tabCtl Class) - http://hk.tine.no/komponent/ddTabHandler.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programfiler\SPAMfighter\sfus.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - http://www.sparebank1.no/weblink/felles/wl..._Beregn_OTP.jpg -- End of file - 9646 bytes Lenke til kommentar
norbat Skrevet 29. november 2007 Del Skrevet 29. november 2007 (endret) GÅ til Start->Kjør Skriv: services.msc Finn følgende tjenester, stopp dem, høyreklikk og velg Egenskaper. Under oppstartstype velger du Deaktivert: Norman API-hooking helper (NipSvc) Symantec Network Drivers Service (SNDSrvc) SymWMI Service (SymWSC) Kjør deretter HJT og fix følgende linjer (de du finner): R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Bruk utforsker til å finne og slett (i fet): C:\Norman C:\Programfiler\Fellesfiler\Symantec Shared Etter dette ser ting og tang fint ut. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Endret 29. november 2007 av norbat Lenke til kommentar
BorN Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 Takk, har nå send e-post tilbake til Telenor om at PC-ene nå er renset og klare til å koble helt og fullt til internett Lenke til kommentar
Januar333 Skrevet 4. desember 2007 Del Skrevet 4. desember 2007 Bar låner tråden litt nå som han har fått fikset pcen sin.. Noen som gidder å se om jeg noe "skrot" på pcen min Logfile of Trend Micro HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:32, on 04.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Zinio\ZinioDeliveryManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Combined Community Codec Pack\Zoom Player\zplayer.exe C:\Programfiler\GrabIt\GrabIt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Fredrik Versland\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [Zinio DLM] C:\Programfiler\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "E:\spill\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe -- End of file - 7050 bytes Lenke til kommentar
norbat Skrevet 4. desember 2007 Del Skrevet 4. desember 2007 freddy85 Det beste er alltid å starte en egen tråd i denne delen av forumet, men når du først er innom: Loggen din ser fin ut. Ingen ting der som viser at du er infisert av noe. Har som vane å si at følgende linje kan fixes med hjt (start hjt, velg "Do a system scan only", sett merke framfor linja og klikk Fix checked) : O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE (se info: http://www.castlecops.com/s5306-alcmtr.html) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå