JFM Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Tanta mi har også fått dette MSN visuset som man får når man trykker på linkene man får. Her er HJT-loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56:05, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\NETGEAR\WG311v3\WinDomainlogon.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\NETGEAR\WG311v3\wlancfg5.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Eli\Skrivebord\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSN] lssas.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- End of file - 4964 bytes Endret 20. januar 2008 av JFM Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Hei, ja denne linja i hjt tyder på det: O4 - HKLM\..\Run: [MSN] lssas.exe Den kan du la hjt fixe. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 combofix logg: ComboFix 08-01-11.3 - Eli 2008-01-12 18:14:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.59 [GMT 1:00]Running from: C:\Documents and Settings\Eli\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 18:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 22:34 . 2008-01-11 22:34 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2007-12-28 17:32 . 2007-12-28 17:32 268 --ah----- C:\sqmdata03.sqm 2007-12-28 17:32 . 2007-12-28 17:32 244 --ah----- C:\sqmnoopt03.sqm 2007-12-14 16:07 . 2007-12-14 16:07 268 --ah----- C:\sqmdata02.sqm 2007-12-14 16:07 . 2007-12-14 16:07 244 --ah----- C:\sqmnoopt02.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 11:05 --------- d-----w C:\Documents and Settings\Eli\Programdata\AVG7 2007-12-03 19:55 --------- d-----w C:\Documents and Settings\Eli\Programdata\LimeWire 2007-11-22 18:21 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-11-22 18:15 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-22 18:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-11-22 17:54 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-22 17:52 --------- d-----w C:\Programfiler\MSBuild 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys 2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys 2005-03-01 09:16 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:03 15360] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 11:01 579072] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 19:03 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ NETGEAR WG311v3 Smart Wizard.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2007-09-15 13:26:58] R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-10-06 14:26] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 18:19:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 18:20:52 ComboFix-quarantined-files.txt 2008-01-12 17:20:33 . 2008-01-09 20:22:33 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Denne fila sletter du: C:\WINDOWS\lssas.exe Enten via utforsker eller vha. combofix: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\lssas.exe Post i såfall ny combofix-logg. Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) Ny combofix logg: ComboFix 08-01-11.3 - Eli 2008-01-12 18:32:24.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.65 [GMT 1:00] Running from: C:\Documents and Settings\Eli\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Eli\Skrivebord\CFScript.txt * Created a new restore point FILE C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 18:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-28 17:32 . 2007-12-28 17:32 268 --ah----- C:\sqmdata03.sqm 2007-12-28 17:32 . 2007-12-28 17:32 244 --ah----- C:\sqmnoopt03.sqm 2007-12-14 16:07 . 2007-12-14 16:07 268 --ah----- C:\sqmdata02.sqm 2007-12-14 16:07 . 2007-12-14 16:07 244 --ah----- C:\sqmnoopt02.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 11:05 --------- d-----w C:\Documents and Settings\Eli\Programdata\AVG7 2007-12-03 19:55 --------- d-----w C:\Documents and Settings\Eli\Programdata\LimeWire 2007-11-22 18:21 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-11-22 18:15 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-22 18:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-11-22 17:54 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-22 17:52 --------- d-----w C:\Programfiler\MSBuild 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys 2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys 2005-03-01 09:16 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-12_18.19.48,03 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 17:13:28 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-12 17:32:04 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-12 17:13:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-12 17:32:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-12 17:13:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-12 17:32:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-12 17:13:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-12 17:32:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-12 17:13:29 2,736,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-12 17:32:05 2,736,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-12 17:13:29 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-12 17:32:05 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:03 15360] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 11:01 579072] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 19:03 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ NETGEAR WG311v3 Smart Wizard.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2007-09-15 13:26:58] R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-10-06 14:26] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 18:36:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 18:38:27 ComboFix-quarantined-files.txt 2008-01-12 17:38:09 ComboFix2.txt 2008-01-12 17:20:54 . 2008-01-09 20:22:33 --- E O F --- Endret 12. januar 2008 av JFM Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Er pc-en virusfri nå? Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Så langt mitt øye kan se, ja. Loggen viser ingen filer knyttet til noen infeksjoner. Kjører MSN ok? Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
ole_marius Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 tror du slipper det viruset vis du skifter til amsn. for de som ikke hvet hva a msn er er det en annen produsent en microsoft. så du slipper alle feilene fra microsoft. og funker på windows, linux og mac mitt råd, bytt til amsn nå!!! Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Nå kom også en annen slektning med sin maskin. Hu har og MSN viruset. HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:09, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\semwltray.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\FirstClass\fcc32.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Silje\Skrivebord\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Programfiler\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup O4 - HKLM\..\Run: [sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray O4 - HKLM\..\Run: [Microsoft Office] C:\DOCUME~1\Silje\LOKALE~1\Temp\spoolsv.exe O4 - HKLM\..\Run: [Flash Player] C:\DOCUME~1\Silje\LOKALE~1\Temp\msnmsgr.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158522236453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158522322625 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL (file missing) O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe -- End of file - 10393 bytes Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 På denne kan du kjøre gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene poster du her i din egen tråd. Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) Ble litt treig med denne posten. Combofix-logg: ComboFix 08-01-11.3 - Silje 2008-01-12 23:35:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.110 [GMT 3:00] Running from: C:\Documents and Settings\Silje\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system\sservice.exe C:\WINDOWS\system32\fservice.exe . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 23:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 22:21 . 2008-01-12 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-12 22:20 . 2008-01-12 22:23 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-12 22:20 . 2008-01-12 22:20 <DIR> d-------- C:\Documents and Settings\Silje\Programdata\SUPERAntiSpyware.com 2008-01-12 22:18 . 2008-01-12 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-01-12 22:17 . 2008-01-12 22:17 <DIR> dr-h----- C:\Documents and Settings\Silje\Siste 2008-01-12 22:15 . 2008-01-12 22:15 <DIR> d-------- C:\Programfiler\Yahoo! 2008-01-12 22:15 . 2008-01-12 22:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-10 17:53 . 2008-01-10 17:53 206 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-09 16:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-02 20:59 . 2008-01-02 20:59 39,424 --a------ C:\Documents and Settings\Silje\sdwcgd.exe 2008-01-01 23:43 . 2008-01-01 23:48 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-01 23:43 . 2008-01-01 23:47 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-01 23:43 . 2008-01-01 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-09 13:56 --------- d-----w C:\Programfiler\Java 2008-01-01 19:29 --------- d-----w C:\Programfiler\Google 2008-01-01 18:44 --------- d-----w C:\Programfiler\FirstClass 2008-01-01 18:44 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-12-21 12:00 --------- d-----w C:\Programfiler\Norton Security Scan 2007-12-21 10:56 --------- d-----w C:\Programfiler\LimeWire 2007-12-06 18:19 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-03-13 19:38 2,642 -c--a-w C:\Programfiler\DICEWARS - flash game.htm . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 17:14 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [ ] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 12:11 925696] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 16:06 716800] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 12:56 122880] "HP Software Update"="c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 06:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 19:01 761946] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 15:13 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 21:12 17920] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 12:38 131072] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 10:30 40960] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 14:58 184320] "GCXX-Manager-Class"="C:\Programfiler\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2005-03-12 17:41 811113] "Sony Ericsson Wireless Manager UI"="C:\WINDOWS\system32\semwltray" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 17:16:02] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2006-09-17 22:21:42] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 21:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 11:00] R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-01-10 10:52] R2 setrysvc;Sony Ericsson Wireless LAN Tray Service;C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe [] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 14:19] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50] S3 SEM43XX;Driver for Sony Ericsson trådløst 802.11 LAN-kort SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-01-03 07:05] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 06:32] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 06:32] S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2004-12-21 19:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118f5b91-6f31-11db-bc4d-001641bafe40}] \Shell\AutoRun\command - F:\Autorun.exe /run \Shell\Shell00\Command - F:\Autorun.exe /run \Shell\Shell01\Command - F:\Autorun.exe /action \Shell\Shell02\Command - F:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2f785a-6c01-11db-bc48-0014a5f2cde8}] \Shell\AutoRun\command - F:\Autorun.exe /run \Shell\Shell00\Command - F:\Autorun.exe /run \Shell\Shell01\Command - F:\Autorun.exe /action \Shell\Shell02\Command - F:\Autorun.exe /uninstall . Contents of the 'Scheduled Tasks' folder "2007-12-21 12:31:35 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe "2008-01-12 19:23:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 23:41:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????\??????R?@?????,?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 23:43:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-12 20:43:11 . 2008-01-10 14:54:01 --- E O F --- SAS-logg (Jeg sletta alt jeg fant. Men poster opp loggen fra som lagdes når jeg sletta dem): SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/12/2008 at 11:28 PM Application Version : 3.9.1008 Core Rules Database Version : 3379 Trace Rules Database Version: 1373 Scan type : Complete Scan Total Scan Time : 00:31:23 Memory items scanned : 619 Memory threats detected : 0 Registry items scanned : 5345 Registry threats detected : 0 File items scanned : 32150 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Silje\Cookies\silje@adtech[2].txt Trojan.Downloader-Gen/Suspicious C:\DOCUMENTS AND SETTINGS\SILJE\ZCTHPF.EXE C:\WINDOWS\Prefetch\ZCTHPF.EXE-1A641BAD.pf HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43:49, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\semwltray.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Silje\Skrivebord\HiJackThis\søk scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Programfiler\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup O4 - HKLM\..\Run: [sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158522236453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158522322625 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe -- End of file - 10885 bytes Håper jeg har gjort dette rett... Endret 12. januar 2008 av JFM Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Jada, du har utført dette til bestått. Sjekk følgende fil på nettstedet Jotti: C:\Documents and Settings\Silje\sdwcgd.exe Det du gjør er å last opp fila slik at det blir foretatt en scan. Du laster opp fila øverst på nettstedet. Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) Serveren er opptatt for tiden så det kan ta tid Endret 12. januar 2008 av JFM Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Ja, det kan være litt ventetid. En alt. kan være http://www.virustotal.com/ (kan være stor pågang der også) Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) Jada, du har utført dette til bestått. Sjekk følgende fil på nettstedet Jotti: C:\Documents and Settings\Silje\sdwcgd.exe Det du gjør er å last opp fila slik at det blir foretatt en scan. Du laster opp fila øverst på nettstedet. Logg: File: sdwcgd.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 43094663427590bf656fc635739e5199 Packers detected: PE_PATCH.UPX, UPX Bit9 reports: File not found Scanner results Scan taken on 12 Jan 2008 21:10:45 (GMT) AntiVir. Found BDC/Agent.CSN ArcaVir Found Riskware.Server-proxy.3proxy.K Avast Found nothing AVG Antivirus Found nothing BitDefender Found BehavesLike:Win32.Backdoor (probable variant) ClamAV Found nothing CPsecure Found Server-Proxy.W32.3proxy.K Dr.Web Found nothingF-Prot Antivirus Found W32/Proxy.BZG F-Secure Anti-Virus Found Backdoor:W32/Agent.CSN, not-a-virus:Server-Proxy.Win32.3proxy.k (6, 2, 608) Fortinet Found Misc/3proxy I karus Found not-a-virus:Server-Proxy.Win32.3proxy.k Kaspersky Anti-Virus Found not-a-virus:Server-Proxy.Win32.3proxy.k NOD32 Found nothing Norman Virus Control Found W32/Horst.gen28 Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found Mal/Heuri-D VirusBuster Found nothing VBA32 Found nothing Ble litt rot her. Skal jeg bare slette fila manuelt? Endret 12. januar 2008 av JFM Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Du kan godt la combofix slette den. Det vil da lages en logg igjen som kan være grei å få sjekket en siste gang: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\Documents and Settings\Silje\sdwcgd.exe Post loggen. Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Du kan godt la combofix slette den. Det vil da lages en logg igjen som kan være grei å få sjekket en siste gang: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\Documents and Settings\Silje\sdwcgd.exe Post loggen. Jeg har alt slettet den manuelt. Skal jeg poste en HJT-logg eller noe? Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 En siste Combofix-logg kunne være ok Lenke til kommentar
JFM Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Combofix-loggen: ComboFix 08-01-11.3 - Silje 2008-01-13 1:21:58.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.145 [GMT 3:00] Running from: C:\Documents and Settings\Silje\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 23:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 22:21 . 2008-01-12 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-12 22:20 . 2008-01-12 23:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-12 22:20 . 2008-01-12 22:20 <DIR> d-------- C:\Documents and Settings\Silje\Programdata\SUPERAntiSpyware.com 2008-01-12 22:18 . 2008-01-12 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-01-12 22:17 . 2008-01-12 22:17 <DIR> dr-h----- C:\Documents and Settings\Silje\Siste 2008-01-12 22:15 . 2008-01-12 22:15 <DIR> d-------- C:\Programfiler\Yahoo! 2008-01-12 22:15 . 2008-01-12 22:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-10 17:53 . 2008-01-10 17:53 206 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-09 16:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-01 23:43 . 2008-01-01 23:48 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-01 23:43 . 2008-01-01 23:47 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-01 23:43 . 2008-01-01 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-09 13:56 --------- d-----w C:\Programfiler\Java 2008-01-01 19:29 --------- d-----w C:\Programfiler\Google 2008-01-01 18:44 --------- d-----w C:\Programfiler\FirstClass 2008-01-01 18:44 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-12-21 12:00 --------- d-----w C:\Programfiler\Norton Security Scan 2007-12-21 10:56 --------- d-----w C:\Programfiler\LimeWire 2007-12-06 18:19 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 06:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 06:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-18 08:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-03-13 19:38 2,642 -c--a-w C:\Programfiler\DICEWARS - flash game.htm . ((((((((((((((((((((((((((((( snapshot@2008-01-12_23.42.59.45 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 20:35:58 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-12 21:54:23 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-12 20:35:59 61,698 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-01-12 21:54:23 61,698 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-01-12 20:35:59 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-12 21:54:23 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-12 20:35:59 387,980 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-01-12 21:54:23 387,980 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 17:14 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [ ] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 12:11 925696] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 16:06 716800] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 12:56 122880] "HP Software Update"="c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 06:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 19:01 761946] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 15:13 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 21:12 17920] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 12:38 131072] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 10:30 40960] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 14:58 184320] "GCXX-Manager-Class"="C:\Programfiler\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2005-03-12 17:41 811113] "Sony Ericsson Wireless Manager UI"="C:\WINDOWS\system32\semwltray" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 17:16:02] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2006-09-17 22:21:42] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 21:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 11:00] R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-01-10 10:52] R2 setrysvc;Sony Ericsson Wireless LAN Tray Service;C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe [] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 14:19] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50] S3 SEM43XX;Driver for Sony Ericsson trådløst 802.11 LAN-kort SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-01-03 07:05] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 06:32] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 06:32] S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2004-12-21 19:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118f5b91-6f31-11db-bc4d-001641bafe40}] \Shell\AutoRun\command - F:\Autorun.exe /run \Shell\Shell00\Command - F:\Autorun.exe /run \Shell\Shell01\Command - F:\Autorun.exe /action \Shell\Shell02\Command - F:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2f785a-6c01-11db-bc48-0014a5f2cde8}] \Shell\AutoRun\command - F:\Autorun.exe /run \Shell\Shell00\Command - F:\Autorun.exe /run \Shell\Shell01\Command - F:\Autorun.exe /action \Shell\Shell02\Command - F:\Autorun.exe /uninstall . Contents of the 'Scheduled Tasks' folder "2007-12-21 12:31:35 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe "2008-01-12 22:23:08 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 01:24:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????\??????R?@?????,?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 1:24:55 ComboFix-quarantined-files.txt 2008-01-12 22:24:44 ComboFix2.txt 2008-01-12 20:43:15 . 2008-01-10 14:54:01 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Ser fint ut. Du kan avinstallere Combofix: Klikk: Start->Kjør Skriv: ComboFix /u Combofix vil starte og deretter avinstallere seg. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Du bør også overveie å oppdatere til IE 7 Endret 12. januar 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå