xanonymx Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Har NOD32 som har poppet opp med endel meldinger i det siste om en trojan. Har prøvd å kjøre gjennom med NOD. Ad-Aware stopper med oppdateringen og sier at det er feil under oppdateringen. Har og testet med AVG. Men det ser ut som om det ligger noen rester igjen enda. Det ligger en fil schost.exe, den tviler jeg på skal være der. Kan dere se gjennom loggen, og si hva jeg bør gjøre. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:41, on 28.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe C:\Programfiler\MSN Messenger\msnmsgr.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\MSN Messenger\usnsvc.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speed.travian.no/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ultraMon] "E:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Hotkeycontrol] e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe O4 - HKLM\..\Run: [185370c7] rundll32.exe "C:\WINDOWS\system32\lovithsk.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [Microsoft] schost.exe O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196548154000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programfiler\Sygate\SPF\smc.exe O23 - Service: Ventrilo - Unknown owner - E:\Programfiler\VentSrv\ventrilo_svc.exe -- End of file - 6368 bytes Lenke til kommentar
r2d290 Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 viser til denne siden gi tilbakemeldinger og ny logg når du har gjort det som er anbefalt Lenke til kommentar
xanonymx Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 Funket ikke så bra det som var på linken så jeg kjørte gjennom med Spybot - Search & Destroy, og den fjernet endel. Legger ut en nye logg, så kan dere se over den om det er noe annet som bør forandres. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:50, on 28.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe E:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\MSN Messenger\usnsvc.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speed.travian.no/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ultraMon] "E:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Hotkeycontrol] e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe O4 - HKLM\..\Run: [185370c7] rundll32.exe "C:\WINDOWS\system32\lovithsk.dll",b O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] e:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196548154000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programfiler\Sygate\SPF\smc.exe O23 - Service: Ventrilo - Unknown owner - E:\Programfiler\VentSrv\ventrilo_svc.exe -- End of file - 6670 bytes Lenke til kommentar
norbat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [185370c7] rundll32.exe "C:\WINDOWS\system32\lovithsk.dll",b Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det er noe mer som må gjøres. Lenke til kommentar
snippsat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 (endret) He litt sen. Endret 28. januar 2008 av SNIPPSAT Lenke til kommentar
xanonymx Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 Combofix log: ComboFix 08-01-29.1 - Roar 2008-01-28 22:47:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1496 [GMT 1:00] Running from: C:\Documents and Settings\Roar\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\gebbxus.dll C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\fflycniv.dll C:\WINDOWS\system32\gebbxus.dll C:\WINDOWS\system32\kshtivol.ini C:\WINDOWS\system32\lovithsk.dll C:\WINDOWS\system32\vincylff.ini . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))) . 2008-01-28 22:03 . 2008-01-28 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-28 21:50 . 2008-01-28 21:50 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Uniblue 2008-01-28 21:50 . 2008-01-28 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Uniblue 2008-01-28 20:55 . 2008-01-28 20:55 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Grisoft 2008-01-28 20:55 . 2008-01-28 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-28 20:55 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-28 20:14 . 2008-01-28 20:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-28 20:13 . 2008-01-28 20:25 <DIR> d-------- C:\Documents and Settings\Roar\.housecall6.6 2008-01-28 19:03 . 2008-01-28 21:18 <DIR> dr-h----- C:\Documents and Settings\Roar\Siste 2008-01-27 17:56 . 2008-01-27 17:56 57,344 --------- C:\tmpz.exe 2008-01-20 16:42 . 2008-01-20 17:01 <DIR> d-------- C:\Programfiler\The All-Seeing Eye 2008-01-19 12:30 . 2008-01-19 12:30 317 --a------ C:\WINDOWS\game.ini 2008-01-19 12:21 . 2008-01-19 12:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-16 17:24 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-01-16 17:24 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx 2008-01-16 17:24 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx 2008-01-16 17:24 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx 2008-01-16 17:24 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx 2008-01-16 17:24 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll 2008-01-16 17:24 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx 2008-01-16 17:08 . 2008-01-16 17:30 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\XnView 2008-01-13 19:33 . 2008-01-13 19:33 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-01-13 19:33 . 2008-01-13 19:34 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-01-03 20:13 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL 2008-01-03 20:13 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL 2008-01-02 20:41 . 2008-01-02 20:41 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Programfiler\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-26 21:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-26 09:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\uTorrent 2008-01-25 20:34 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-24 16:41 --------- d-----w C:\Documents and Settings\Roar\Programdata\TeraCopy 2008-01-20 15:34 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-19 11:31 22,328 ----a-w C:\Documents and Settings\Roar\Programdata\PnkBstrK.sys 2008-01-13 18:33 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-13 12:42 --------- d-----w C:\Programfiler\Google 2008-01-07 20:22 --------- d-----w C:\Documents and Settings\Roar\Programdata\Hamachi 2008-01-06 17:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\dvdcss 2008-01-03 19:13 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-12-31 12:33 --------- d-----w C:\Programfiler\Apple Software Update 2007-12-25 22:24 --------- d-----w C:\Documents and Settings\Roar\Programdata\JAM Software 2007-12-22 20:57 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-22 20:54 --------- d-----w C:\Programfiler\Fellesfiler\Adobe Systems Shared 2007-12-22 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Adobe Systems 2007-12-12 20:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Equation Wizard 2007-12-04 18:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-04 17:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\DIALux 2007-12-04 17:13 --------- d-----w C:\Programfiler\Fellesfiler\DIALux . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4D5DB9-5714-4777-8402-55419170DFD4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "SpybotSD TeaTimer"="e:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UltraMon"="E:\Programfiler\UltraMon\UltraMon.exe" [2006-10-12 20:27 304640] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032] "SmcService"="E:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-03-18 00:00 949376] "Hotkeycontrol"="e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe" [2003-06-16 08:56 372736] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:03 158208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbxus] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddabc [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\185370c7] C:\WINDOWS\system32\fflycniv.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-08 11:06 94208 C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 e:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] E:\Programfiler\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio] --a------ 2002-09-03 17:38 987187 e:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 E:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 03:01 32768 e:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-07-21 09:56 16261632 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shutdown_Manager] E:\Programfiler\DNsoft.be\Shutdown Scheduler\PC Shutdown.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] --a------ 2008-01-08 09:14 1260296 e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\Programfiler\CyberLink\PowerDVD\000.fcl [2006-05-04 10:21] R2 LF30FS;LF30FS;E:\Programfiler\Everstrike Software\Lock Folder XP 3.3\LF30XP.sys [2004-02-25 11:48] R2 UltraMonUtility;UltraMon Utility Driver;C:\Programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 21:09] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 OODefrag;O&O Defrag;C:\WINDOWS\system32\oodag.exe [2002-02-08 12:15] S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-05-15 14:49] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [] S4 FLEXlm Service 1;FLEXlm Service 1;G:\Nedlasting\DC Ferdig\Autocad\Autodesk Network License Manager\Lmgrd.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d58fd5a0-abc8-11db-bc26-001617f04913}] \Shell\AutoRun\command - K:\Autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-01-28 21:32:40 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe "2008-01-28 21:01:29 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 22:51:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\MSN Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-01-29 22:54:00 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-29 21:53:58 Lenke til kommentar
norbat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\tmpz.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4D5DB9-5714-4777-8402-55419170DFD4}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbxus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\185370c7] Post loggen + ny hjt-logg. Lenke til kommentar
xanonymx Skrevet 28. januar 2008 Forfatter Del Skrevet 28. januar 2008 Combofix log: ComboFix 08-01-29.1 - Roar 2008-01-29 23:30:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1502 [GMT 1:00] Running from: C:\Documents and Settings\Roar\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Roar\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\tmpz.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\tmpz.exe . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))) . 2008-01-28 22:03 . 2008-01-28 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-28 21:50 . 2008-01-28 21:50 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Uniblue 2008-01-28 21:50 . 2008-01-28 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Uniblue 2008-01-28 20:55 . 2008-01-28 20:55 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Grisoft 2008-01-28 20:55 . 2008-01-28 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-28 20:55 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-28 20:14 . 2008-01-28 20:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-28 20:13 . 2008-01-28 20:25 <DIR> d-------- C:\Documents and Settings\Roar\.housecall6.6 2008-01-28 19:03 . 2008-01-29 23:30 <DIR> dr-h----- C:\Documents and Settings\Roar\Siste 2008-01-20 16:42 . 2008-01-20 17:01 <DIR> d-------- C:\Programfiler\The All-Seeing Eye 2008-01-19 12:30 . 2008-01-19 12:30 317 --a------ C:\WINDOWS\game.ini 2008-01-19 12:21 . 2008-01-19 12:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-16 17:24 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-01-16 17:24 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx 2008-01-16 17:24 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx 2008-01-16 17:24 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx 2008-01-16 17:24 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx 2008-01-16 17:24 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll 2008-01-16 17:24 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx 2008-01-16 17:08 . 2008-01-16 17:30 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\XnView 2008-01-13 19:33 . 2008-01-13 19:33 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-01-13 19:33 . 2008-01-13 19:34 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-01-03 20:13 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL 2008-01-03 20:13 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL 2008-01-02 20:41 . 2008-01-02 20:41 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-01-02 20:22 . 2008-01-02 20:22 <DIR> d-------- C:\Programfiler\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-26 21:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-26 09:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\uTorrent 2008-01-25 20:34 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-24 16:41 --------- d-----w C:\Documents and Settings\Roar\Programdata\TeraCopy 2008-01-20 15:34 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-19 11:31 22,328 ----a-w C:\Documents and Settings\Roar\Programdata\PnkBstrK.sys 2008-01-13 18:33 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-13 12:42 --------- d-----w C:\Programfiler\Google 2008-01-07 20:22 --------- d-----w C:\Documents and Settings\Roar\Programdata\Hamachi 2008-01-06 17:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\dvdcss 2008-01-03 19:13 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-12-31 12:33 --------- d-----w C:\Programfiler\Apple Software Update 2007-12-25 22:24 --------- d-----w C:\Documents and Settings\Roar\Programdata\JAM Software 2007-12-22 20:57 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-22 20:54 --------- d-----w C:\Programfiler\Fellesfiler\Adobe Systems Shared 2007-12-22 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Adobe Systems 2007-12-12 20:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Equation Wizard 2007-12-04 18:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-04 17:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\DIALux 2007-12-04 17:13 --------- d-----w C:\Programfiler\Fellesfiler\DIALux . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4D5DB9-5714-4777-8402-55419170DFD4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "SpybotSD TeaTimer"="e:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UltraMon"="E:\Programfiler\UltraMon\UltraMon.exe" [2006-10-12 20:27 304640] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032] "SmcService"="E:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-03-18 00:00 949376] "Hotkeycontrol"="e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe" [2003-06-16 08:56 372736] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbxus] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddabc [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-08 11:06 94208 C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 e:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] E:\Programfiler\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio] --a------ 2002-09-03 17:38 987187 e:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 E:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 03:01 32768 e:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-07-21 09:56 16261632 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shutdown_Manager] E:\Programfiler\DNsoft.be\Shutdown Scheduler\PC Shutdown.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] --a------ 2008-01-08 09:14 1260296 e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\Programfiler\CyberLink\PowerDVD\000.fcl [2006-05-04 10:21] R2 LF30FS;LF30FS;E:\Programfiler\Everstrike Software\Lock Folder XP 3.3\LF30XP.sys [2004-02-25 11:48] R2 UltraMonUtility;UltraMon Utility Driver;C:\Programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 21:09] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 OODefrag;O&O Defrag;C:\WINDOWS\system32\oodag.exe [2002-02-08 12:15] S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-05-15 14:49] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [] S4 FLEXlm Service 1;FLEXlm Service 1;G:\Nedlasting\DC Ferdig\Autocad\Autodesk Network License Manager\Lmgrd.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d58fd5a0-abc8-11db-bc26-001617f04913}] \Shell\AutoRun\command - K:\Autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-01-28 21:32:40 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe "2008-01-28 21:01:29 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - e:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 23:33:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe E:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\MSN Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-01-29 23:36:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-29 22:36:12 ComboFix2.txt 2008-01-29 21:54:00 HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:37:36, on 29.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe E:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\MSN Messenger\usnsvc.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speed.travian.no/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - e:\Programfiler\DIALux\DLXShellExtension.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ultraMon] "E:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Hotkeycontrol] e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] e:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196548154000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programfiler\Sygate\SPF\smc.exe O23 - Service: Ventrilo - Unknown owner - E:\Programfiler\VentSrv\ventrilo_svc.exe -- End of file - 7552 bytes Lenke til kommentar
norbat Skrevet 28. januar 2008 Del Skrevet 28. januar 2008 Åpne notisblokk og kopier inn det som er i fet skrift: REGEDIT4 [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4D5DB9-5714-4777-8402-55419170DFD4}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbxus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\185370c7] Lagre fil på skrivebordet som regfix.reg Lukk nettleseren Dobbeltklikk på regfix.reg Si ja til å legge til info'n i registeret. Hent deretter SAS (gratisversjonen). Installer, oppdater og kjør en full scan Post ny hjt-logg. Før du kjører hjt, forandrer du programnavnet, hijackthis, til noe annet, eks. xanonymx.exe Lenke til kommentar
xanonymx Skrevet 29. januar 2008 Forfatter Del Skrevet 29. januar 2008 (endret) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:03:42, on 30.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Programfiler\UltraMon\UltraMon.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Eset\nod32kui.exe E:\Programfiler\Hotkeycontrol XP\hkcontrol.exe C:\Programfiler\MSN Messenger\msnmsgr.exe E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Programfiler\UltraMon\UltraMonTaskbar.exe e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programfiler\VentSrv\ventrilo_svc.exe E:\Programfiler\VentSrv\ventrilo_srv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe E:\Programfiler\Locate\Locate32.exe E:\Programfiler\Trend Micro\HijackThis\xanonymx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speed.travian.no/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - e:\Programfiler\DIALux\DLXShellExtension.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [ultraMon] "E:\Programfiler\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Hotkeycontrol] e:\Programfiler\Hotkeycontrol XP\hkcontrol.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196548154000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programfiler\Sygate\SPF\smc.exe O23 - Service: Ventrilo - Unknown owner - E:\Programfiler\VentSrv\ventrilo_svc.exe -- End of file - 7474 bytes Edit: Ser denne C:\WINDOWS\system32\wuauclt.exe, den skal vel være for windows update. Men windows update er ikke aktivert. Og jeg har ikke hatt den prosessen kjørende før. Er det et virus? Endret 29. januar 2008 av xanonymx Lenke til kommentar
xanonymx Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 Er der noen rester igjen av viruset? Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 Loggen ser fin ut Du bør avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør) (Dette avinstallerer combofix, karantenefiler, nullstiller systemgjenopprettingen) Lenke til kommentar
xanonymx Skrevet 31. januar 2008 Forfatter Del Skrevet 31. januar 2008 Takker for all hjelp. Du skulle vel tilfeldigvis ikke vite hvordan jeg antageligvis fikk det? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå