Gå til innhold
Trenger du hjelp med PCen? Still spørsmål her! ×

Virus\Trojan horse, who knows :\

Clarice

Av Clarice
i Maskinen fungerer ikke

Anbefalte innlegg

Clarice

Clarice

Skrevet
Skrevet (endret)

er blitt drit irritert over et virus\trojan horse, eller ka søren d er. fikk det igår 21.01.07 da eg va innom ei sida der man finner cd-keys osv. va utrolig dumt av meg å "download" sånn .rar fil som hadde 3 filer inni seg i form av cmos icon eller ka det hette. etter det så har det så popper det mange nettsider som først og frems er anti-virus\malware\spyware sider. står at PC-en er i fare for virus infeksjon osv. har prøvd avg og ad-aware, og norton, men forsatt ikke helt fiksa problemet. har sånt rare ikon i "system trey" hver gang jeg starter PC-en. bare se bilde som er vedlagt.post-110374-1200955559_thumb.jpg

post-110374-1200955542_thumb.jpg

Endret av Clarice
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Clarice

Clarice

Skrevet
  • Forfatter
Skrevet (endret)

her er loggen fra "HijackThis"

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:47, on 22.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

C:\Programfiler\Azureus\Azureus.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnl.exe

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunOnce: [FWCfg_Launch] C:\Programfiler\Fellesfiler\Symantec Shared\Firewall\FWCfg.exe /i /s "C:\Programfiler\Fellesfiler\Symantec Shared\Firewall\AppendRules.xml"

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background

O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gjest')

O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gjest')

O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Gjest')

O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background (User 'Gjest')

O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmnnl.dll,c (User 'Gjest')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 6096 bytes

 

 

 

 

 

 

Pleide desutten å få feil angående windows\system32\pmnnl.exe da utbruddet kom, men d har fiksa seg. sto at den ikje kunne bli "loaded" tror eg.

Endret av Clarice
Lenke til kommentar
Clarice

Clarice

Skrevet
  • Forfatter
Skrevet

http://housecall65.trendmicro.com/

 

har vært inne på denne sida der man tar web-basert anti-virus scanning, og d funka bra.. men det programmet også ikke klarer å slette denne "Adware_Virtumundo" som det oppdager.står: "Adware_Virtumundo: This adware arrives on a system as a dropped file of other program, or as a file downloaded from internet. Upon execution, it drop its DLL component the windows system folder" har det noe med den pmnnl fila som nevnt overfør?

Lenke til kommentar
Clarice

Clarice

Skrevet
  • Forfatter
Skrevet

her er det:

 

Combofix:

 

ComboFix 08-01-21.4 - Admin 2008-01-22 12:55:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.3119 [GMT 1:00]

Running from: C:\Documents and Settings\Admin\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\Helper

C:\Programfiler\Helper\superfindout.dll

C:\WINDOWS\aconti.log

C:\WINDOWS\acontidialer.txt

C:\WINDOWS\system32\7_exception.nls

C:\WINDOWS\system32\adult.txt

C:\WINDOWS\system32\byxyvts.dll

C:\WINDOWS\system32\finance.txt

C:\WINDOWS\system32\lnnmp.ini

C:\WINDOWS\system32\lnnmp.ini2

C:\WINDOWS\system32\lt.res

C:\WINDOWS\system32\other.txt

C:\WINDOWS\system32\pharma.txt

C:\WINDOWS\system32\pmnnl.dll

C:\WINDOWS\system32\sft.res

C:\WINDOWS\system32\winmxw32.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\runtime

 

 

((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))

.

 

2008-01-22 12:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-22 12:30 . 2008-01-22 12:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-22 12:30 . 2008-01-22 12:30 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-22 11:26 . 2008-01-22 11:26 <DIR> d-------- C:\Programfiler\Trend Micro

2008-01-21 22:35 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE

2008-01-21 22:35 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL

2008-01-21 22:35 . 2004-08-04 00:03 24,064 --a------ C:\WINDOWS\system32\wsock32.dlb

2008-01-21 22:17 . 2008-01-21 22:41 <DIR> d-------- C:\Programfiler\Norton 360

2008-01-21 22:17 . 2008-01-21 22:38 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-21 22:17 . 2008-01-21 22:38 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-21 22:17 . 2008-01-21 22:38 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-21 22:17 . 2008-01-21 22:38 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-21 22:16 . 2008-01-21 22:38 <DIR> d-------- C:\Programfiler\Symantec

2008-01-21 22:16 . 2008-01-22 12:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-21 16:06 . 2008-01-21 16:06 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

2008-01-21 14:15 . 2008-01-21 14:15 103,936 --a------ C:\WINDOWS\system32\drvmod.dll

2008-01-21 14:15 . 2008-01-21 14:15 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga

2008-01-21 14:15 . 2008-01-21 14:15 25,600 --a------ C:\WINDOWS\system32\socksys.dll

2008-01-21 11:55 . 2008-01-21 11:55 <DIR> d-------- C:\Programfiler\Microsoft Games

2008-01-21 11:26 . 2008-01-21 16:05 <DIR> d-------- C:\Programfiler\DAEMON Tools Pro

2008-01-21 10:34 . 2008-01-21 10:34 <DIR> d-------- C:\Programfiler\Alcohol Soft

2008-01-20 23:10 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-01-19 18:29 . 2008-01-19 18:36 <DIR> d-------- C:\Programfiler\WinLauncherXP

2008-01-19 15:03 . 2008-01-19 15:03 268 --ah----- C:\sqmdata01.sqm

2008-01-19 15:03 . 2008-01-19 15:03 244 --ah----- C:\sqmnoopt01.sqm

2008-01-19 14:40 . 2008-01-19 14:40 268 --ah----- C:\sqmdata00.sqm

2008-01-19 14:40 . 2008-01-19 14:40 244 --ah----- C:\sqmnoopt00.sqm

2008-01-19 13:20 . 2008-01-19 13:20 <DIR> d-------- C:\Programfiler\Acclaim Entertainment

2008-01-19 03:21 . 2008-01-21 10:08 <DIR> d-------- C:\Programfiler\CAPCOM

2008-01-19 03:11 . 2008-01-19 03:11 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-18 23:20 . 2008-01-19 01:22 <DIR> d-------- C:\Programfiler\Project64 1.6

2008-01-18 16:33 . 2008-01-18 16:33 <DIR> d-------- C:\Programfiler\Hitman series

2008-01-18 15:57 . 2008-01-18 15:59 <DIR> d-------- C:\Programfiler\NVIDIA nTune Performance Application

2008-01-08 21:26 . 2008-01-08 21:26 <DIR> d-------- C:\Programfiler\LimeWire

2007-12-29 00:19 . 2008-01-20 00:39 <DIR> d-------- C:\Programfiler\Yahoo!

2007-12-28 14:40 . 2008-01-13 16:29 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI

2007-12-24 19:28 . 2008-01-21 10:04 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-24 17:42 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe

2007-12-24 17:42 . 2005-11-02 16:20 49,883 --------- C:\WINDOWS\UNNMP.cfg

2007-12-24 17:40 . 2007-12-24 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero

2007-12-24 17:39 . 2005-09-07 18:08 3,006,464 --------- C:\WINDOWS\UNNeroVision.exe

2007-12-24 17:39 . 2005-11-02 16:20 224,756 --------- C:\WINDOWS\UNNeroVision.cfg

2007-12-24 17:38 . 2007-12-24 17:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-12-24 17:38 . 2007-12-24 17:42 <DIR> d-------- C:\Programfiler\Ahead

2007-12-24 17:38 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-12-24 17:38 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-12-24 17:38 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-12-24 17:38 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-12-24 17:38 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-12-24 17:38 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-12-24 17:38 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-12-24 15:13 . 2007-12-24 15:22 <DIR> d-------- C:\Programfiler\THQ

2007-12-22 23:28 . 2007-12-22 23:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-12-22 23:03 . 2007-12-22 23:03 <DIR> d-------- C:\UT2004Demo

2007-12-22 22:19 . 2007-12-22 22:19 <DIR> d--h----- C:\WINDOWS\PIF

2007-12-22 21:55 . 2007-12-22 22:13 <DIR> d-------- C:\Programfiler\Driver

2007-12-22 21:53 . 2008-01-18 15:46 <DIR> d-------- C:\Programfiler\Team17

2007-12-22 21:52 . 2007-12-22 21:52 <DIR> d-------- C:\Programfiler\AC3Filter

2007-12-22 21:09 . 2007-12-25 19:54 <DIR> d-------- C:\Programfiler\Return to Castle Wolfenstein

2007-12-22 21:07 . 2007-12-22 21:16 810 --a------ C:\WINDOWS\Rtcw.INI

2007-12-22 20:18 . 2007-12-22 20:46 <DIR> d-------- C:\Programfiler\Mafia

2007-12-22 20:18 . 2003-04-09 10:28 233,472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe

2007-12-22 19:15 . 2002-12-18 16:23 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx

2007-12-22 19:15 . 2002-12-18 16:23 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX

2007-12-22 19:15 . 2002-12-18 16:23 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL

2007-12-22 19:15 . 2002-12-18 16:23 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll

2007-12-22 19:15 . 2002-12-18 16:23 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll

2007-12-22 19:15 . 2002-12-18 16:23 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca

2007-12-22 19:15 . 2002-12-18 16:23 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca

2007-12-22 19:15 . 2002-12-19 05:20 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe

2007-12-22 19:15 . 2002-12-18 16:23 24,576 --------- C:\WINDOWS\system32\msxml3a.dll

2007-12-22 18:22 . 2007-12-22 18:22 <DIR> d-------- C:\WINDOWS\Sun

2007-12-22 18:22 . 2007-12-22 18:22 <DIR> d-------- C:\Programfiler\Java

2007-12-22 18:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-22 18:21 . 2007-12-22 18:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2007-12-22 16:56 . 2007-12-27 13:41 <DIR> d-------- C:\Programfiler\Azureus

2007-12-22 16:46 . 2008-01-21 00:21 <DIR> d-------- C:\Programfiler\Eidos

2007-12-22 16:46 . 2008-01-21 10:33 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-12-22 13:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-22 13:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-12-22 13:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-22 02:19 . 2007-12-22 19:26 <DIR> d-------- C:\Programfiler\Ubisoft

2007-12-22 01:27 . 2008-01-22 12:01 <DIR> d-------- C:\Programfiler\Rockstar Games

2007-12-22 01:20 . 2007-12-23 00:43 1,285 --a------ C:\WINDOWS\mozver.dat

2007-12-22 01:14 . 2007-12-22 01:14 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-22 00:54 . 2007-12-22 00:54 <DIR> d-------- C:\Programfiler\MSXML 4.0

2007-12-22 00:29 . 2007-12-22 00:29 <DIR> d-------- C:\WINDOWS\system32\nb-no

2007-12-22 00:16 . 2007-12-22 00:16 <DIR> d-------- C:\Programfiler\id Software

2007-12-22 00:14 . 2007-12-22 00:14 <DIR> d--hs---- C:\WINDOWS\ftpcache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-22 11:01 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-21 13:25 --------- d-----w C:\Programfiler\EA GAMES

2008-01-21 10:48 --------- d-----w C:\Programfiler\DeusEx

2008-01-21 00:16 --------- d-----w C:\Programfiler\Sierra

2008-01-19 01:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-12-21 20:34 --------- d-----w C:\Programfiler\Logitech

2007-12-21 20:34 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2007-12-21 20:27 --------- d-----w C:\Programfiler\GameSpy Arcade

2007-12-21 19:59 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-12-21 19:45 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-12-21 19:22 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-21 19:22 --------- d-----w C:\Programfiler\Windows Live

2007-12-21 19:11 98,304 ----a-w C:\WINDOWS\system32\qttask.exe

2007-12-21 19:10 --------- d-----w C:\Programfiler\ACE Mega CoDecS Pack

2007-12-21 19:05 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2007-12-21 19:05 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2007-12-21 18:55 --------- d-----w C:\Programfiler\Creative

2007-12-21 18:43 --------- d-----w C:\Programfiler\Geforce 7900 GT

2007-12-21 18:33 --------- d-----w C:\Programfiler\GIGABYTE

2007-12-21 18:24 --------- d-----w C:\Programfiler\AMD

2007-12-21 18:21 --------- d--h--w C:\Programfiler\Uninstall Information

2007-12-21 18:16 --------- d-----w C:\Programfiler\microsoft frontpage

2007-12-21 18:14 --------- d-----w C:\Programfiler\Elektroniske tjenester

2007-12-21 18:13 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-12-21 18:13 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll

2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

.

<pre>
----a-w		   579,072 2008-01-21 15:08:48  C:\Programfiler\Grisoft\AVG7\avgcc .exe
----a-w			15,360 2008-01-21 15:06:00  C:\WINDOWS\system32\ctfmon .exe
</pre>

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" [ ]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"CTHelper"="CTHELPER.EXE" [2005-10-29 12:31 16384 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 12:31 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]

"MSDrive"="C:\WINDOWS\system32\drvmod.dll" [2008-01-21 14:15 103936]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Trb11.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2004-02-25 17:15 454656 C:\Programfiler\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2004-02-25 17:06 212992 C:\Programfiler\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-21 20:11 98304 C:\WINDOWS\system32\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

 

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 12:16]

S3 asbp2poa;asbp2poa;C:\DOCUME~1\Admin\LOKALE~1\Temp\asbp2poa.sys []

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 05:09]

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-22 12:59:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\drvmod.dll

.

Completion time: 2008-01-22 13:01:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-22 12:01:19

.

2008-01-16 06:10:36 --- E O F ---

 

 

 

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:01:46, on 22.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 5516 bytes

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Ja nå begynner det og hjelpe.

 

Start hjt merk disse filene så fixed.

O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

 

Restart.

 

Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen]

Så du ikke blir infisert ved systemgjenoppretting.

 

Da sier vi det er greit.

 

Husk det er en egen forum for dette.

https://www.diskusjon.no/index.php?showforum=131

Endret av SNIPPSAT
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...