AmuLA Skrevet 27. januar 2008 Del Skrevet 27. januar 2008 (endret) Heisann Har problemer med viruset: trojan-downloader.conhook Veit kva fil som er infisert, ei geedb.dll fil som ligg C:/windows/system32 Men eg får ikkje til å slette den. Har starta i sikkerheitsmodus også, men fer den fortsatt ikkje fjerna. kan nokon hjelpe meg? Har HJT logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:36, on 27.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Spyware Doctor\pctsTray .exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Spyware Doctor\pctsGui.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cinet.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\fredrik\Lokale innstillinger\Temp\TMP6E.tmp O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAID Manager.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.cinet.no O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/ O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/ O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe -- End of file - 7438 bytes Endret 27. januar 2008 av AmuLA Lenke til kommentar
snippsat Skrevet 27. januar 2008 Del Skrevet 27. januar 2008 last ned Vundofix Scan for Vundo. Når det er ferdig "Remove vundo" Logg fra vundofix,vanligvis C:\vundofix.txt Poster du. Last ned kjør SAS free Post logg. Etter dette restart og ny hjt-logg. Lenke til kommentar
AmuLA Skrevet 27. januar 2008 Forfatter Del Skrevet 27. januar 2008 Takker:) Holder på å gjere det no. poster logg når alt er ferdig ;-) Lenke til kommentar
AmuLA Skrevet 27. januar 2008 Forfatter Del Skrevet 27. januar 2008 (endret) Vundologg: VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 22:55:05 27.01.2008 Listing files found while scanning.... C:\windows\I386\$OEM$\$1\FACTORY\INSTCD.EXE C:\WINDOWS\system32\bdeeg.ini C:\WINDOWS\system32\bdeeg.ini2 C:\WINDOWS\system32\fegmcfqq.dll C:\WINDOWS\system32\gafwuyar.dll C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\nnnkkli.dll C:\WINDOWS\system32\qqfcmgef.ini C:\WINDOWS\system32\rayuwfag.ini Beginning removal... Attempting to delete C:\windows\I386\$OEM$\$1\FACTORY\INSTCD.EXE C:\windows\I386\$OEM$\$1\FACTORY\INSTCD.EXE Could not be deleted. Attempting to delete C:\WINDOWS\system32\bdeeg.ini C:\WINDOWS\system32\bdeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\bdeeg.ini2 C:\WINDOWS\system32\bdeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\fegmcfqq.dll C:\WINDOWS\system32\fegmcfqq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gafwuyar.dll C:\WINDOWS\system32\gafwuyar.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\geedb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnkkli.dll C:\WINDOWS\system32\nnnkkli.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qqfcmgef.ini C:\WINDOWS\system32\qqfcmgef.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rayuwfag.ini C:\WINDOWS\system32\rayuwfag.ini Has been deleted! Performing Repairs to the registry. Done! Superantispyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/27/2008 at 11:41 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Quick Scan Total Scan Time : 00:14:53 Memory items scanned : 231 Memory threats detected : 0 Registry items scanned : 673 Registry threats detected : 0 File items scanned : 13780 File threats detected : 29 Adware.Tracking Cookie C:\Documents and Settings\fredrik\Cookies\fredrik@casalemedia[1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@atdmt[1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@zedo[3].txt C:\Documents and Settings\fredrik\Cookies\fredrik@fastclick[2].txt C:\Documents and Settings\fredrik\Cookies\fredrik@statsgod[2].txt C:\Documents and Settings\fredrik\Cookies\fredrik@partypoker[2].txt C:\Documents and Settings\fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\fredrik\Cookies\fredrik@bizadverts[1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@doubleclick[1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@tribalfusion[2].txt C:\Documents and Settings\fredrik\Cookies\fredrik@precisionclick[1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@advertising[1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@tradedoubler[1].txt C:\Documents and Settings\fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\fredrik\Cookies\fredrik@clickbank[2].txt C:\Documents and Settings\fredrik\Cookies\fredrik@adtech[1].txt C:\Documents and Settings\user2\Cookies\[email protected][1].txt C:\Documents and Settings\user2\Cookies\[email protected][2].txt C:\Documents and Settings\user2\Cookies\[email protected][2].txt C:\Documents and Settings\user2\Cookies\[email protected][1].txt C:\Documents and Settings\user2\Cookies\user2@partypoker[1].txt C:\Documents and Settings\user2\Cookies\user2@precisionclick[1].txt C:\Documents and Settings\user2\Cookies\[email protected][1].txt C:\Documents and Settings\user2\Cookies\[email protected][2].txt HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:52:08, on 27.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Logi_MwX.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.w-w-w-dot-com.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\fredrik\Lokale innstillinger\Temp\TMP6E.tmp O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAID Manager.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.cinet.no O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe -- End of file - 7068 bytes Endret 27. januar 2008 av AmuLA Lenke til kommentar
snippsat Skrevet 27. januar 2008 Del Skrevet 27. januar 2008 (endret) Ja da ser det bedere ut. Det er en fil jeg lurer på. Attempting to delete C:\WINDOWS\system32\nnnkkli.dll C:\WINDOWS\system32\nnnkkli.dll Could not be deleted. Ser at vundofix ikke slettet denne. Mulig noe som holder den igjen. Vi prøver combofix. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 27. januar 2008 av SNIPPSAT Lenke til kommentar
Tallyho Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 (endret) Tror du må gjøre som snippsat nevnte, men du kan også prøve å kjøre windows i sikker modus og teste Vundoremoval programmet igjen. Det kan hjelpe. Ellers så har jeg bare sjekka HJT loggen din og fant ingenting direkte skadelig, men noe som du sikkert er interessert i å få vekk. Denne bør du slette, med mindre du digger startsiden som har blitt satt... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.w-w-w-dot-com.com/start.php Disse kan du også slette, med mindre du bruker disse knappene i internet explorer(de vil ikke ha noe å si på de faktiske programmene): O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe Og et tips: Last ned firefox. Endret 28. januar 2008 av Tallyho Lenke til kommentar
AmuLA Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 ComboFix 08-01-28.2 - fredrik 2008-01-28 20:20:51.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.276 [GMT 1:00] Running from: C:\Documents and Settings\fredrik\Lokale innstillinger\Temporary Internet Files\Content.IE5\YFL2D35W\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\fredrik\Programdata\macromedia\Flash Player\#SharedObjects\B9CFQ9N6\iforex.com C:\Documents and Settings\fredrik\Programdata\macromedia\Flash Player\#SharedObjects\B9CFQ9N6\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\fredrik\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\fredrik\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\WINDOWS\cookies.ini C:\WINDOWS\install.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\chbpknkl.ini C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\ioyuvvqw.ini C:\WINDOWS\system32\nnnkkli.dll C:\WINDOWS\system32\xbeeg.ini C:\WINDOWS\system32\xbeeg.ini2 . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))) . 2008-01-27 22:55 . 2008-01-27 23:23 <DIR> d-------- C:\VundoFix Backups 2008-01-27 22:49 . 2008-01-27 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-27 22:47 . 2008-01-27 23:26 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-27 22:47 . 2008-01-27 22:47 <DIR> d-------- C:\Documents and Settings\fredrik\Programdata\SUPERAntiSpyware.com 2008-01-27 22:46 . 2008-01-27 22:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-27 22:46 . 2008-01-27 22:46 <DIR> d-------- C:\Documents and Settings\fredrik\Programdata\Business Logic 2008-01-27 21:10 . 2008-01-27 21:11 <DIR> d-------- C:\Programfiler\winvi 2008-01-26 20:54 . 2008-01-27 13:12 474 ---hs---- C:\WINDOWS\system32\adxsffds.ini 2008-01-24 22:51 . 2008-01-24 22:51 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-24 22:44 . 2005-02-24 12:18 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-01-24 22:44 . 2005-02-24 12:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-01-24 22:44 . 2005-02-24 13:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-01-24 22:44 . 2005-02-24 12:15 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-01-24 22:44 . 2005-02-24 13:02 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-01-24 22:43 . 2005-02-24 13:02 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-01-24 22:43 . 2005-02-24 13:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-01-24 22:43 . 2005-02-24 13:02 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-01-24 22:43 . 2005-02-24 12:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-01-24 22:43 . 2005-02-24 12:14 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-01-24 22:40 . 2008-01-27 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-24 22:17 . 2008-01-24 22:18 8,628 --ah----- C:\WINDOWS\system32\winhelp.GID 2008-01-24 06:38 . 2008-01-27 23:24 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-01-24 06:38 . 2008-01-27 22:59 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-22 06:19 . 2008-01-27 21:27 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-18 23:21 . 2008-01-18 23:28 <DIR> d-------- C:\Programfiler\PokerStars 2008-01-04 20:19 . 2008-01-27 20:07 <DIR> d-------- C:\Programfiler\ParadisePoker 2008-01-04 20:06 . 2008-01-04 20:06 <DIR> d-------- C:\Documents and Settings\fredrik\Programdata\Betfair 2008-01-04 17:24 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-01-03 13:45 . 2008-01-03 13:45 <DIR> d-------- C:\Documents and Settings\fredrik\Programdata\Symantec 2008-01-02 16:23 . 2008-01-03 16:23 <DIR> d-------- C:\WINDOWS\system32\nb-no . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 19:13 --------- d-----w C:\Programfiler\BearShare 2008-01-27 19:11 --------- d-----w C:\Programfiler\Windows Live 2008-01-24 21:13 --------- d-----w C:\Programfiler\PartyGaming 2008-01-20 17:10 --------- d-----w C:\Programfiler\Winamp 2008-01-20 17:10 --------- d-----w C:\Programfiler\QuickTime 2008-01-20 17:10 --------- d-----w C:\Programfiler\Norton AntiVirus 2008-01-20 17:10 --------- d-----w C:\Programfiler\Logitech 2008-01-20 17:10 --------- d-----w C:\Programfiler\iTunes 2008-01-19 01:00 --------- d-----w C:\Documents and Settings\fredrik\Programdata\Move Networks 2008-01-07 09:27 --------- d-----w C:\Documents and Settings\fredrik\Programdata\Microgaming 2007-12-01 17:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Frag great bend logo 2007-11-20 06:22 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe . <pre> ----a-w 1,460,560 2008-01-27 18:44:03 C:\Programfiler\Spybot - Search & Destroy\TeaTimer .exe ----a-w 1,103,752 2008-01-27 20:27:52 C:\Programfiler\Spyware Doctor\pctsTray .exe ----a-w 158,208 2008-01-27 11:28:32 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe ----a-w 15,360 2008-01-27 20:27:54 C:\WINDOWS\system32\ctfmon .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CAE0A97-D425-45D1-8E16-3876C9711710}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E438A60-B953-4D48-9FA8-7F23FECD7C4D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EDF34C3-5BF1-4413-A9A2-8887AA80F4FB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34507CA5-4FA6-45F8-85B3-538C8673F611}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E99A7DD-275D-461E-A362-1086B6E1FD45}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{426E2497-4C5B-47F6-A533-1938FD7762A6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CD68668-C1BD-4A81-A4A7-4FEB6FFD0067}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79D43C30-3589-4001-BE8F-803F6C90E9BE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8729FF2A-C912-4571-AE9B-76F7466216CA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC6DEE11-82AD-4042-804A-8CEA7412FC83}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7404174-F952-4A36-A275-552B17D135DF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC0E9230-01A5-401E-9CD2-828FA133F710}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C26AADF2-B4ED-4A4F-B859-9A5CB7862F4E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBFBE253-8768-48EA-9B1E-33DB3CF58D4A}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "WinUpdater"="C:\Program Files\winvi\update.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch.exe" [ ] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [ ] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [ ] "BearShare"="C:\Programfiler\BearShare\BearShare.exe" [2006-07-26 13:48 3305472] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [ ] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 08:48 94208 C:\WINDOWS\KHALMNPR.Exe] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [ ] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [ ] "NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [ ] "LexPPS.exe"="C:\WINDOWS\system32\lexpps.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-29 19:29:05 113664] Logitech Desktop Messenger.lnk - C:\Documents and Settings\fredrik\Lokale innstillinger\Temp\TMP6E.tmp [2007-11-20 12:23:31 67128] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-06-29 08:18:38 593920] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588] RAID Manager.lnk - C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-05-20 14:41:15 724992] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\geebx [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\geedb.exe R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 09:19] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-24 23:53] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 13:39] S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-20 19:47] . Contents of the 'Scheduled Tasks' folder "2008-01-18 20:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-18 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec\NORTON~1\Tasks\mycomp.sca "2008-01-28 19:30:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 20:28:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\BearShare\BearShare.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE . ************************************************************************** . Completion time: 2008-01-28 20:33:36 - machine was rebooted [fredrik] ComboFix-quarantined-files.txt 2008-01-28 19:33:32 . 2008-01-09 22:14:42 --- E O F --- Bruker Firefox;-) Ja veit d med IE ;-) var berre ein popup som eg trykte feil på;-) Lenke til kommentar
snippsat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Ja combofix tok med en del. Post en ny hjt-logg. Lenke til kommentar
AmuLA Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:23, on 28.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Logi_MwX.Exe C:\Programfiler\BearShare\BearShare.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\Sports Interactive\Football Manager 2006\fm.exe C:\DOCUME~1\fredrik\LOKALE~1\Temp\~e5.0001 C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {0CAE0A97-D425-45D1-8E16-3876C9711710} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {2E438A60-B953-4D48-9FA8-7F23FECD7C4D} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {2EDF34C3-5BF1-4413-A9A2-8887AA80F4FB} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {34507CA5-4FA6-45F8-85B3-538C8673F611} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {3E99A7DD-275D-461E-A362-1086B6E1FD45} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {426E2497-4C5B-47F6-A533-1938FD7762A6} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {4CD68668-C1BD-4A81-A4A7-4FEB6FFD0067} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {79D43C30-3589-4001-BE8F-803F6C90E9BE} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {8729FF2A-C912-4571-AE9B-76F7466216CA} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {AC6DEE11-82AD-4042-804A-8CEA7412FC83} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {B7404174-F952-4A36-A275-552B17D135DF} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {BC0E9230-01A5-401E-9CD2-828FA133F710} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {C26AADF2-B4ED-4A4F-B859-9A5CB7862F4E} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {FBFBE253-8768-48EA-9B1E-33DB3CF58D4A} - [sASInprocServer32] (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\fredrik\Lokale innstillinger\Temp\TMP6E.tmp O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAID Manager.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.cinet.no O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe -- End of file - 7739 bytes Lenke til kommentar
snippsat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Start hjt og merk disse så fixed. C:\DOCUME~1\fredrik\LOKALE~1\Temp\~e5.0001 O2 - BHO: (no name) - {0CAE0A97-D425-45D1-8E16-3876C9711710} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {2E438A60-B953-4D48-9FA8-7F23FECD7C4D} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {2EDF34C3-5BF1-4413-A9A2-8887AA80F4FB} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {34507CA5-4FA6-45F8-85B3-538C8673F611} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {3E99A7DD-275D-461E-A362-1086B6E1FD45} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {426E2497-4C5B-47F6-A533-1938FD7762A6} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {4CD68668-C1BD-4A81-A4A7-4FEB6FFD0067} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {79D43C30-3589-4001-BE8F-803F6C90E9BE} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {8729FF2A-C912-4571-AE9B-76F7466216CA} - [sASInprocServer32] (file missing O2 - BHO: (no name) - {AC6DEE11-82AD-4042-804A-8CEA7412FC83} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {B7404174-F952-4A36-A275-552B17D135DF} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {BC0E9230-01A5-401E-9CD2-828FA133F710} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {C26AADF2-B4ED-4A4F-B859-9A5CB7862F4E} - [sASInprocServer32] (file missing) O2 - BHO: (no name) - {FBFBE253-8768-48EA-9B1E-33DB3CF58D4A} - [sASInprocServer32] (file missing Gjerne kjøre denne en gang iblant. CCleaner Gjør dette så du ikke blir infisert ved systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen] Da sier vi at du ikke har virus Lenke til kommentar
AmuLA Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 Åkey:) Tusen tusen takk Lenke til kommentar
snippsat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 (endret) Ja litt til. Tips fra norbat som du kan gjøre. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\adxsffds.ini RenV:: ----a-w 1,460,560 2008-01-27 18:44:03 C:\Programfiler\Spybot - Search & Destroy\TeaTimer .exe ----a-w 1,103,752 2008-01-27 20:27:52 C:\Programfiler\Spyware Doctor\pctsTray .exe ----a-w 158,208 2008-01-27 11:28:32 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe ----a-w 15,360 2008-01-27 20:27:54 C:\WINDOWS\system32\ctfmon .exe Post combofix-loggen sammen med ny hjt-logg. Endret 28. januar 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå