Morimdin Skrevet 8. januar 2008 Del Skrevet 8. januar 2008 Sliter med Vundo og W32.Trats!inf. har fulgt instruksjonene om selvhjelp og lasta ned div prog og lagra loggene som følger under. Fikk ikke til å installere Superantispyware fordi windows sier jeg kjører safemode eller det er noe galt med windows installer. Får ikke til å starte windows i normal mode, kun safemode, norton finner vudo og W32.Trats!inf. og sier at de er fjernet, men de kommer tilbake. Lastet ned VundoFIX men det er en fil som ikke kan slettes(scan #3 sier at den ikke finnes lengre). ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-01-07.5 - Administrator 2008-01-08 18:17:43.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1778 [GMT 1:00] Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Common Files\Yazzle1848OinUninstaller.exe D:\Program Files\stem32~1 D:\Program Files\Temporary D:\Program Files\Temporary\kernInstall.exe D:\WINDOWS\system32\bbeeg.ini D:\WINDOWS\system32\bbeeg.ini2 D:\WINDOWS\system32\geebb.dll D:\WINDOWS\system32\geebb.exe D:\WINDOWS\system32\stem32~1 D:\WINDOWS\system32\stem32~1\??stem32\ D:\WINDOWS\system32\vtuspol.dll D:\WINDOWS\system32\wtssvsu.exe . ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-08 18:17 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe 2008-01-08 18:09 . 2008-01-08 18:09 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard 2008-01-08 17:56 . 2008-01-08 17:56 <DIR> d-------- D:\Program Files\CCleaner 2008-01-08 17:40 . 2008-01-08 18:10 <DIR> d-------- D:\VundoFix Backups 2008-01-08 15:23 . 2008-01-08 15:24 10,740 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-08 15:23 . 2008-01-08 15:24 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-08 15:17 . 2008-01-08 15:24 <DIR> d-------- D:\Program Files\Symantec 2008-01-08 15:17 . 2008-01-08 16:38 <DIR> d-------- D:\Program Files\Norton AntiVirus 2008-01-08 15:17 . 2008-01-08 15:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Symantec 2008-01-08 15:17 . 2008-01-08 15:24 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-08 15:17 . 2008-01-08 15:24 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL 2008-01-08 15:16 . 2008-01-08 18:18 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared 2008-01-07 22:50 . 2008-01-08 15:27 <DIR> d-------- D:\Program Files\kernel 2008-01-07 22:47 . 2008-01-08 15:49 39,936 --a------ D:\WINDOWS\mrofinu1044.exe.tmp 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\TransRender 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Temporary 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Samsung 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ConvertTemp 2008-01-07 00:21 . 2006-05-03 22:53 174,592 --a------ D:\WINDOWS\system32\framedyn.dll 2008-01-07 00:21 . 2006-07-24 16:05 5,632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-07 00:18 . 2008-01-07 00:18 <DIR> d-------- D:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-07 00:18 . 2008-01-07 00:18 <DIR> d-------- D:\Program Files\Samsung 2008-01-07 00:18 . 2007-05-02 11:11 109,704 --a------ D:\WINDOWS\system32\drivers\ss_mdm.sys 2008-01-07 00:18 . 2007-05-02 11:11 83,592 --a------ D:\WINDOWS\system32\drivers\ss_bus.sys 2008-01-07 00:18 . 2007-05-02 11:11 15,112 --a------ D:\WINDOWS\system32\drivers\ss_mdfl.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_whnt.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_wh.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_cmnt.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_cm.sys 2008-01-07 00:18 . 2005-08-28 20:51 766 --a------ D:\WINDOWS\system32\Uninstall.ico 2007-12-24 22:43 . 2007-12-24 22:43 <DIR> d-------- D:\Program Files\NCSoft 2007-12-19 22:25 . 2007-12-19 22:25 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\InterVideo 2007-12-13 15:49 . 2008-01-08 15:27 <DIR> d-------- D:\Program Files\QuickTime 2007-12-13 15:49 . 2007-12-13 15:49 <DIR> d-------- D:\Program Files\Apple Software Update 2007-12-13 15:49 . 2007-12-13 15:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple 2007-12-13 15:49 . 2007-12-23 23:16 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2007-12-13 15:49 . 2007-12-13 15:50 1,409 --a------ D:\WINDOWS\QTFont.for 2007-12-10 22:54 . 2007-12-10 22:54 <DIR> d-------- D:\Program Files\Common Files\Autodesk Shared 2007-12-10 22:54 . 2007-12-10 22:54 <DIR> d-------- D:\Program Files\Autodesk 2007-12-10 22:42 . 2007-12-10 22:42 <DIR> d-------- D:\Program Files\PowerISO 2007-12-10 14:32 . 2007-12-10 14:32 <DIR> d-------- D:\Program Files\Common Files\DirectX 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\InterVideo Information Service 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\Common Files\Ulead 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\Common Files\InterVideo 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-09 21:47 . 2007-12-13 15:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-09 21:47 . 2006-05-11 18:41 654 --------- D:\WINDOWS\remove.iss 2007-12-09 21:46 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\InterVideo 2007-12-09 19:46 . 2007-12-09 19:45 103,736 --a------ D:\WINDOWS\system32\PnkBstrB.exe 2007-12-09 19:46 . 2007-10-19 04:18 63,040 --a------ D:\WINDOWS\system32\PnkBstrA.exe 2007-12-09 19:46 . 2007-12-09 19:46 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-09 19:38 . 2007-12-09 19:38 <DIR> d-------- D:\Program Files\uTorrent 2007-12-09 19:38 . 2008-01-08 15:25 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\uTorrent 2007-12-09 17:51 . 2007-12-09 17:51 <DIR> dr-h----- D:\Documents and Settings\Administrator\Application Data\SecuROM 2007-12-09 17:51 . 2007-12-09 17:51 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2007-12-09 17:48 . 2007-12-09 17:48 <DIR> d-------- D:\WINDOWS\system32\LogFiles 2007-12-09 15:32 . 2008-01-08 16:38 <DIR> d-------- D:\Program Files\DAEMON Tools 2007-12-08 11:44 . 2004-08-03 23:07 59,264 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-12-08 11:44 . 2004-08-03 23:07 59,264 --a--c--- D:\WINDOWS\system32\dllcache\usbaudio.sys 2007-12-08 00:11 . 2007-12-08 00:11 <DIR> d-------- D:\WINDOWS\Sun 2007-12-08 00:10 . 2007-12-08 00:10 <DIR> d-------- D:\Program Files\Java 2007-12-08 00:10 . 2007-12-08 00:10 <DIR> d-------- D:\Program Files\Common Files\Java 2007-12-08 00:10 . 2007-09-24 23:31 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2007-12-08 00:10 . 2007-12-08 00:11 666 --a------ D:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 15:38 --------- d-----w D:\Program Files\MSN Messenger 2008-01-06 23:20 --------- d--h--w D:\Program Files\InstallShield Installation Information 2007-12-11 22:19 12,400 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-12-10 21:54 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-12-07 22:59 --------- d-----w D:\Program Files\Common Files\Adobe 2007-12-05 05:03 --------- d-----w D:\Program Files\D-Link 2007-12-05 05:03 --------- d-----w D:\Documents and Settings\Administrator\Application Data\InstallShield 2007-12-05 04:11 --------- d-----w D:\Documents and Settings\Administrator\Application Data\vlc 2007-12-04 21:31 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Talkback 2007-12-04 21:04 --------- d-----w D:\Program Files\ffdshow 2007-12-04 21:03 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-12-03 22:40 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Winamp 2007-12-02 08:18 --------- d-----w D:\Program Files\Creative 2007-12-02 08:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Creative 2007-12-02 08:17 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Creative 2007-12-02 07:51 --------- d-----w D:\Program Files\microsoft frontpage 2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf . <pre> ----a-w 39,792 2008-01-08 14:14:10 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 167,368 2008-01-08 14:14:12 D:\Program Files\DAEMON Tools\daemon .exe ----a-w 132,496 2008-01-08 14:14:10 D:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 61,440 2008-01-08 14:14:14 D:\Program Files\kernel\kernel .exe ----a-w 6,033,920 2008-01-08 15:22:58 D:\Program Files\MSN Messenger\MsnMsgr .Exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C296D798-9204-4322-942B-456AF104DADA}] D:\WINDOWS\system32\jkkjj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rsas"="D:\WINDOWS\system32\STEM32~1\regedit.exe" [ ] "kernel"="D:\Program Files\kernel\kernel.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-10-05 02:14 8491008] "nwiz"="nwiz.exe" [2007-10-05 02:14 1626112 D:\WINDOWS\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 20:32 17920 D:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 20:32 18944 D:\WINDOWS\system32\CTXFIHLP.EXE] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 02:14 81920] "WinampAgent"="E:\Programz\Winamp\winampa.exe" [ ] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [ ] "QuickTime Task"="D:\Program Files\QuickTime\QTTask .exe" [ ] "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Winamp.lnk - E:\Programz\Winamp\winamp.exe [2007-10-10 06:29:14] æTorrent.lnk - D:\Program Files\uTorrent\uTorrent.exe [2007-12-09 19:38:19] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless Connection Manager.lnk - D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2007-12-05 06:03:51] R3 JSWSCIMD;jswscimd Service;D:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-07 01:30] R3 WSIMD;wsimd Service;D:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46] S3 EraserUtilDrvI4;EraserUtilDrvI4;D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [2007-12-17 13:36] S3 ha20x2k;Creative 20X HAL Driver;D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 20:16] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-01-04 14:16:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-08 14:20:53 D:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job" - D:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 18:21:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-08 18:22:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-08 17:22:04 HJT Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:02, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE E:\Programz\Mozilla Firefox\firefox.exe D:\Documents and Settings\Administrator\Desktop\New Folder\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {C296D798-9204-4322-942B-456AF104DADA} - D:\WINDOWS\system32\jkkjj.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] E:\Programz\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [Rsas] "D:\WINDOWS\system32\STEM32~1\regedit.exe" -vt yazb O4 - HKCU\..\Run: [kernel] D:\Program Files\kernel\kernel.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Winamp.lnk = E:\Programz\Winamp\winamp.exe O4 - Startup: µTorrent.lnk = D:\Program Files\uTorrent\uTorrent.exe O4 - Global Startup: Wireless Connection Manager.lnk = D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccApp.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccApp.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 4707 bytes Håper dere hvet va som skal til for å redde meg! :o På forhånd takk, Kristian Lenke til kommentar
norbat Skrevet 8. januar 2008 Del Skrevet 8. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: D:\Program Files\kernel Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C296D798-9204-4322-942B-456AF104DADA}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rsas"=- "kernel"=- Post loggen + ny hjt-logg (helst fra normal tilstand) Lenke til kommentar
Morimdin Skrevet 8. januar 2008 Forfatter Del Skrevet 8. januar 2008 Gjorde som du sa, her er loggene ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-01-07.5 - Administrator 2008-01-08 21:12:55.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT 1:00] Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Program Files\kernel . ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-08 19:41 . 2008-01-08 20:25 <DIR> d-------- D:\Program Files\SUPERAntiSpyware 2008-01-08 19:41 . 2008-01-08 19:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-08 19:41 . 2008-01-08 19:41 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-01-08 18:17 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe 2008-01-08 18:09 . 2008-01-08 18:09 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard 2008-01-08 17:56 . 2008-01-08 17:56 <DIR> d-------- D:\Program Files\CCleaner 2008-01-08 17:40 . 2008-01-08 18:10 <DIR> d-------- D:\VundoFix Backups 2008-01-08 15:23 . 2008-01-08 15:24 10,740 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-08 15:23 . 2008-01-08 15:24 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-08 15:17 . 2008-01-08 15:24 <DIR> d-------- D:\Program Files\Symantec 2008-01-08 15:17 . 2008-01-08 16:38 <DIR> d-------- D:\Program Files\Norton AntiVirus 2008-01-08 15:17 . 2008-01-08 15:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Symantec 2008-01-08 15:17 . 2008-01-08 15:24 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-08 15:17 . 2008-01-08 15:24 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL 2008-01-08 15:16 . 2008-01-08 18:18 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared 2008-01-07 22:47 . 2008-01-08 15:49 39,936 --a------ D:\WINDOWS\mrofinu1044.exe.tmp 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\TransRender 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Temporary 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Samsung 2008-01-07 00:24 . 2008-01-07 00:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ConvertTemp 2008-01-07 00:21 . 2006-05-03 22:53 174,592 --a------ D:\WINDOWS\system32\framedyn.dll 2008-01-07 00:21 . 2006-07-24 16:05 5,632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys 2008-01-07 00:18 . 2008-01-07 00:18 <DIR> d-------- D:\WINDOWS\system32\Samsung_USB_Drivers 2008-01-07 00:18 . 2008-01-07 00:18 <DIR> d-------- D:\Program Files\Samsung 2008-01-07 00:18 . 2007-05-02 11:11 109,704 --a------ D:\WINDOWS\system32\drivers\ss_mdm.sys 2008-01-07 00:18 . 2007-05-02 11:11 83,592 --a------ D:\WINDOWS\system32\drivers\ss_bus.sys 2008-01-07 00:18 . 2007-05-02 11:11 15,112 --a------ D:\WINDOWS\system32\drivers\ss_mdfl.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_whnt.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_wh.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_cmnt.sys 2008-01-07 00:18 . 2007-05-02 11:11 12,424 --a------ D:\WINDOWS\system32\drivers\ss_cm.sys 2008-01-07 00:18 . 2005-08-28 20:51 766 --a------ D:\WINDOWS\system32\Uninstall.ico 2007-12-24 22:43 . 2007-12-24 22:43 <DIR> d-------- D:\Program Files\NCSoft 2007-12-19 22:25 . 2007-12-19 22:25 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\InterVideo 2007-12-13 15:49 . 2008-01-08 15:27 <DIR> d-------- D:\Program Files\QuickTime 2007-12-13 15:49 . 2007-12-13 15:49 <DIR> d-------- D:\Program Files\Apple Software Update 2007-12-13 15:49 . 2007-12-13 15:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple 2007-12-13 15:49 . 2007-12-23 23:16 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2007-12-13 15:49 . 2007-12-13 15:50 1,409 --a------ D:\WINDOWS\QTFont.for 2007-12-10 22:54 . 2007-12-10 22:54 <DIR> d-------- D:\Program Files\Common Files\Autodesk Shared 2007-12-10 22:54 . 2007-12-10 22:54 <DIR> d-------- D:\Program Files\Autodesk 2007-12-10 22:42 . 2007-12-10 22:42 <DIR> d-------- D:\Program Files\PowerISO 2007-12-10 14:32 . 2007-12-10 14:32 <DIR> d-------- D:\Program Files\Common Files\DirectX 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\InterVideo Information Service 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\Common Files\Ulead 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\Common Files\InterVideo 2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-09 21:47 . 2007-12-13 15:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-09 21:47 . 2006-05-11 18:41 654 --------- D:\WINDOWS\remove.iss 2007-12-09 21:46 . 2007-12-09 21:47 <DIR> d-------- D:\Program Files\InterVideo 2007-12-09 19:46 . 2007-12-09 19:45 103,736 --a------ D:\WINDOWS\system32\PnkBstrB.exe 2007-12-09 19:46 . 2007-10-19 04:18 63,040 --a------ D:\WINDOWS\system32\PnkBstrA.exe 2007-12-09 19:46 . 2007-12-09 19:46 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-09 19:38 . 2007-12-09 19:38 <DIR> d-------- D:\Program Files\uTorrent 2007-12-09 19:38 . 2008-01-08 21:12 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\uTorrent 2007-12-09 17:51 . 2007-12-09 17:51 <DIR> dr-h----- D:\Documents and Settings\Administrator\Application Data\SecuROM 2007-12-09 17:51 . 2007-12-09 17:51 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2007-12-09 17:48 . 2007-12-09 17:48 <DIR> d-------- D:\WINDOWS\system32\LogFiles 2007-12-09 15:32 . 2008-01-08 16:38 <DIR> d-------- D:\Program Files\DAEMON Tools 2007-12-08 11:44 . 2004-08-03 23:07 59,264 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-12-08 11:44 . 2004-08-03 23:07 59,264 --a--c--- D:\WINDOWS\system32\dllcache\usbaudio.sys 2007-12-08 00:11 . 2007-12-08 00:11 <DIR> d-------- D:\WINDOWS\Sun 2007-12-08 00:10 . 2007-12-08 00:10 <DIR> d-------- D:\Program Files\Java 2007-12-08 00:10 . 2007-12-08 00:10 <DIR> d-------- D:\Program Files\Common Files\Java 2007-12-08 00:10 . 2007-09-24 23:31 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2007-12-08 00:10 . 2007-12-08 00:11 666 --a------ D:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 18:43 --------- d-----w D:\Program Files\MSN Messenger 2008-01-06 23:20 --------- d--h--w D:\Program Files\InstallShield Installation Information 2007-12-11 22:19 12,400 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-12-10 21:54 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-12-07 22:59 --------- d-----w D:\Program Files\Common Files\Adobe 2007-12-05 05:03 --------- d-----w D:\Program Files\D-Link 2007-12-05 05:03 --------- d-----w D:\Documents and Settings\Administrator\Application Data\InstallShield 2007-12-05 04:11 --------- d-----w D:\Documents and Settings\Administrator\Application Data\vlc 2007-12-04 21:31 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Talkback 2007-12-04 21:04 --------- d-----w D:\Program Files\ffdshow 2007-12-04 21:03 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-12-03 22:40 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Winamp 2007-12-02 08:18 --------- d-----w D:\Program Files\Creative 2007-12-02 08:17 86,016 ----a-w D:\WINDOWS\system32\OpenAL32.dll 2007-12-02 08:17 413,696 ----a-w D:\WINDOWS\system32\wrap_oal.dll 2007-12-02 08:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Creative 2007-12-02 08:17 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Creative 2007-12-02 07:51 --------- d-----w D:\Program Files\microsoft frontpage 2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf 2007-11-28 18:25 7,680 ----a-w D:\WINDOWS\system32\ff_vfw.dll 2007-11-25 17:32 60,273 ----a-w D:\WINDOWS\system32\pthreadGC2.dll 2007-11-25 17:32 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll 2007-11-25 17:32 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll 2007-11-22 20:33 1,047,552 ----a-w D:\WINDOWS\system32\mfc71u.dll 2007-11-22 20:26 89,088 ----a-w D:\WINDOWS\system32\atl71.dll 2007-11-22 20:26 1,060,864 ----a-w D:\WINDOWS\system32\mfc71.dll 2007-10-30 18:55 625,032 ----a-w D:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w D:\WINDOWS\system32\SymRedir.dll 2007-10-22 02:39 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w D:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w D:\WINDOWS\system32\D3DCompiler_36.dll . <pre> ----a-w 39,792 2008-01-08 14:14:10 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 167,368 2008-01-08 14:14:12 D:\Program Files\DAEMON Tools\daemon .exe ----a-w 132,496 2008-01-08 14:14:10 D:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 6,033,920 2008-01-08 15:22:58 D:\Program Files\MSN Messenger\MsnMsgr .Exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-01-08_18.21.57.93 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-04 20:31:04 29,926 ----a-r D:\WINDOWS\Installer\{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}\MsblIco.Exe + 2008-01-08 18:43:07 29,926 ----a-r D:\WINDOWS\Installer\{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}\MsblIco.Exe + 2008-01-08 18:41:45 29,696 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2008-01-08 18:41:45 18,944 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-01-08 18:41:45 65,024 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-10-05 02:14 8491008] "nwiz"="nwiz.exe" [2007-10-05 02:14 1626112 D:\WINDOWS\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 20:32 17920 D:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 20:32 18944 D:\WINDOWS\system32\CTXFIHLP.EXE] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 02:14 81920] "WinampAgent"="E:\Programz\Winamp\winampa.exe" [ ] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ] "ISUSPM"="D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [ ] "QuickTime Task"="D:\Program Files\QuickTime\QTTask .exe" [ ] "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Winamp.lnk - E:\Programz\Winamp\winamp.exe [2007-10-10 06:29:14] æTorrent.lnk - D:\Program Files\uTorrent\uTorrent.exe [2007-12-09 19:38:19] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless Connection Manager.lnk - D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2007-12-05 06:03:51] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll R3 ha20x2k;Creative 20X HAL Driver;D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 20:16] R3 JSWSCIMD;jswscimd Service;D:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-07 01:30] R3 WSIMD;wsimd Service;D:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\setup.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-04 14:16:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-08 14:20:53 D:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job" - D:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 21:13:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-08 21:13:40 ComboFix-quarantined-files.txt 2008-01-08 20:13:39 ComboFix2.txt 2008-01-08 17:22:06 HJT Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:15:24, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe D:\WINDOWS\CTHELPER.EXE D:\WINDOWS\system32\CTXFIHLP.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\WINDOWS\SYSTEM32\CTXFISPI.EXE D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe D:\Program Files\uTorrent\uTorrent.exe D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\MSN Messenger\usnsvc.exe D:\WINDOWS\explorer.exe D:\Documents and Settings\Administrator\Desktop\New Folder\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] E:\Programz\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Winamp.lnk = E:\Programz\Winamp\winamp.exe O4 - Startup: µTorrent.lnk = D:\Program Files\uTorrent\uTorrent.exe O4 - Global Startup: Wireless Connection Manager.lnk = D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Atheros - D:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccApp.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccApp.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 5412 bytes Lenke til kommentar
norbat Skrevet 8. januar 2008 Del Skrevet 8. januar 2008 Får du installert/kjørt SuperAntispyware nå? Hvis, så gjør du det og poster loggen den lager hvis den finner noe annet enn tracking cookies (logg: preferences->statistics/logs) Lenke til kommentar
Morimdin Skrevet 8. januar 2008 Forfatter Del Skrevet 8. januar 2008 Får du installert/kjørt SuperAntispyware nå?Hvis, så gjør du det og poster loggen den lager hvis den finner noe annet enn tracking cookies (logg: preferences->statistics/logs) Kjørte Superantispyware scan 2 ganger, første log Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/08/2008 at 08:07 PM Application Version : 3.9.1008 Core Rules Database Version : 3376 Trace Rules Database Version: 1370 Scan type : Complete Scan Total Scan Time : 00:23:02 Memory items scanned : 371 Memory threats detected : 0 Registry items scanned : 4813 Registry threats detected : 5 File items scanned : 36012 File threats detected : 21 Adware.Vundo Variant HKLM\Software\Classes\CLSID\{C296D798-9204-4322-942B-456AF104DADA} HKCR\CLSID\{C296D798-9204-4322-942B-456AF104DADA} HKCR\CLSID\{C296D798-9204-4322-942B-456AF104DADA}\InprocServer32 HKCR\CLSID\{C296D798-9204-4322-942B-456AF104DADA}\InprocServer32#ThreadingModel D:\WINDOWS\SYSTEM32\JKKJJ.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C296D798-9204-4322-942B-456AF104DADA} Adware.Tracking Cookie D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt D:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt Adware.StarsDoor D:\PROGRAM FILES\KERNEL\KERNEL .EXE Adware.ClickSpring/Yazzle D:\QOOBOX\QUARANTINE\D\PROGRAM FILES\COMMON FILES\YAZZLE1848OINUNINSTALLER.EXE.VIR D:\WINDOWS\PREFETCH\YAZZLE1848OINADMIN.EXE-3905D6AF.PF Trojan.Unknown Origin D:\QOOBOX\QUARANTINE\D\WINDOWS\SYSTEM32\WTSSVSU.EXE.VIR D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0007500.EXE Trojan.Vundo/Variant-Installer D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004230.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004231.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004272.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0006497.EXE Adware.ClickSpring D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004247.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0005292.EXE Adware.Vundo-Variant D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004271.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004345.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0005302.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0006323.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0006496.DLL Adware.ClickSpring-Variant D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP55\A0004344.EXE Trojan.Unclassifed/AffiliateBundle D:\VUNDOFIX BACKUPS\VTUSPOL.DLL.BAD Andre logg Klikk for å se/fjerne innholdet nedenfor sSUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/08/2008 at 08:34 PM Application Version : 3.9.1008 Core Rules Database Version : 3376 Trace Rules Database Version: 1370 Scan type : Complete Scan Total Scan Time : 00:22:20 Memory items scanned : 325 Memory threats detected : 0 Registry items scanned : 4814 Registry threats detected : 0 File items scanned : 36000 File threats detected : 3 Adware.Tracking Cookie D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt D:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt Adware.StarsDoor D:\SYSTEM VOLUME INFORMATION\_RESTORE{2A04D74D-93D8-4546-9EB1-2A1D0C6EA8EA}\RP56\A0008573.EXE Lenke til kommentar
norbat Skrevet 8. januar 2008 Del Skrevet 8. januar 2008 Ok, det ser da ut som at SAS har gjort jobben sin. Hvordan kjører PC-en? Lenke til kommentar
Morimdin Skrevet 8. januar 2008 Forfatter Del Skrevet 8. januar 2008 Virker som ting er i orden så langt i alle fall! får håpe det fortsetter slik Tusen hjertelig takk for hjelpen! du er en lifesaver Lenke til kommentar
norbat Skrevet 8. januar 2008 Del Skrevet 8. januar 2008 Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå