Chris2407 Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 (endret) Hei!! Jeg har lasta ned en fil, som jeg tror er et virus. Nå finnner jeg ikke igjen fila, ser ut som om den har gjemt seg ett eller annet sted. Før fikk jeg en melding om at filen var i bruk og at det ikke gikk ann og slette den. Prøvde å bruke unlocker osv. uten at det hjalp. Nå i det siste har viruskontrollen begynt å skru seg av uten at jeg får skrudd den på igjen. Har fått hjelp av norton ett par ganger, men det tar bare noen få dager før den skrur seg av igjen. Tror ikke det er noe feil med norton produktet, men at jeg har fått et virus som slår den ut. Har kjørt et virussøk mens viruskontrollen er på, uten at den har fått noen treff.. Så lurte på om noen kunne hjelpe meg?? Helst steg for steg, siden jeg ikke kan så mye om slike ting, eller data generelt Endret 7. desember 2007 av Chris2407 Lenke til kommentar
norbat Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 Hei, og velkommen til forumet. Det er ikke uvanlig at virus/spyware kan forårsake det du opplever. Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Loggen kan fortelle hva/om det ligger noe på PC-en som ikke bør være der. Lenke til kommentar
Chris2407 Skrevet 8. desember 2007 Forfatter Del Skrevet 8. desember 2007 Hei takk for at du svarer!! Her er loggen.. Logfile of HijackThis v1.99.1 Scan saved at 13:57:38, on 08.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Rar$EX01.859\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Lenke til kommentar
norbat Skrevet 8. desember 2007 Del Skrevet 8. desember 2007 Loggen viser ingen spesielle ting, så vi tar en annen variant: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Husker du hva den fila het? Lenke til kommentar
Chris2407 Skrevet 8. desember 2007 Forfatter Del Skrevet 8. desember 2007 HUsker ikke hva fila heter!! Og jeg klarer ikke å finne den igjen, ser ut som den har gjemt seg ett eller annet sted Her er loggen: ComboFix 07-12-08.1 - Christoffer 2007-12-08 14:40:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1123 [GMT 1:00] Running from: C:\Documents and Settings\Christoffer\Local Settings\Temporary Internet Files\Content.IE5\QMT3GJ92\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000014_.tmp.dll C:\WINDOWS\system32\_000019_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-04 21:09 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL 2007-12-03 22:09 . 2007-12-03 22:09 <DIR> d-------- C:\Program Files\vghd 2007-12-03 22:09 . 2007-12-03 22:09 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\vghd 2007-12-03 16:45 . 2007-12-03 16:45 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\SupportSoft 2007-12-01 22:20 . 2007-12-01 22:20 <DIR> d-------- C:\Program Files\TVAnts 2007-12-01 22:04 . 2007-12-01 22:22 <DIR> d-------- C:\Program Files\SopCast 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-27 08:20 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-11-27 08:20 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-11-27 08:20 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-11-26 16:42 . 2007-11-27 08:31 <DIR> d-------- C:\Program Files\Norton 360 2007-11-26 16:41 . 2007-12-05 15:31 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-26 16:41 . 2007-12-05 15:31 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-26 16:40 . 2007-12-05 15:31 <DIR> d-------- C:\Program Files\Symantec 2007-11-11 16:48 . 2004-08-04 09:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-11-11 16:48 . 2004-08-04 09:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-11-11 16:48 . 2004-08-04 09:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-11-11 16:48 . 2004-08-04 09:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-11-11 16:48 . 2004-08-04 09:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-11-11 16:48 . 2004-08-04 09:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2007-11-10 11:19 . 2007-11-10 11:19 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\Symantec 2007-11-09 19:00 . 2007-11-26 17:00 16 --a------ C:\WINDOWS\system32\coh.cache 2007-11-09 18:49 . 2007-12-05 15:31 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-09 18:49 . 2007-12-05 15:31 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-09 18:35 . 2007-11-09 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-08 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-06 19:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-22 22:12 --------- d-----w C:\Program Files\BitComet 2007-11-03 16:47 --------- d-----w C:\Program Files\HP 2007-11-03 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-11-03 16:46 --------- d-----w C:\Program Files\Common Files\HP 2007-11-03 16:44 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-03 16:43 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-10-28 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-28 17:58 --------- d-----w C:\Program Files\Sierra Entertainment 2007-10-20 15:17 --------- d--h--r C:\Documents and Settings\Christoffer\Application Data\SecuROM 2007-10-20 15:14 --------- d-----w C:\Program Files\Sports Interactive 2007-10-19 14:47 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-19 14:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-15 19:21 --------- d-----w C:\Program Files\Picasa2 2007-10-15 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-10-12 21:10 --------- d-----w C:\Documents and Settings\Christoffer\Application Data\Winamp 2007-10-12 19:22 --------- d-----w C:\Program Files\Winamp 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36] "36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 17:23] "Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 13:49] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 21:49 C:\WINDOWS\RTHDCPL.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 07:23] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" *Newly Created Service* - COMHOST . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\cwhklpqq.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 14:45:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-08 14:48:26 - machine was rebooted . --- E O F --- Lenke til kommentar
norbat Skrevet 8. desember 2007 Del Skrevet 8. desember 2007 Denne fila, C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\cwhklpqq.dll skal bort. Den ligger i temp-mappa og kan antakelig fjernes vha. bla. programmet CCleaner: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Deretter laster du den SAS (gratisversjonen), installerer, oppdaterer og kjører en full (complete) scan. Post gjerne loggen den lager (preferences->statistics/logs). Lenke til kommentar
Chris2407 Skrevet 8. desember 2007 Forfatter Del Skrevet 8. desember 2007 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/08/2007 at 09:28 PM Application Version : 3.9.1008 Core Rules Database Version : 3358 Trace Rules Database Version: 1357 Scan type : Complete Scan Total Scan Time : 00:34:44 Memory items scanned : 701 Memory threats detected : 0 Registry items scanned : 5589 Registry threats detected : 0 File items scanned : 40660 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt Lenke til kommentar
norbat Skrevet 8. desember 2007 Del Skrevet 8. desember 2007 Ok, Da kjører du en runde med Combofix igjen og post loggen. Lenke til kommentar
Chris2407 Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 ComboFix 07-12-09.1 - Christoffer 2007-12-09 11:03:19.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT 1:00] Running from: C:\Documents and Settings\Christoffer\Local Settings\Temporary Internet Files\Content.IE5\1DJX3SOV\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-08 20:51 . 2007-12-08 21:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-08 20:51 . 2007-12-08 20:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-08 20:51 . 2007-12-08 20:51 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\SUPERAntiSpyware.com 2007-12-08 20:51 . 2007-12-08 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-08 20:48 . 2007-12-08 20:48 <DIR> d-------- C:\Program Files\CCleaner 2007-12-04 21:09 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL 2007-12-03 22:09 . 2007-12-09 11:01 <DIR> d-------- C:\Program Files\vghd 2007-12-03 16:45 . 2007-12-03 16:45 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\SupportSoft 2007-12-01 22:20 . 2007-12-01 22:20 <DIR> d-------- C:\Program Files\TVAnts 2007-12-01 22:04 . 2007-12-01 22:22 <DIR> d-------- C:\Program Files\SopCast 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-27 08:20 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-11-27 08:20 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-11-27 08:20 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-11-26 16:42 . 2007-11-27 08:31 <DIR> d-------- C:\Program Files\Norton 360 2007-11-26 16:41 . 2007-12-05 15:31 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-26 16:41 . 2007-12-05 15:31 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-26 16:40 . 2007-12-05 15:31 <DIR> d-------- C:\Program Files\Symantec 2007-11-11 16:48 . 2004-08-04 09:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-11-11 16:48 . 2004-08-04 09:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-11-11 16:48 . 2004-08-04 09:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-11-11 16:48 . 2004-08-04 09:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-11-11 16:48 . 2004-08-04 09:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-11-11 16:48 . 2004-08-04 09:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2007-11-10 11:19 . 2007-11-10 11:19 <DIR> d-------- C:\Documents and Settings\Christoffer\Application Data\Symantec 2007-11-09 19:00 . 2007-11-26 17:00 16 --a------ C:\WINDOWS\system32\coh.cache 2007-11-09 18:49 . 2007-12-05 15:31 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-09 18:49 . 2007-12-05 15:31 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-09 18:35 . 2007-11-09 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-09 09:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-22 22:12 --------- d-----w C:\Program Files\BitComet 2007-11-20 14:36 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll 2007-11-20 14:35 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll 2007-11-03 16:47 --------- d-----w C:\Program Files\HP 2007-11-03 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-11-03 16:46 --------- d-----w C:\Program Files\Common Files\HP 2007-11-03 16:44 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-03 16:43 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-10-28 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-28 17:58 --------- d-----w C:\Program Files\Sierra Entertainment 2007-10-20 15:17 --------- d--h--r C:\Documents and Settings\Christoffer\Application Data\SecuROM 2007-10-20 15:14 --------- d-----w C:\Program Files\Sports Interactive 2007-10-19 14:47 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-19 14:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-15 19:21 --------- d-----w C:\Program Files\Picasa2 2007-10-15 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-10-12 21:10 --------- d-----w C:\Documents and Settings\Christoffer\Application Data\Winamp 2007-10-12 19:22 --------- d-----w C:\Program Files\Winamp 2007-10-01 14:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-09-22 13:33 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll 2007-09-22 13:33 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-08_14.47.04.84 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-08 19:51:49 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2007-12-08 19:51:49 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2007-12-08 19:51:49 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36] "36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 17:23] "Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 13:49] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 21:49 C:\WINDOWS\RTHDCPL.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 07:23] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 11:05:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-09 11:06:31 C:\ComboFix2.txt ... 2007-12-08 14:48 . --- E O F --- Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Loggen ser grei ut. Plages du fortsatt? Lenke til kommentar
Chris2407 Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 Viruskontrollen fungerer akkurat nå, men kan jeg vente 1-2 dager og gi deg et svar da?? Det er litt sånn at en dag fungerer det å neste ikke Lenke til kommentar
Chris2407 Skrevet 14. desember 2007 Forfatter Del Skrevet 14. desember 2007 Ser ut til at den skrur seg av enda Har du noen andre ideer jeg kan prøve?? Lenke til kommentar
norbat Skrevet 14. desember 2007 Del Skrevet 14. desember 2007 Et lite skudd fra hofta, men verdt et forsøk allikevel: Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Den lager en logg som vi kan titte på. Evt. så kanskje Norton har en reparasjonsmodus i tilfelle det er noe med programmet som gir denne ustabiliteten. Lenke til kommentar
Chris2407 Skrevet 14. desember 2007 Forfatter Del Skrevet 14. desember 2007 afe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-14 17:15:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys00ea13361b9] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,3f,94,ff,b8,f2,2d,d3,d1,a6,35,a7,2e,f5,97,ae,fb,f9,91,ce,8f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,7f,c1,88,ae,44,aa,51,f8,13,cc,0c,68,41,4e,4f,25,e1,.. "khjeh"=hex:95,49,fd,be,0c,57,ce,3e,ff,b9,e2,d2,a0,b9,7c,fc,67,b6,7c,d9,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:31,09,27,6f,d3,62,df,92,d2,27,25,65,db,96,e0,1d,ff,dc,7a,48,49,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys00ea13361b9] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,3f,94,ff,b8,f2,2d,d3,d1,a6,35,a7,2e,f5,97,ae,fb,f9,91,ce,8f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,7f,c1,88,ae,44,aa,51,f8,13,cc,0c,68,41,4e,4f,25,e1,.. "khjeh"=hex:95,49,fd,be,0c,57,ce,3e,ff,b9,e2,d2,a0,b9,7c,fc,67,b6,7c,d9,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:31,09,27,6f,d3,62,df,92,d2,27,25,65,db,96,e0,1d,ff,dc,7a,48,49,.. scanning hidden registry entries ... scanning hidden files ... C:\Documents and Settings\Christoffer\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{276A33D4-CBD2-C0D8-49AC-4864E6273A0F}1\10-{276A33D4-CBD2-C0D8-49AC-4864E6273A0F}-v1-{1D366D37-2923-41EE-917D-2527A7BC2CA1}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Mon 15 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Thu 16 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 9 Dec 2007 1,714 ...HR --- "C:\Documents and Settings\Christoffer\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished! Jeg har allerede spurt Norton om hjelp 2-3 ganger. Og de har gitt meg instrukser om hva jeg kan gjøre, men det tar bare noen dager før det samme problemet oppstår Den ene gangen gikk de også inn og overstyrte PC-en!! Lenke til kommentar
norbat Skrevet 14. desember 2007 Del Skrevet 14. desember 2007 Kunne du ha sjekket om følgende fil ligger på pc: C:\WINDOWS\system32\muzapp.exe. Hvis, kan du laste den opp for en sjekk på følgende nettsted: http://virusscan.jotti.org/ Lenke til kommentar
Chris2407 Skrevet 14. desember 2007 Forfatter Del Skrevet 14. desember 2007 Sjekket den fila du sa. Men det var ingenting galt med den!!! Lenke til kommentar
norbat Skrevet 14. desember 2007 Del Skrevet 14. desember 2007 (endret) Hva med å prøve en onlinescanner. Kanskje den kan finne noe vi ikke ser. Housecall er en av flere onlinescannere du kan forsøke. Hvis det ikke finner noe av betydning, så er jeg usikker på hva som forårsaker dette. Reinstallering av av-programmet kanskje? En rootkit-sjekk: roochk.exe. Legg prog. på skrivebordet og kjør. Etter noen strakser får du en 'logg' som du evt. kan legge ut. Endret 15. desember 2007 av norbat Lenke til kommentar
Chris2407 Skrevet 19. desember 2007 Forfatter Del Skrevet 19. desember 2007 ********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh 19.12.2007 16:12:24,70 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 16:12:27 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys00ea13361b9] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,3f,94,ff,b8,f2,2d,d3,d1,a6,35,a7,2e,f5,97,ae,fb,f9,91,ce,8f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,7f,c1,88,ae,44,aa,51,f8,13,cc,0c,68,41,4e,4f,25,e1,.. "khjeh"=hex:95,49,fd,be,0c,57,ce,3e,ff,b9,e2,d2,a0,b9,7c,fc,67,b6,7c,d9,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:31,09,27,6f,d3,62,df,92,d2,27,25,65,db,96,e0,1d,ff,dc,7a,48,49,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys00ea13361b9] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,3f,94,ff,b8,f2,2d,d3,d1,a6,35,a7,2e,f5,97,ae,fb,f9,91,ce,8f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,7f,c1,88,ae,44,aa,51,f8,13,cc,0c,68,41,4e,4f,25,e1,.. "khjeh"=hex:95,49,fd,be,0c,57,ce,3e,ff,b9,e2,d2,a0,b9,7c,fc,67,b6,7c,d9,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:31,09,27,6f,d3,62,df,92,d2,27,25,65,db,96,e0,1d,ff,dc,7a,48,49,.. scanning hidden registry entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå