Har mistet "Kontrollpanel" og adminrettigheter

Littleman · 29. desember 2007

Er dypt fortvilet her jeg sitter. Har trolig fått et sinna virus på maskinen som jeg ikke får fjernet.

Kontrollpanelet mitt er borte, oppgavebehandling, egenskaper i Min Datamaskin, kjør funksjonen, etc er alle blokkert.

Får også hele tiden en advarsel som ser slik ut: "Warning! Potential Spyware operation!"

I tillegg så blir startsiden min forandret til hver gang jeg starter explorer.

Jeg får startet maskinen i sikker modus, og har da klart å kjøre Hijac This som har produsert denne loggen som jeg ikke skjønner noen ting av.

Kan noen hjelpe?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:05, on 2007-12-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04e\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [WinampAgent] D:\Programfiler\MusikkGreier\Winamp\winampa.exe

O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DW4] "C:\Programfiler\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] D:\Programfiler\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk570YYNO

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://gate.schibsted.no/dana-cached/setup...perSetupSP1.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

--

End of file - 8220 bytes

norbat · 29. desember 2007

Infeksjonen har nok satt på noen restriksjoner i Policies i registeret. Før vi knoter manuelt med dette kan vi prøve noen scanninger først.

Ser at du har Superantispyware. Har du kjørt den? Hvis ikke kan det være en fin start.

Deretter kjører du Combofix. Hvis det er denne PC-en du bruker, kan du starte opp i sikker modus med nettverk slik at du kommer deg på nett evt. laste ned Combofix på en annen pc og kopiere over:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Littleman · 29. desember 2007

Infeksjonen har nok satt på noen restriksjoner i Policies i registeret. Før vi knoter manuelt med dette kan vi prøve noen scanninger først.

Ser at du har Superantispyware. Har du kjørt den? Hvis ikke kan det være en fin start.

Deretter kjører du Combofix. Hvis det er denne PC-en du bruker, kan du starte opp i sikker modus med nettverk slik at du kommer deg på nett evt. laste ned Combofix på en annen pc og kopiere over:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Hei

Takk for svar!!

Har kjørt Superantispyware, uten at det hjalp på rettighetene. Her er logen fra Combofix:

ComboFix 07-12-21.4 - Ole Helge 2007-12-30 0:02:04.3 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.391 [GMT 1:00]

Running from: C:\Documents and Settings\Ole Helge\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))

.

2007-12-29 22:04 . 2007-12-29 23:17 4,062 --a------ C:\WINDOWS\system32\tmp.reg

2007-12-29 20:46 . 2007-12-29 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2007-12-29 20:11 . 2007-12-29 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-29 20:10 . 2007-12-29 20:14 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-29 20:10 . 2007-12-29 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-29 20:10 . 2007-12-29 20:10 <DIR> d-------- C:\Documents and Settings\Ole Helge\Programdata\SUPERAntiSpyware.com

2007-12-29 19:47 . 2007-12-29 19:47 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2007-12-29 19:19 . 2005-10-30 18:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2007-12-29 19:19 . 2007-12-29 23:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2007-12-29 19:19 . 2007-12-29 19:21 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2007-12-29 19:19 . 2005-10-30 06:26 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2007-12-29 11:21 . 2007-12-29 11:20 38,912 --a------ C:\WINDOWS\system32\KernelDrv.exe

2007-12-29 11:21 . 2007-12-29 22:02 13,824 --a------ C:\WINDOWS\system32\Dll.dll

2007-12-29 11:20 . 2007-12-29 22:01 24,741 --a------ C:\WINDOWS\system32\kcopt.dll

2007-12-29 11:20 . 2007-12-29 22:17 17,016 --a------ C:\WINDOWS\system32\ksvcl.dll

2007-12-29 10:59 . 2007-12-29 19:24 8,704 --a------ C:\WINDOWS\medichi2.exe

2007-12-29 10:59 . 2007-12-29 19:24 4,608 --a------ C:\WINDOWS\medichi.exe

2007-12-29 10:56 . 2007-12-29 10:56 45,056 --a------ C:\winszyc.exe

2007-12-29 10:56 . 2007-12-29 10:56 16,384 --a------ C:\WINDOWS\system32\users32.dat

2007-12-07 18:46 . 2007-12-07 18:46 <DIR> d-------- C:\Documents and Settings\Ole Helge\Programdata\Uniblue

2007-12-07 16:54 . 2007-12-07 16:54 295 --a------ C:\WINDOWS\game.ini

2007-12-04 16:16 . 2007-12-04 16:16 <DIR> d-------- C:\Programfiler\HYPET

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-29 22:40 --------- d-----w C:\Programfiler\Mozilla Thunderbird

2007-12-29 22:04 --------- d-----w C:\Documents and Settings\Ole Helge\Programdata\OpenOffice.org2

2007-12-29 21:14 --------- d-----w C:\Programfiler\MSN Messenger

2007-12-29 21:01 --------- d-----w C:\Programfiler\Norman

2007-12-29 18:28 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys

2007-12-29 09:59 --------- d-----w C:\Programfiler\Windows Defender

2007-12-29 09:59 --------- d-----w C:\Programfiler\QuickTime

2007-12-17 18:34 --------- d-----w C:\Programfiler\Messenger Plus! Live

2007-12-07 17:22 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-11-24 20:06 --------- d-----w C:\Programfiler\Google

2007-11-16 18:44 --------- d-----w C:\Programfiler\GameShadow

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 22:04 62,360 ----a-w C:\Documents and Settings\Ole Helge\Programdata\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-12-29 10:56]

"DW4"="C:\Programfiler\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" []

"Uniblue RegistryBooster 2"="D:\Programfiler\RegistryBooster 2\RegistryBooster.exe" []

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"SpybotSD TeaTimer"="D:\Programfiler\Spybot\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-12-29 10:56]

"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-12-29 10:56]

"HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2007-12-29 10:56]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2007-12-29 10:56]

"DeviceDiscovery"="C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2007-12-29 10:56]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-29 10:56]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-29 10:56]

"Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2007-12-29 10:56]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-12-29 10:56]

"SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-12-29 10:56]

"PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2007-12-29 10:56]

"IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2007-12-29 10:56]

"SetDefPrt"="C:\Programfiler\Brother\Brmfl04e\BrStDvPt.exe" [2007-12-29 10:56]

"ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2007-12-29 10:56]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2007-12-29 10:56]

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-29 10:56]

"WinampAgent"="D:\Programfiler\MusikkGreier\Winamp\winampa.exe" [2007-10-10 06:28]

"KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [2007-12-29 11:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

C:\Documents and Settings\Ole Helge\Start-meny\Programmer\Oppstart\

OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

S2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2007-03-09 20:25]

S3 brfilt;Brother MFC filterdriver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 20:12]

S3 BrSerWDM;Brother WDM seriell driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-13 23:04]

S3 BrUsbMdm;Brother MFC USB-modem for kun telefaks;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 20:12]

S3 BrUsbScn;Brother MFC USB-skannerdriver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 20:12]

S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 09:50]

S3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-07-12 10:38]

S3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

.

Contents of the 'Scheduled Tasks' folder

"2007-12-29 22:05:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 00:06:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-30 0:07:33

C:\ComboFix2.txt ... 2007-12-29 23:24

.

2007-12-26 19:43:24 --- E O F ---

norbat · 29. desember 2007

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\System32\KernelDrv.exe

C:\WINDOWS\system32\Dll.dll

C:\WINDOWS\medichi2.exe

C:\WINDOWS\medichi.exe

C:\WINDOWS\system32\kcopt.dll

C:\WINDOWS\system32\ksvcl.dll

C:\winszyc.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KernelDrv.exe"=-

Post loggen sammen med ny logg fra hjt (kjørt fra normal tilstand)

Littleman · 29. desember 2007

Hei

Her er logen fra Combofix

ComboFix 07-12-21.4 - Ole Helge 2007-12-30 0:35:21.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.233 [GMT 1:00]

Running from: C:\Documents and Settings\Ole Helge\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ole Helge\Skrivebord\CFScript.txt

* Created a new restore point

FILE

C:\WINDOWS\medichi.exe

C:\WINDOWS\medichi2.exe

C:\WINDOWS\system32\Dll.dll

C:\WINDOWS\system32\kcopt.dll

C:\WINDOWS\System32\KernelDrv.exe

C:\WINDOWS\system32\ksvcl.dll

C:\winszyc.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.