AreS90 Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 (endret) jeg har noe inne på prosesser som tar ca 50% av prosessor kraften min. Den heter BLAT.exe Jeg kjørte full scan med AVG men den fant ingenting, jeg har også prøvd noen anti spyware programmer. Hvis jeg avslutter prosessen dukker den bare opp igjen med en gang. Det hjalp litt med å gi prosessen lav prioritet.... Det prøvde også å koble seg til internett men ble stoppet av brannmuren. Hijackthis logg: ----------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:25:44, on 30.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Free Download Manager\fdm.exe C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\winvnc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Last.fm\LastFM.exe C:\Programfiler\BearShare\BearShare.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\ZoroX\Skrivebord\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programfiler\Free Download Manager\iefdm2.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows svchost] C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Ting og tang\Java\JRE6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Programfiler\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programfiler\Free Download Manager\dllink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Programfiler\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Spawn O17 - HKLM\Software\..\Telephony: DomainName = Spawn O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Spawn O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Ting og tang\Java\JRE6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe O23 - Service: VNC Server (WinVNC) - TightVNC Group - C:\WINDOWS\winvnc.exe -- End of file - 7771 bytes ----------------------------------------------------------------------------------- Noen som kan hjelpe? Endret 30. januar 2008 av AreS90 Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O4 - HKLM\..\Run: [Windows svchost] C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
AreS90 Skrevet 30. januar 2008 Forfatter Del Skrevet 30. januar 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O4 - HKLM\..\Run: [Windows svchost] C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Her er loggen : ComboFix 08-01-31.1 - ZoroX 2008-01-30 20:58:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1491 [GMT 1:00] Running from: C:\Documents and Settings\ZoroX\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\services.exe . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))) . 2008-01-30 17:16 . 2008-01-30 20:22 <DIR> dr-h----- C:\Documents and Settings\ZoroX\Siste 2008-01-29 22:40 . 2008-01-29 22:40 <DIR> d-------- C:\Programfiler\Uniblue 2008-01-29 16:48 . 2008-01-29 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Prevx 2008-01-29 16:47 . 2008-01-29 16:49 <DIR> d-------- C:\Documents and Settings\ZoroX\Programdata\PrevxCSI 2008-01-28 21:52 . 2008-01-28 21:52 <DIR> d--hs---- C:\Documents and Settings\ZoroX\Programdata\sbs 2008-01-28 21:39 . 2007-05-08 12:58 589,824 --a------ C:\WINDOWS\WINVNC.EXE 2008-01-28 21:39 . 2007-05-08 12:58 77,824 --a------ C:\WINDOWS\VNCHOOKS.DLL 2008-01-28 20:30 . 2008-01-28 20:32 <DIR> d-------- C:\Universal_Customizer 2008-01-28 20:29 . 2008-01-28 20:32 <DIR> d-------- C:\Payload 2008-01-28 20:12 . 2008-01-28 20:12 <DIR> d-------- C:\System 2008-01-28 10:20 . 2008-01-28 10:20 215,144 --a------ C:\WINDOWS\patchw32.dll 2008-01-26 13:23 . 2008-01-30 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-26 13:23 . 2008-01-26 13:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-19 11:29 . 2008-01-19 11:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN58.tmp 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN57.tmp 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN56.tmp 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN2A.tmp 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN29.tmp 2008-01-19 11:29 . 2008-01-19 11:29 0 --a------ C:\WINDOWS\system32\REN28.tmp 2008-01-01 18:29 . 2008-01-01 18:29 <DIR> d-------- C:\Documents and Settings\ZoroX\Programdata\Oxin's Style! 2008-01-01 18:27 . 2008-01-01 18:27 <DIR> d-------- C:\WINDOWS\speech 2007-12-30 19:01 . 2007-12-30 21:33 <DIR> d-------- C:\Documents and Settings\ZoroX\Programdata\My The Lord of the Rings, The Rise of the Witch-king Files 2007-12-30 00:05 . 2007-12-30 00:05 0 --a------ C:\WINDOWS\system32\REN160.tmp 2007-12-30 00:05 . 2007-12-30 00:05 0 --a------ C:\WINDOWS\system32\REN15F.tmp 2007-12-30 00:05 . 2007-12-30 00:05 0 --a------ C:\WINDOWS\system32\REN15E.tmp 2007-12-30 00:02 . 2007-12-30 00:02 0 --a------ C:\WINDOWS\system32\REN12E.tmp 2007-12-30 00:02 . 2007-12-30 00:02 0 --a------ C:\WINDOWS\system32\REN12D.tmp 2007-12-30 00:02 . 2007-12-30 00:02 0 --a------ C:\WINDOWS\system32\REN12C.tmp 2007-12-30 00:01 . 2007-12-30 00:01 0 --a------ C:\WINDOWS\system32\REN125.tmp 2007-12-30 00:01 . 2007-12-30 00:01 0 --a------ C:\WINDOWS\system32\REN124.tmp 2007-12-30 00:01 . 2007-12-30 00:01 0 --a------ C:\WINDOWS\system32\REN123.tmp 2007-12-29 23:23 . 2007-12-29 23:23 0 --a------ C:\WINDOWS\system32\REN110.tmp 2007-12-29 23:23 . 2007-12-29 23:23 0 --a------ C:\WINDOWS\system32\REN10F.tmp 2007-12-29 23:23 . 2007-12-29 23:23 0 --a------ C:\WINDOWS\system32\REN10E.tmp 2007-12-29 23:21 . 2007-12-29 23:21 0 --a------ C:\WINDOWS\system32\RENE2.tmp 2007-12-29 23:21 . 2007-12-29 23:21 0 --a------ C:\WINDOWS\system32\RENE1.tmp 2007-12-29 23:21 . 2007-12-29 23:21 0 --a------ C:\WINDOWS\system32\RENE0.tmp 2007-12-29 18:15 . 2007-12-29 18:15 <DIR> d-------- C:\Programfiler\Little Fighter 2.5 - v2.0 2007-12-29 15:46 . 2007-12-29 15:46 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2007-12-27 00:48 . 2007-12-27 00:48 <DIR> d-------- C:\Programfiler\LittleFighter2 2007-12-15 13:56 . 2008-01-30 18:15 <DIR> d-------- C:\My Downloads 2007-12-03 21:57 . 2007-12-03 21:57 402,784 --a------ C:\WINDOWS\system32\deploytk.dll 2007-12-01 13:04 . 2007-12-01 13:04 <DIR> d-------- C:\WINDOWS\solcache 2007-12-01 13:04 . 2007-12-01 13:04 31 --a------ C:\WINDOWS\SIERRA.INF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 19:57 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\Free Download Manager 2008-01-30 18:45 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\uTorrent 2008-01-30 18:38 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\AVG7 2008-01-28 18:01 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\U3 2008-01-28 09:18 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-28 09:15 --------- d-----w C:\Programfiler\AGEIA Technologies 2008-01-28 09:06 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-20 10:41 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\dvdcss 2008-01-19 10:29 --------- d-----w C:\Programfiler\Java 2008-01-18 21:36 --------- d-----w C:\Programfiler\Last.fm 2008-01-01 01:00 --------- d-----w C:\Programfiler\BearShare 2007-12-27 22:59 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\Hamachi 2007-12-27 18:47 --------- d-----w C:\Programfiler\Microsoft Silverlight 2007-12-22 16:02 --------- d-----w C:\Programfiler\10-Strike LANState 2007-12-19 20:23 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-15 17:00 --------- d-----w C:\Documents and Settings\ZoroX\Programdata\Xfire 2007-12-12 20:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-02 11:34 --------- d-----w C:\Programfiler\Sierra On-Line 2007-11-24 19:30 118,784 ----a-w C:\WINDOWS\DiabUnin.exe 2007-11-15 20:45 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-11 19:32 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-11-11 19:32 66,872 ----a-w C:\WINDOWS\system32\pnkbstra.exe 2007-11-11 19:32 22,328 ----a-w C:\Documents and Settings\ZoroX\Programdata\PnkBstrK.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Free Download Manager"="C:\Programfiler\Free Download Manager\fdm.exe" [2007-08-15 14:59 2420783] "DAEMON Tools Pro Agent"="C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] "Uniblue RegistryBooster 2"="C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 11:32 579072] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "Resume copy"="copyfstq.exe" [2007-07-17 12:57 73728 C:\WINDOWS\copyfstq.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.0 RC 16.2\RivaTuner.exe" [2006-11-27 09:15 2568192] "SunJavaUpdateSched"="D:\Ting og tang\Java\JRE6\bin\jusched.exe" [2007-12-03 21:57 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 08:16 219136] C:\Documents and Settings\ZoroX\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-11-03 19:54:24 106496] S2 JavaQuickStarterService;Java Quick Starter;"D:\Ting og tang\Java\JRE6\bin\jqs.exe" -service [] S3 CrystalCpuInfo;CrystalCpuInfo;C:\Documents and Settings\ZoroX\Mine dokumenter\OC\OCCT\CpuInfo.sys [2003-11-25 07:50] *Newly Created Service* - UNLOCKERDRIVER5 . Contents of the 'Scheduled Tasks' folder "2008-01-27 21:00:00 C:\WINDOWS\Tasks\SmartDefrag.job" - C:\Programfiler\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-31 21:00:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-31 21:00:38 ComboFix-quarantined-files.txt 2008-01-31 20:00:31 . 2008-01-09 21:09:02 --- E O F --- Endret 30. januar 2008 av AreS90 Lenke til kommentar
norbat Skrevet 30. januar 2008 Del Skrevet 30. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\REN58.tmp C:\WINDOWS\system32\REN57.tmp C:\WINDOWS\system32\REN56.tmp C:\WINDOWS\system32\REN2A.tmp C:\WINDOWS\system32\REN29.tmp C:\WINDOWS\system32\REN28.tmp C:\WINDOWS\system32\REN160.tmp C:\WINDOWS\system32\REN15F.tmp C:\WINDOWS\system32\REN15E.tmp C:\WINDOWS\system32\REN12E.tmp C:\WINDOWS\system32\REN12D.tmp C:\WINDOWS\system32\REN12C.tmp C:\WINDOWS\system32\REN125.tmp C:\WINDOWS\system32\REN124.tmp C:\WINDOWS\system32\REN123.tmp C:\WINDOWS\system32\REN110.tmp C:\WINDOWS\system32\REN10F.tmp C:\WINDOWS\system32\REN10E.tmp C:\WINDOWS\system32\RENE2.tmp C:\WINDOWS\system32\RENE1.tmp C:\WINDOWS\system32\RENE0.tmp Du trenger ikke å poste loggen. Plages du fortsatt med BLAT.exe og 'høy' cpu-bruk? Lenke til kommentar
AreS90 Skrevet 31. januar 2008 Forfatter Del Skrevet 31. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\REN58.tmp C:\WINDOWS\system32\REN57.tmp C:\WINDOWS\system32\REN56.tmp C:\WINDOWS\system32\REN2A.tmp C:\WINDOWS\system32\REN29.tmp C:\WINDOWS\system32\REN28.tmp C:\WINDOWS\system32\REN160.tmp C:\WINDOWS\system32\REN15F.tmp C:\WINDOWS\system32\REN15E.tmp C:\WINDOWS\system32\REN12E.tmp C:\WINDOWS\system32\REN12D.tmp C:\WINDOWS\system32\REN12C.tmp C:\WINDOWS\system32\REN125.tmp C:\WINDOWS\system32\REN124.tmp C:\WINDOWS\system32\REN123.tmp C:\WINDOWS\system32\REN110.tmp C:\WINDOWS\system32\REN10F.tmp C:\WINDOWS\system32\REN10E.tmp C:\WINDOWS\system32\RENE2.tmp C:\WINDOWS\system32\RENE1.tmp C:\WINDOWS\system32\RENE0.tmp Du trenger ikke å poste loggen. Plages du fortsatt med BLAT.exe og 'høy' cpu-bruk? BLAT.exe er borte og alt fungerer som normalt Tusen takk Norbat Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Du kan avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør). Dette vil fjerne combofix, div. backup og karantenefiler, nullstiller systemgjenopprettingen (noe som er greit da man slipper å bli infisert ved en evt. systemgjenoppretting senere). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå