Athikez Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 (endret) Som emnetittel sier så trenger jeg hjelp til å fjerne virus. Bruker da NOD32 som antivirus system, og har fått varsel om følgende virus på maskinen; - WIN32/Adware.Ezula.application - WIN32/Adware.Virtumonde.application Da jeg fikk beskjeden så blokerte jeg og slettet filer som kom opp i varselvindu. Har også gjort en såkalt in-depth analysis, fikk en rapport om at det var ingen virus på maskinen rapportet. Men jeg er ikke helt sikker på om viruset er helt borte. Kanskje noe er lagret på windows registeret? Kan noen sjekke det for meg? Her en logg ifra Hijackthis, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:18, on 09.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\NetLimiter\NetLimiter.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\Dit.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Athavan\Skrivebord\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NetLimiter] C:\Programfiler\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [3COM] "C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Programfiler\SpeedFan\speedfan.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195963234144 O17 - HKLM\System\CCS\Services\Tcpip\..\{6D984122-8ACF-4A3C-99CF-E0A13F69941B}: NameServer = 10.0.0.138 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4469 bytes Endret 9. desember 2007 av Adda Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Vi tar en ekstra runde: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg (Før du kjører hjt, forandrer du programnavnet, hijackthis, til noe annet eks. adda) Lenke til kommentar
Athikez Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 Nå har jeg gjort det du ba meg! Ser ut etter loggen at combofix fjernet noen av filene på systemet. logg combfix: ComboFix 07-12-09.1 - Athavan 2007-12-09 22:59:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.546 [GMT 1:00] Running from: C:\Documents and Settings\Athavan\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\mlkkj.bak1 C:\WINDOWS\system32\mlkkj.bak2 C:\WINDOWS\system32\mlkkj.ini C:\WINDOWS\system32\qomkhig.dll C:\WINDOWS\system32\upelacor.dll . ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-09 19:00 . 2007-12-09 19:00 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2007-12-08 00:03 . 2007-12-08 00:03 <DIR> d-------- C:\Programfiler\MSXML 4.0 2007-12-07 18:54 . 2007-12-07 19:14 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\Mp3tag 2007-12-07 18:53 . 2007-12-07 18:54 <DIR> d-------- C:\Programfiler\Mp3tag 2007-12-06 12:47 . 2007-12-06 12:47 <DIR> d-------- C:\Programfiler\PhonePoint 2007-12-05 16:19 . 2007-12-05 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield 2007-12-05 12:46 . 2003-12-12 12:16 266,240 -r------- C:\WINDOWS\Dit.DLL 2007-12-05 12:46 . 2004-08-05 19:28 90,112 --a------ C:\WINDOWS\Dit.exe 2007-12-05 12:46 . 2003-07-11 10:31 61,440 --a------ C:\WINDOWS\DitExp.exe 2007-12-05 12:46 . 2007-12-08 14:28 17,408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-12-05 12:46 . 2004-07-19 08:46 639 -r------- C:\WINDOWS\ICCLR.INF 2007-12-05 12:46 . 2004-09-30 02:58 269 -r------- C:\WINDOWS\Dit.INI 2007-12-05 12:26 . 2007-12-07 17:42 <DIR> d--hs---- C:\Documents and Settings\Athavan\Phone Browser 2007-12-05 11:28 . 2007-12-05 11:28 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\Nokia Multimedia Player 2007-12-05 11:21 . 2007-12-05 11:21 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\Leadertech 2007-12-04 21:21 . 2007-12-04 21:31 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2007-12-04 21:20 . 2007-12-04 21:31 <DIR> d-------- C:\Programfiler\Mobiola Video Converter 2007-12-04 17:18 . 2007-12-04 17:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-12-03 23:04 . 2007-12-03 23:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Symbian 2007-12-03 21:53 . 2007-12-03 21:53 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\AdobeUM 2007-12-03 21:53 . 2007-12-03 21:53 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\AdobeAUM 2007-12-03 21:49 . 2007-12-03 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nokia 2007-12-03 21:34 . 2007-12-03 21:34 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2007-12-03 21:34 . 2007-12-03 21:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2007-12-03 21:33 . 2007-12-03 21:33 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2007-12-03 21:31 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-12-03 21:31 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-12-03 21:31 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-12-03 21:31 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-12-03 21:31 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-12-03 21:20 . 2007-12-03 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2007-12-03 21:19 . 2007-12-03 21:34 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-03 21:19 . 2007-12-05 16:17 <DIR> d-------- C:\Programfiler\Nokia 2007-12-03 21:19 . 2007-12-03 21:19 <DIR> d-------- C:\Programfiler\DIFX 2007-12-03 21:19 . 2007-12-03 21:42 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\PC Suite 2007-12-03 21:19 . 2007-12-05 11:28 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\Nokia 2007-12-03 21:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-12-03 21:18 . 2007-12-03 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations 2007-11-29 15:58 . 2007-11-29 15:58 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\Media Player Classic 2007-11-29 15:57 . 2007-11-29 15:57 38 --a------ C:\WINDOWS\avisplitter.INI 2007-11-29 15:52 . 2007-11-29 15:52 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack 2007-11-27 16:02 . 2007-11-27 16:02 <DIR> d-------- C:\Programfiler\Opera 2007-11-27 15:57 . 2007-12-08 22:23 <DIR> d-------- C:\Programfiler\Steam 2007-11-27 15:16 . 2007-11-27 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Programfiler\euPOD_Pro 2007-11-27 15:14 . 2007-11-27 15:14 <DIR> d-------- C:\Programfiler\NetLimiter 2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\LockTime 2007-11-27 15:11 . 2007-11-27 15:10 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-27 15:11 . 2007-11-27 15:10 270,336 --a------ C:\WINDOWS\system32\imon.dll 2007-11-27 13:44 . 2007-11-27 13:44 <DIR> d-------- C:\Programfiler\3Com 2007-11-27 13:44 . 2006-01-17 17:35 402,944 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys 2007-11-27 13:44 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll 2007-11-27 13:44 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys 2007-11-27 13:44 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys 2007-11-27 13:44 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll 2007-11-27 13:44 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe 2007-11-27 13:44 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-11-27 13:44 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-11-27 13:44 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys 2007-11-27 13:44 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL 2007-11-25 16:31 . 2007-12-09 23:04 <DIR> d-------- C:\Programfiler\SpeedFan 2007-11-25 16:31 . 2007-11-25 23:21 <DIR> d-------- C:\Programfiler\OCCT 2007-11-25 16:31 . 2007-11-25 16:31 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2007-11-25 14:55 . 2007-01-12 10:54 10,848 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys 2007-11-25 14:44 . 2007-11-25 14:44 <DIR> d-------- C:\Programfiler\MSXML 6.0 2007-11-25 14:24 . 2007-11-25 14:24 <DIR> d-------- C:\Documents and Settings\Athavan\Programdata\ATI 2007-11-25 14:24 . 2007-11-25 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI 2007-11-25 14:21 . 2007-11-01 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-11-25 12:39 . 2007-11-25 12:39 <DIR> d-------- C:\Programfiler\MSBuild 2007-11-25 12:35 . 2007-11-25 14:43 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-25 12:35 . 2007-11-25 12:35 <DIR> d-------- C:\Programfiler\Reference Assemblies 2007-11-25 12:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-25 12:31 . 2007-11-25 12:31 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2007-11-25 12:30 . 2007-11-25 12:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-11-25 12:30 . 2007-12-04 23:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-11-25 12:29 . 2007-11-25 14:14 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-11-25 05:08 . 2007-11-25 14:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-11-25 05:08 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-25 05:07 . 2007-11-26 18:24 169 --a------ C:\WINDOWS\RtlRack.ini 2007-11-25 05:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-11-25 05:01 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-11-25 05:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-11-25 05:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-11-25 05:01 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 15:17 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-05 15:17 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-11-25 13:54 --------- d-----w C:\Programfiler\Intel 2007-11-25 13:22 --------- d-----w C:\Programfiler\ATI Technologies 2007-11-25 03:57 --------- d-----w C:\Programfiler\ICE 2007-11-25 03:35 --------- d-----w C:\Programfiler\U-ABIT 2007-11-25 03:35 --------- d-----w C:\Programfiler\ABIT 2007-11-25 03:35 --------- d-----w C:\Documents and Settings\Athavan\Programdata\InstallShield 2007-11-25 03:31 --------- d-----w C:\Programfiler\Realtek Sound Manager 2007-11-25 03:31 --------- d-----w C:\Programfiler\Realtek AC97 2007-11-25 03:31 --------- d-----w C:\Programfiler\AvRack 2007-11-25 03:08 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-25 03:07 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-11-25 03:07 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-25 02:36 --------- d-----w C:\Programfiler\Silicon Image 2007-11-25 02:24 --------- d-----w C:\Programfiler\microsoft frontpage 2007-11-25 02:22 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-11-25 02:21 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-11-25 02:21 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "3COM"="C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" [2006-05-09 10:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\soundman.exe] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-11-27 15:10] "NetLimiter"="C:\Programfiler\NetLimiter\NetLimiter.exe" [2007-11-27 15:14] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "Dit"="Dit.exe" [2004-08-05 19:28 C:\WINDOWS\Dit.exe] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35] C:\Documents and Settings\Athavan\Start-meny\Programmer\Oppstart\ SpeedFan.lnk - C:\Programfiler\SpeedFan\speedfan.exe [2007-09-17 18:04:02] R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys R3 ZD1211BU(3COM Corporation);3Com OfficeConnect Wireless 54Mbps 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);C:\WINDOWS\system32\DRIVERS\adusbser65.sys S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 Memctl;Memctl;\??\C:\Programfiler\U-ABIT\FlashMenu\Memctl.sys . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Programfiler\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\Athavan\LOKALE~1\Temp\ajhoyoxo.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 23:04:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-09 23:05:28 - machine was rebooted . --- E O F --- logg ifra ny HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:58:15, on 09.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\NetLimiter\NetLimiter.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Athavan\Skrivebord\HiJackThis\adda.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NetLimiter] C:\Programfiler\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [3COM] "C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Programfiler\SpeedFan\speedfan.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195963234144 O17 - HKLM\System\CCS\Services\Tcpip\..\{6D984122-8ACF-4A3C-99CF-E0A13F69941B}: NameServer = 10.0.0.138 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4732 bytes Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Sjekk etterpå om følgende fil ligger der: C:\DOCUME~1\Athavan\LOKALE~1\Temp\ajhoyoxo.dll. Hvis, så slett den. Ut over dette ser loggene fine ut. Det du kan gjøre er følgende: Nullstill gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Oppdater NOD og kjør en full scan. Gi tilbakemelding på om det fortsatt finner noe, hva, og evt. hvor det ligger. Lenke til kommentar
Athikez Skrevet 10. desember 2007 Forfatter Del Skrevet 10. desember 2007 Nå har jeg gjort alt det du ba om igjen... Kjørte NOD32 Virusscan igjen, fikk ikke beskjed om noe virus. Ser ut som filen som du refererte til er også slettet. Virker som viruset er helt fjernet ifra maskinen! Takk fo hjelpen! Jeg bruker nå NOD32 som antivirus program, har du noen andre alternativer som du anbefaler? Virker som du har god peiling på slikt;) Grunnen til jeg bruker NOD32 er fordi jeg brukte Norton før, og det brukte altfor mye ressuser og slikt og maskinen fungerte rimelig tregt. Gikk over til NOD32 er fornøyd, men har en følese av at det finnes andre programer som er bedre og bruker kanskje mindre ressuser? Lenke til kommentar
norbat Skrevet 10. desember 2007 Del Skrevet 10. desember 2007 NOD32 er et bra av-prog, så det synes jeg du skal beholde. Når det kommer til spyware/adware, så finnes det bedre. Anbefaler SAS (gratisversjonen. Gratisversjonen har ikke sanntidsscanning, men den fungerer fint som manuel scanner også. Kjør den noen ganger i mnd) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå