Skibbe10 Skrevet 5. januar 2008 Del Skrevet 5. januar 2008 Ein kamerat har fått dataen infisert av noko skummle greier. har spora det til ei xpdx.sys fil som ikkje kan slettast? sender med hjt-logg om nokon kunne være så snill å sjekke den? hjt-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:46:45, on 05.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE C:\program\DAEMON Tools\daemon.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\lsass.exe D:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\Documents and Settings\Arcel1t\Start-meny\Programmer\Oppstart\findfast.exe D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\program\adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {14CFBD93-AC11-44AE-B2AF-A4256DD60EEE} - D:\WINDOWS\system32\pmnlk.dll (file missing) O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - D:\Programfiler\Outerinfo\Outerinfo.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - D:\Programfiler\Mympdhmu\emkgcgkk.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B9E85D85-F6EE-4655-A639-E33983612A6E} - D:\WINDOWS\system32\opnmmkk.dll (file missing) O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [NVMixerTray] "D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [lsass] D:\WINDOWS\lsass.exe O4 - HKLM\..\Run: [Printer] D:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [spoolsv] D:\WINDOWS\system32\spoolvs.exe O4 - HKLM\..\Policies\Explorer\Run: [none] D:\Programfiler\Image ActiveX Object\pmsngr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: findfast.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168736508703 O20 - Winlogon Notify: opnmmkk - opnmmkk.dll (file missing) O20 - Winlogon Notify: winier32 - winier32.dll (file missing) O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\program\PDF\SCPDF\SolidPdfService.exe (file missing) -- End of file - 5540 bytes Mats Lenke til kommentar
norbat Skrevet 5. januar 2008 Del Skrevet 5. januar 2008 Ja, det lå litt rusk der. Gjør følgende: Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres om, poster du her i din egen tråd. Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 hei har gjort alt som står i den lange versjonen. her følger loggane: HJT-log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:25:47, on 06.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE C:\program\DAEMON Tools\daemon.exe D:\WINDOWS\SOUNDMAN.EXE C:\program\superantistuff\SUPERAntiSpyware.exe D:\WINDOWS\system32\notepad.exe D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\program\adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [NVMixerTray] "D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\program\superantistuff\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168736508703 O20 - Winlogon Notify: !SASWinLogon - C:\program\superantistuff\SASWINLO.dll O20 - Winlogon Notify: opnmmkk - opnmmkk.dll (file missing) O20 - Winlogon Notify: winier32 - winier32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\program\PDF\SCPDF\SolidPdfService.exe (file missing) -- End of file - 4777 bytes Combofix: ComboFix 08-01-04.1 - Arcel1t 2008-01-06 1:14:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1556 [GMT 1:00] Running from: D:\Documents and Settings\Arcel1t\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Programfiler\Helper D:\Programfiler\SecCenter D:\Programfiler\SecCenter\scprot4.exe~ D:\WINDOWS\Casino.ico D:\WINDOWS\Free Online Dating.ico D:\WINDOWS\Spyware Remover.ico D:\WINDOWS\system32\mcrh.tmp D:\WINDOWS\system32\njprckha D:\WINDOWS\system32\njprckha\bg1.gif D:\WINDOWS\system32\njprckha\bgtop.gif D:\WINDOWS\system32\njprckha\bottom1.gif D:\WINDOWS\system32\njprckha\essentials.gif D:\WINDOWS\system32\njprckha\icon1.ico D:\WINDOWS\system32\njprckha\install1.gif D:\WINDOWS\system32\njprckha\left1.gif D:\WINDOWS\system32\njprckha\li.gif D:\WINDOWS\system32\njprckha\logo.gif D:\WINDOWS\system32\njprckha\main.htm D:\WINDOWS\system32\njprckha\mainframe.htm D:\WINDOWS\system32\njprckha\reinstall1.gif D:\WINDOWS\system32\njprckha\right1.gif D:\WINDOWS\system32\njprckha\s1.htm D:\WINDOWS\system32\njprckha\s2.htm D:\WINDOWS\system32\njprckha\s3.htm D:\WINDOWS\system32\njprckha\SMTop1.gif D:\WINDOWS\system32\njprckha\SMTop2.gif D:\WINDOWS\system32\njprckha\SMTop3.gif D:\WINDOWS\system32\njprckha\SMTop4.gif D:\WINDOWS\system32\njprckha\soft1_off.gif D:\WINDOWS\system32\njprckha\soft1_off_ext.gif D:\WINDOWS\system32\njprckha\soft1_on.gif D:\WINDOWS\system32\njprckha\soft1_on_ext.gif D:\WINDOWS\system32\njprckha\soft2_off.gif D:\WINDOWS\system32\njprckha\soft2_off_ext.gif D:\WINDOWS\system32\njprckha\soft2_on.gif D:\WINDOWS\system32\njprckha\soft2_on_ext.gif D:\WINDOWS\system32\njprckha\soft3_off.gif D:\WINDOWS\system32\njprckha\soft3_off_ext.gif D:\WINDOWS\system32\njprckha\soft3_on.gif D:\WINDOWS\system32\njprckha\soft3_on_ext.gif D:\WINDOWS\system32\njprckha\softbottom_off.gif D:\WINDOWS\system32\njprckha\softbottom_on.gif D:\WINDOWS\system32\njprckha\softleft_off.gif D:\WINDOWS\system32\njprckha\softleft_on.gif D:\WINDOWS\system32\njprckha\top1.gif D:\WINDOWS\system32\njprckha\top2.gif D:\WINDOWS\system32\njprckha\turnoff1.gif D:\WINDOWS\system32\njprckha\turnon1.gif D:\WINDOWS\system32\xpdx.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_RDRIV -------\nm -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 01:13 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe 2008-01-06 01:00 . 2008-01-06 01:00 <DIR> dr-h----- D:\Documents and Settings\Arcel1t\Siste 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\Arcel1t\Programdata\SUPERAntiSpyware.com 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-05 15:46 . 2008-01-05 15:46 <DIR> d-------- D:\Programfiler\Trend Micro 2008-01-05 14:36 . 2008-01-05 14:36 268 --ah----- D:\sqmdata00.sqm 2008-01-05 14:36 . 2008-01-05 14:36 244 --ah----- D:\sqmnoopt00.sqm 2008-01-04 23:11 . 2008-01-04 23:07 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-04 23:06 . 2008-01-04 23:16 <DIR> d-------- D:\Documents and Settings\Arcel1t\.housecall6.6 2008-01-04 22:33 . 2008-01-04 22:33 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-04 22:30 . 2008-01-04 22:30 <DIR> d-------- D:\Programfiler\Alwil Software 2008-01-04 22:14 . 2008-01-04 22:29 1,043,860 ---hs---- D:\WINDOWS\system32\tvikohtk.ini 2007-12-19 18:19 . 2008-01-04 22:45 94,221 --ahs---- D:\WINDOWS\system32\klnmp.ini 2007-12-19 15:15 . 2008-01-06 00:56 <DIR> d-------- D:\Programfiler\uvyvcvan 2007-12-19 15:15 . 2008-01-04 22:46 <DIR> d-------- D:\Programfiler\Mympdhmu 2007-12-18 17:54 . 2007-12-19 15:16 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2007-12-18 17:54 . 2007-12-19 15:16 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2007-12-18 17:54 . 2007-12-19 15:16 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2007-12-18 17:34 . 2007-12-18 17:34 94,208 --a------ D:\WINDOWS\DIIUnin.exe 2007-12-18 17:34 . 2007-12-18 18:39 26,046 --a------ D:\WINDOWS\DIIUnin.dat 2007-12-18 17:34 . 2007-12-18 17:34 2,829 --a------ D:\WINDOWS\DIIUnin.pif 2007-12-16 17:50 . 2007-12-16 18:00 <DIR> d-------- D:\Programfiler\VMware 2007-12-16 17:48 . 2007-05-01 22:51 437,040 --a------ D:\WINDOWS\system32\vnetlib.dll 2007-12-16 17:48 . 2007-05-01 22:51 50,992 -ra------ D:\WINDOWS\system32\vmnetbridge.dll 2007-12-16 17:48 . 2007-05-01 22:52 21,040 --a------ D:\WINDOWS\system32\drivers\VMkbd.sys 2007-12-11 23:36 . 2007-12-11 23:36 <DIR> d-------- D:\Programfiler\Google 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\TSSS 5.0 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\Fellesfiler\Galactix Software 2007-12-08 16:26 . 2007-12-08 16:26 <DIR> d-------- D:\Programfiler\All-Pro Software 2007-12-08 16:26 . 2002-05-26 16:16 373,760 --a------ D:\WINDOWS\system32\xwpdlx20.ocx 2007-12-08 16:26 . 1998-04-24 19:08 368,912 --a------ D:\WINDOWS\system32\VBAR332.DLL 2007-12-08 16:26 . 1998-06-26 19:22 205,848 --a------ D:\WINDOWS\system32\THREED32.OCX 2007-12-08 16:26 . 2000-05-21 23:00 166,600 --a------ D:\WINDOWS\system32\MSMASK32.OCX 2007-12-08 16:26 . 2002-09-04 14:10 132,376 --a------ D:\WINDOWS\system32\CSFTP32.OCX 2007-12-08 16:26 . 2004-08-28 02:06 61,440 --a------ D:\WINDOWS\UnDeploy.exe 2007-12-08 16:23 . 2007-12-08 16:25 <DIR> d-------- D:\Programfiler\TSSS 3.0 2007-12-08 16:20 . 2007-12-08 16:21 <DIR> d--h----- D:\Programfiler\Zero G Registry 2007-12-08 16:20 . 2007-12-08 16:20 <DIR> d-------- D:\Documents and Settings\Arcel1t\SplendidCity_Data 2007-12-08 13:06 . 2007-12-08 13:06 <DIR> d-------- D:\WINDOWS\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 23:16 --------- d-----w D:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-05 13:41 --------- d-----w D:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 21:45 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\AVG7 2007-12-19 22:49 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\uTorrent 2007-12-12 14:06 98,304 ----a-w D:\WINDOWS\system32CmdLineExt.dll 2007-12-08 15:19 --------- d-----w D:\Programfiler\PopCap Games 2007-12-08 11:31 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-28 17:12 --------- d-----w D:\Programfiler\Trymedia 2007-11-24 17:19 --------- d-----w D:\Documents and Settings\All Users\Programdata\Trymedia 2007-11-23 23:24 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\InstallShield Installation Information 2007-11-23 23:14 --------- d-----w D:\Programfiler\AGEIA Technologies 2007-11-19 21:00 --------- d-----w D:\Programfiler\OpenAL 2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 19:42 22,328 ----a-w D:\Documents and Settings\Arcel1t\Programdata\PnkBstrK.sys 2007-11-10 18:34 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2006-04-01 02:37 2,844,112,226 ----a-w D:\Programfiler\EA GAMES.rar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\program\superantistuff\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\program\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016] "NVIDIA nTune"="D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 12:06 532480] "NVMixerTray"="D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 D:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\program\superantistuff\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\program\superantistuff\SASWINLO.dll 2007-04-19 13:41 294912 C:\program\superantistuff\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmmkk] opnmmkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winier32] winier32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcMon] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bcadfe3-a34b-11db-98cd-8b8bbec09fc3}] \Shell\AutoRun\command - J:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{619a8e1a-9517-11da-abc3-806d6172696f}] \Shell\AutoRun\command - J:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a079c7-9514-11da-bd14-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . Contents of the 'Scheduled Tasks' folder "2008-01-06 00:20:20 D:\WINDOWS\Tasks\XoftSpySE 2.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe "2007-12-08 02:00:00 D:\WINDOWS\Tasks\XoftSpySE.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 01:20:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 1:21:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-06 00:21:53 . 2008-01-05 00:51:43 --- E O F --- SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/06/2008 at 00:49 AM Application Version : 3.9.1008 Core Rules Database Version : 3374 Trace Rules Database Version: 1369 Scan type : Complete Scan Total Scan Time : 00:29:33 Memory items scanned : 328 Memory threats detected : 3 Registry items scanned : 5307 Registry threats detected : 39 File items scanned : 46996 File threats detected : 63 Trojan.Downloader-Gen/AVP D:\WINDOWS\LSASS.EXE D:\WINDOWS\LSASS.EXE [lsass] D:\WINDOWS\LSASS.EXE D:\PROGRAMFILER\LSASS.EXE D:\WINDOWS\Prefetch\LSASS.EXE-02FFB15F.pf D:\WINDOWS\Prefetch\LSASS.EXE-079D4622.pf Adware.E404 Helper/Variant D:\PROGRAMFILER\HELPER\HELPER6.DLL D:\PROGRAMFILER\HELPER\HELPER6.DLL D:\PROGRAMFILER\HELPER\SUPERFINDERUSA.DLL D:\PROGRAMFILER\HELPER\SUPERFINDOUT.DLL Trojan.Downloader-FindFast/Fake D:\DOCUMENTS AND SETTINGS\ARCEL1T\START-MENY\PROGRAMMER\OPPSTART\FINDFAST.EXE D:\DOCUMENTS AND SETTINGS\ARCEL1T\START-MENY\PROGRAMMER\OPPSTART\FINDFAST.EXE Trojan.Downloader-Gen/CinBroom [Printer] D:\WINDOWS\SYSTEM32\PRINTER.EXE D:\WINDOWS\SYSTEM32\PRINTER.EXE D:\DOCUMENTS AND SETTINGS\ARCEL1T\PROGRAMDATA\PRINTER.EXE D:\WINDOWS\Prefetch\PRINTER.EXE-02CF0818.pf D:\WINDOWS\Prefetch\PRINTER.EXE-059832AF.pf Worm.Rbot Variant [spoolsv] D:\WINDOWS\SYSTEM32\SPOOLVS.EXE D:\WINDOWS\SYSTEM32\SPOOLVS.EXE Trojan.WinFixer HKLM\Software\Classes\CLSID\{14CFBD93-AC11-44AE-B2AF-A4256DD60EEE} HKCR\CLSID\{14CFBD93-AC11-44AE-B2AF-A4256DD60EEE} HKCR\CLSID\{14CFBD93-AC11-44AE-B2AF-A4256DD60EEE}\InprocServer32 HKCR\CLSID\{14CFBD93-AC11-44AE-B2AF-A4256DD60EEE}\InprocServer32#ThreadingModel D:\WINDOWS\SYSTEM32\PMNLK.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CFBD93-AC11-44AE-B2AF-A4256DD60EEE} Adware.ClickSpring/Outer Info Network HKLM\Software\Classes\CLSID\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F} HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32 HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32#ThreadingModel HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\Programmable HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\TypeLib D:\PROGRAMFILER\OUTERINFO\OUTERINFO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} HKLM\Software\Outerinfo HKLM\Software\Outerinfo#InstallDirectory HKLM\Software\Outerinfo#REFID HKLM\Software\Outerinfo#PID Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C} HKCR\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C} HKCR\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C}\InprocServer32 HKCR\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C}\InprocServer32#ThreadingModel HKCR\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C}\InprocServer32#t D:\PROGRAMFILER\MYMPDHMU\EMKGCGKK.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C} HKCR\CLSID\{76F262CF-0308-0FB4-F7A3-043266F3A47C} Trojan.Zlob Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#hirtellous Trojan.Media-Codec HKLM\Software\Microsoft\Internet Explorer\Toolbar#{84938242-5C5B-4A55-B6B9-A1507543B418} D:\Programfiler\Image ActiveX Object\ot.ico D:\Programfiler\Image ActiveX Object\ts.ico D:\Programfiler\Image ActiveX Object HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ D:\Programfiler\Image ActiveX Object\pmsngr.exe ] Adware.Tracking Cookie D:\Documents and Settings\Arcel1t\Cookies\[email protected][1].txt D:\Documents and Settings\Arcel1t\Cookies\[email protected][1].txt D:\Documents and Settings\Arcel1t\Cookies\[email protected][2].txt D:\Documents and Settings\Arcel1t\Cookies\[email protected][1].txt D:\Documents and Settings\Arcel1t\Cookies\arcel1t@findology[1].txt D:\Documents and Settings\Arcel1t\Cookies\[email protected][1].txt D:\Documents and Settings\Arcel1t\Cookies\[email protected][1].txt D:\Documents and Settings\Arcel1t\Cookies\arcel1t@exact-find[1].txt D:\Documents and Settings\Arcel1t\Cookies\arcel1t@thezirius[1].txt Trojan.Security Toolbar D:\Documents and Settings\All Users\Start-meny\Online Security Guide.url D:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url D:\Documents and Settings\All Users\Skrivebord\Security Troubleshooting.url D:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url Malware.AntiVermins HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2} HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\aEee HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\gmwny HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32 HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32#ThreadingModel HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\qnfaHd HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\tBhdwDDmOQ HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\vxylfexQfr HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\yhzspisYzy Malware.LocusSoftware Inc/PCPrivacyTool D:\Documents and Settings\Arcel1t\Programdata\ultra Trojan.Downloader-XLIB C:\XLIBGFL254.DLL Trojan.Net-AVP/AVT D:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\OPPSTART\AUTORUN.EXE D:\WINDOWS\SHELL.EXE D:\WINDOWS\Prefetch\AUTORUN.EXE-109544F9.pf D:\WINDOWS\Prefetch\SHELL.EXE-2AED9F60.pf Malware.Ultimate Defender D:\PROGRAMFILER\UCLEANER_SETUP.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP451\A0196452.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197495.EXE D:\WINDOWS\SYSTEM32\NJPRCKHA\NJPRCKHA1.EXE D:\WINDOWS\SYSTEM32\NJPRCKHA\NJPRCKHA3.EXE D:\WINDOWS\Prefetch\UCLEANER_SETUP.EXE-248F39BA.pf Trojan.Unknown Origin D:\PROGRAMFILER\UVYVCVAN\MTMDUPEV.DLL Trojan.Downloader-ClickSpring/NDrv D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP449\A0196354.DLL Adware.Search2Find D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP450\A0196405.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP450\A0196406.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP450\A0196408.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP450\A0196409.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP450\A0196410.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP451\A0196448.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197480.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197481.LNK D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197482.LNK Trojan.Downloader-NoName D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP451\A0196447.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197497.EXE Trojan.Unclassifed/WowFX D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP451\A0196455.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197494.DLL Malware.WinAntiSpyware-Installer D:\SYSTEM VOLUME INFORMATION\_RESTORE{93A3DBD5-1EDA-491E-91F4-480C206C5E29}\RP452\A0197496.DLL Trojan.Unclassified/DRV-Slice D:\WINDOWS\SYSTEM32\DRVLAK.DLL Adware.Vundo-Variant/Small D:\WINDOWS\SYSTEM32\FCCDABX.DLL Adware.Vundo Variant/Rel D:\WINDOWS\SYSTEM32\KLNMP.INI2 takker for all hjelp Lenke til kommentar
norbat Skrevet 6. januar 2008 Del Skrevet 6. januar 2008 Sjekk følgende fil (i fet) på nettstedet Jotti: D:\WINDOWS\system32\tvikohtk.ini Det du gjør er at du laster opp fila (se øverst på nettstedet). Det vil bli foretatt en scan og du vil få en rapport som sier om det er funnet noe eller ei. Hvis det blir funnet noe knyttet til fila, så kopierer du denne linja: D:\WINDOWS\system32\tvikohtk.ini og limer den inn under File::-linja under. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. (Ble det funnet noe på fila over, så lim inn linja under File: Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: D:\WINDOWS\system32\klnmp.ini Folder:: D:\Programfiler\uvyvcvan D:\Programfiler\Mympdhmu Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmmkk] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winier32] Post ny combofix-logg + ny hjt-logg. Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 har gjort det du sa:) og maskina virker å bli fin igjen nå. men fant ikkje den fila du spesifiserte tvikohtk.ini hjt-log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:59:03, on 06.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE C:\program\DAEMON Tools\daemon.exe D:\WINDOWS\SOUNDMAN.EXE C:\program\superantistuff\SUPERAntiSpyware.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\program\adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [NVMixerTray] "D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\program\superantistuff\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168736508703 O20 - Winlogon Notify: !SASWinLogon - C:\program\superantistuff\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - Unknown owner - C:\program\PDF\SCPDF\SolidPdfService.exe (file missing) -- End of file - 4574 bytes combofix-log: ComboFix 08-01-04.1 - Arcel1t 2008-01-06 14:43:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1587 [GMT 1:00] Running from: D:\Documents and Settings\Arcel1t\Skrivebord\ComboFix.exe Command switches used :: D:\Documents and Settings\Arcel1t\Skrivebord\CFScript.txt * Created a new restore point FILE D:\WINDOWS\system32\klnmp.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Programfiler\Mympdhmu D:\Programfiler\uvyvcvan D:\WINDOWS\system32\klnmp.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_RDRIV ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 04:27 . 2008-01-06 14:43 <DIR> dr-h----- D:\Documents and Settings\Arcel1t\Siste 2008-01-06 01:13 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\Arcel1t\Programdata\SUPERAntiSpyware.com 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-05 15:46 . 2008-01-05 15:46 <DIR> d-------- D:\Programfiler\Trend Micro 2008-01-05 14:36 . 2008-01-05 14:36 268 --ah----- D:\sqmdata00.sqm 2008-01-05 14:36 . 2008-01-05 14:36 244 --ah----- D:\sqmnoopt00.sqm 2008-01-04 23:11 . 2008-01-04 23:07 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-04 23:06 . 2008-01-04 23:16 <DIR> d-------- D:\Documents and Settings\Arcel1t\.housecall6.6 2008-01-04 22:33 . 2008-01-04 22:33 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-04 22:30 . 2008-01-04 22:30 <DIR> d-------- D:\Programfiler\Alwil Software 2008-01-04 22:14 . 2008-01-04 22:29 1,043,860 ---hs---- D:\WINDOWS\system32\tvikohtk.ini 2007-12-18 17:54 . 2007-12-19 15:16 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2007-12-18 17:54 . 2007-12-19 15:16 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2007-12-18 17:54 . 2007-12-19 15:16 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2007-12-18 17:34 . 2007-12-18 17:34 94,208 --a------ D:\WINDOWS\DIIUnin.exe 2007-12-18 17:34 . 2007-12-18 18:39 26,046 --a------ D:\WINDOWS\DIIUnin.dat 2007-12-18 17:34 . 2007-12-18 17:34 2,829 --a------ D:\WINDOWS\DIIUnin.pif 2007-12-16 17:50 . 2007-12-16 18:00 <DIR> d-------- D:\Programfiler\VMware 2007-12-16 17:48 . 2007-05-01 22:51 437,040 --a------ D:\WINDOWS\system32\vnetlib.dll 2007-12-16 17:48 . 2007-05-01 22:51 50,992 -ra------ D:\WINDOWS\system32\vmnetbridge.dll 2007-12-16 17:48 . 2007-05-01 22:52 21,040 --a------ D:\WINDOWS\system32\drivers\VMkbd.sys 2007-12-11 23:36 . 2007-12-11 23:36 <DIR> d-------- D:\Programfiler\Google 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\TSSS 5.0 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\Fellesfiler\Galactix Software 2007-12-08 16:26 . 2007-12-08 16:26 <DIR> d-------- D:\Programfiler\All-Pro Software 2007-12-08 16:26 . 2002-05-26 16:16 373,760 --a------ D:\WINDOWS\system32\xwpdlx20.ocx 2007-12-08 16:26 . 1998-04-24 19:08 368,912 --a------ D:\WINDOWS\system32\VBAR332.DLL 2007-12-08 16:26 . 1998-06-26 19:22 205,848 --a------ D:\WINDOWS\system32\THREED32.OCX 2007-12-08 16:26 . 2000-05-21 23:00 166,600 --a------ D:\WINDOWS\system32\MSMASK32.OCX 2007-12-08 16:26 . 2002-09-04 14:10 132,376 --a------ D:\WINDOWS\system32\CSFTP32.OCX 2007-12-08 16:26 . 2004-08-28 02:06 61,440 --a------ D:\WINDOWS\UnDeploy.exe 2007-12-08 16:23 . 2007-12-08 16:25 <DIR> d-------- D:\Programfiler\TSSS 3.0 2007-12-08 16:20 . 2007-12-08 16:21 <DIR> d--h----- D:\Programfiler\Zero G Registry 2007-12-08 16:20 . 2007-12-08 16:20 <DIR> d-------- D:\Documents and Settings\Arcel1t\SplendidCity_Data 2007-12-08 13:06 . 2007-12-08 13:06 <DIR> d-------- D:\WINDOWS\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 03:13 --------- d-----w D:\Documents and Settings\All Users\Programdata\avg7 2008-01-05 23:16 --------- d-----w D:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 21:45 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\AVG7 2007-12-19 22:49 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\uTorrent 2007-12-12 14:06 98,304 ----a-w D:\WINDOWS\system32CmdLineExt.dll 2007-12-08 15:19 --------- d-----w D:\Programfiler\PopCap Games 2007-12-08 11:31 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-28 17:12 --------- d-----w D:\Programfiler\Trymedia 2007-11-24 17:19 --------- d-----w D:\Documents and Settings\All Users\Programdata\Trymedia 2007-11-23 23:24 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\InstallShield Installation Information 2007-11-23 23:14 --------- d-----w D:\Programfiler\AGEIA Technologies 2007-11-19 21:00 --------- d-----w D:\Programfiler\OpenAL 2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 19:42 22,328 ----a-w D:\Documents and Settings\Arcel1t\Programdata\PnkBstrK.sys 2007-11-10 18:34 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2006-04-01 02:37 2,844,112,226 ----a-w D:\Programfiler\EA GAMES.rar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\program\superantistuff\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\program\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016] "NVIDIA nTune"="D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 12:06 532480] "NVMixerTray"="D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 D:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\program\superantistuff\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\program\superantistuff\SASWINLO.dll 2007-04-19 13:41 294912 C:\program\superantistuff\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcMon] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bcadfe3-a34b-11db-98cd-8b8bbec09fc3}] \Shell\AutoRun\command - J:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{619a8e1a-9517-11da-abc3-806d6172696f}] \Shell\AutoRun\command - J:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a079c7-9514-11da-bd14-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . Contents of the 'Scheduled Tasks' folder "2008-01-06 13:50:58 D:\WINDOWS\Tasks\XoftSpySE 2.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe "2007-12-08 02:00:00 D:\WINDOWS\Tasks\XoftSpySE.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 14:51:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 14:52:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-06 13:52:25 ComboFix2.txt 2008-01-06 00:21:56 . 2008-01-05 00:51:43 --- E O F --- Mats Lenke til kommentar
norbat Skrevet 6. januar 2008 Del Skrevet 6. januar 2008 Fila er sikkert skjult. For å vise skjulte filer og mapper, kan du gjøre følgende: Kontrollpanel->Mappealternativer->Vis Sett merke framfor "Vis skjulte filer og mapper". Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 ja vi viser skjulte filer og mapper.. standard innstilling men har og søkt etter fila og finner ingenting. Lenke til kommentar
norbat Skrevet 6. januar 2008 Del Skrevet 6. januar 2008 Ok, Opprett ei ny CFScript.txt -fil med følgende innhold: File:: D:\WINDOWS\system32\tvikohtk.ini Dra file over combofix-ikonet. Post loggen igjen etterpå. Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 kjørte combofix og her er loggen: ComboFix 08-01-04.1 - Arcel1t 2008-01-06 16:27:24.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1682 [GMT 1:00] Running from: D:\Documents and Settings\Arcel1t\Skrivebord\ComboFix.exe Command switches used :: D:\Documents and Settings\Arcel1t\Skrivebord\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 15:46 . 2008-01-06 16:26 <DIR> dr-h----- D:\Documents and Settings\Arcel1t\Siste 2008-01-06 01:13 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\Arcel1t\Programdata\SUPERAntiSpyware.com 2008-01-06 00:17 . 2008-01-06 00:17 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-05 15:46 . 2008-01-05 15:46 <DIR> d-------- D:\Programfiler\Trend Micro 2008-01-05 14:36 . 2008-01-05 14:36 268 --ah----- D:\sqmdata00.sqm 2008-01-05 14:36 . 2008-01-05 14:36 244 --ah----- D:\sqmnoopt00.sqm 2008-01-04 23:11 . 2008-01-04 23:07 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-04 23:06 . 2008-01-04 23:16 <DIR> d-------- D:\Documents and Settings\Arcel1t\.housecall6.6 2008-01-04 22:33 . 2008-01-04 22:33 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-04 22:30 . 2008-01-04 22:30 <DIR> d-------- D:\Programfiler\Alwil Software 2008-01-04 22:14 . 2008-01-04 22:29 1,043,860 ---hs---- D:\WINDOWS\system32\tvikohtk.ini 2007-12-18 17:54 . 2007-12-19 15:16 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2007-12-18 17:54 . 2007-12-19 15:16 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2007-12-18 17:54 . 2007-12-19 15:16 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2007-12-18 17:34 . 2007-12-18 17:34 94,208 --a------ D:\WINDOWS\DIIUnin.exe 2007-12-18 17:34 . 2007-12-18 18:39 26,046 --a------ D:\WINDOWS\DIIUnin.dat 2007-12-18 17:34 . 2007-12-18 17:34 2,829 --a------ D:\WINDOWS\DIIUnin.pif 2007-12-16 17:50 . 2007-12-16 18:00 <DIR> d-------- D:\Programfiler\VMware 2007-12-16 17:48 . 2007-05-01 22:51 437,040 --a------ D:\WINDOWS\system32\vnetlib.dll 2007-12-16 17:48 . 2007-05-01 22:51 50,992 -ra------ D:\WINDOWS\system32\vmnetbridge.dll 2007-12-16 17:48 . 2007-05-01 22:52 21,040 --a------ D:\WINDOWS\system32\drivers\VMkbd.sys 2007-12-11 23:36 . 2007-12-11 23:36 <DIR> d-------- D:\Programfiler\Google 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\TSSS 5.0 2007-12-08 16:49 . 2007-12-08 16:50 <DIR> d-------- D:\Programfiler\Fellesfiler\Galactix Software 2007-12-08 16:26 . 2007-12-08 16:26 <DIR> d-------- D:\Programfiler\All-Pro Software 2007-12-08 16:26 . 2002-05-26 16:16 373,760 --a------ D:\WINDOWS\system32\xwpdlx20.ocx 2007-12-08 16:26 . 1998-04-24 19:08 368,912 --a------ D:\WINDOWS\system32\VBAR332.DLL 2007-12-08 16:26 . 1998-06-26 19:22 205,848 --a------ D:\WINDOWS\system32\THREED32.OCX 2007-12-08 16:26 . 2000-05-21 23:00 166,600 --a------ D:\WINDOWS\system32\MSMASK32.OCX 2007-12-08 16:26 . 2002-09-04 14:10 132,376 --a------ D:\WINDOWS\system32\CSFTP32.OCX 2007-12-08 16:26 . 2004-08-28 02:06 61,440 --a------ D:\WINDOWS\UnDeploy.exe 2007-12-08 16:23 . 2007-12-08 16:25 <DIR> d-------- D:\Programfiler\TSSS 3.0 2007-12-08 16:20 . 2007-12-08 16:21 <DIR> d--h----- D:\Programfiler\Zero G Registry 2007-12-08 16:20 . 2007-12-08 16:20 <DIR> d-------- D:\Documents and Settings\Arcel1t\SplendidCity_Data 2007-12-08 13:06 . 2007-12-08 13:06 <DIR> d-------- D:\WINDOWS\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 03:13 --------- d-----w D:\Documents and Settings\All Users\Programdata\avg7 2008-01-05 23:16 --------- d-----w D:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 21:45 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\AVG7 2007-12-19 22:49 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\uTorrent 2007-12-12 14:06 98,304 ----a-w D:\WINDOWS\system32CmdLineExt.dll 2007-12-08 15:19 --------- d-----w D:\Programfiler\PopCap Games 2007-12-08 11:31 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-08 11:31 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2007-12-02 12:15 43,520 ----a-w D:\WINDOWS\system32\CmdLineExt03.dll 2007-11-28 17:12 --------- d-----w D:\Programfiler\Trymedia 2007-11-24 17:19 --------- d-----w D:\Documents and Settings\All Users\Programdata\Trymedia 2007-11-23 23:24 --------- d-----w D:\Documents and Settings\Arcel1t\Programdata\InstallShield Installation Information 2007-11-23 23:14 --------- d-----w D:\Programfiler\AGEIA Technologies 2007-11-19 21:00 413,696 ----a-w D:\WINDOWS\system32\wrap_oal.dll 2007-11-19 21:00 110,592 ----a-w D:\WINDOWS\system32\OpenAL32.dll 2007-11-19 21:00 --------- d-----w D:\Programfiler\OpenAL 2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 19:42 22,328 ----a-w D:\Documents and Settings\Arcel1t\Programdata\PnkBstrK.sys 2007-11-12 19:41 669,184 ----a-w D:\WINDOWS\system32\pbsvc.exe 2007-11-10 18:34 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2007-10-29 22:45 1,290,752 ----a-w D:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w D:\WINDOWS\system32\wmasf.dll 2007-10-12 22:19 13,653,824 ----a-w D:\WINDOWS\system32\xlivefnt.dll 2007-10-12 22:19 10,155,840 ----a-w D:\WINDOWS\system32\xlive.dll 2006-04-01 02:37 2,844,112,226 ----a-w D:\Programfiler\EA GAMES.rar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\program\superantistuff\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\program\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016] "NVIDIA nTune"="D:\Programfiler\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 12:06 532480] "NVMixerTray"="D:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 D:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\program\superantistuff\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\program\superantistuff\SASWINLO.dll 2007-04-19 13:41 294912 C:\program\superantistuff\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcMon] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bcadfe3-a34b-11db-98cd-8b8bbec09fc3}] \Shell\AutoRun\command - J:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{619a8e1a-9517-11da-abc3-806d6172696f}] \Shell\AutoRun\command - J:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a079c7-9514-11da-bd14-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . Contents of the 'Scheduled Tasks' folder "2008-01-06 15:30:12 D:\WINDOWS\Tasks\XoftSpySE 2.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe "2007-12-08 02:00:00 D:\WINDOWS\Tasks\XoftSpySE.job" - D:\Programfiler\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 16:30:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 16:32:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-06 15:32:07 ComboFix2.txt 2008-01-06 13:52:28 ComboFix3.txt 2008-01-06 00:21:56 . 2008-01-05 00:51:43 --- E O F --- Lenke til kommentar
norbat Skrevet 6. januar 2008 Del Skrevet 6. januar 2008 Ok, Kunne du også ha fjernet avmerkingen framfor "skjul beskyttede operativsystemfiler" (mappealt->vis). Se deretter om du finner fila D:\WINDOWS\system32\tvikohtk.ini. Hvis du ser den nå, sjekk den på Jotti Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 den fila var ok ifølge jotti.. er det meir ein skal tenke på da? mats Lenke til kommentar
norbat Skrevet 6. januar 2008 Del Skrevet 6. januar 2008 Den fila som du har undersøkt, plasserer jeg i 'mistenkelig'-avdelingen. Virusprogrammene anser den som grei og mest sannsynlig så er den det, men det finnes ingen info om fila (google) og det kan tyde på at dette er en fil med vilkårlig navn noe som kan tyde på at den tilhører noe malware. Jeg foreslår at du forandrer navnet til tvikohtk.bak. Dette må antakelig gjøres fra sikker modus (tapp F8 under oppstart, velg sikker modus). Hvis alt kjører ok/normal etterpå, kan fila ved en senere anledning slettes. Du kan etterpå skru på skjul beskyttede operativsys..... og skjul filer og mapper igjen. Du bør oppdatere java: http://java.com/en/download/index.jsp Du bør også nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Skibbe10 Skrevet 6. januar 2008 Forfatter Del Skrevet 6. januar 2008 greit takker for all hjelpa bra at folk gidder å ta seg tid til å hjelpe andre Mats Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå