MysticoN Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Har på en kort tid hatt alt av spyware som finnest på nettet på PC-en.. slikt går det når fremmende bruker PC-en.. etter jeg har kjørt panda 2008 (kjøpt og fult oppgradert), Ad-Aware og Spybot S&D så har jeg fått fjernet det meste. Men det er et problem igjen.. nede ved klokken er det et symbol som blinker rødt og blått (se bilder).. Får jeg ikke kjørt ComboFix av en eller annen merkelig grund. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:30, on 2008-01-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\ComboFix\kmd.exe C:\ComboFix\grep.cfexe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file) O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201760848.dll O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA6023] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC1031] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA9499] command /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC4120] cmd /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA96] command /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2569] cmd /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe O4 - HKCU\..\RunOnce: [spybotDeletingB2254] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD5688] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe -- End of file - 7274 bytes Lenke til kommentar
Lusken Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 Super anti spy ware...google litt, det er suuupoert program, som MS ikke føler er godt nok..men det var det eneste Programet som sletta mine spyware... Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 For å kjøre combofix kan det hende du bør slå av TeaTimer + Panda av. Hvis det fortsatt ikke fungerer: Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Post loggen den lager (C:\rapport.txt) + ny hjt-logg. Lenke til kommentar
r2d290 Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 er det ikke lite praktisk å legge det på skrivebordet for en bruker, dersom man skal starte det opp igjen i sikker modus? Får du da tilgang til fila (hvis du har gjort brukeren privat vel og merke)? Lenke til kommentar
norbat Skrevet 31. januar 2008 Del Skrevet 31. januar 2008 I de aller aller fleste tilfeller er ikke dette noe problem. Derfor denne praksisen Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 fikk til Combofix no.. men det likte ikke PC-en nei.. etter jeg var ferdig mista jeg nettet. starta PC-en på nytt og da ville ikke windows starte. måtte i safe mode får så å restarte igjen. da funka det, merkelig.. men her er logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:07:47, on 01.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe C:\Program Files\Opera 9.5 beta\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file) O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA6023] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC1031] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA9499] command /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC4120] cmd /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA96] command /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2569] cmd /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe O4 - HKCU\..\RunOnce: [spybotDeletingB2254] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD5688] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe -- End of file - 7195 bytes ComboFix.txt Lenke til kommentar
norbat Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 Fint, Fortsett med veiledningen ang. smitfraudfix gitt i en tidligere post. Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 Fint, Fortsett med veiledningen ang. smitfraudfix gitt i en tidligere post. åå.. trudde det var noe jeg skulle gjøre vist jeg ikke fikk combofix til å virke. men tar det no. Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 (endret) there we go. fikk en feil mld under fixen. kunne ikke finne ei fil. Tok en Panda scan til i safe mode. fant 2 x "trj/rebooter.j" Virus detected. smitfraud_fix.txt Endret 1. februar 2008 av MysticoN Lenke til kommentar
norbat Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file) O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file) O4 - HKLM\..\RunOnce: [spybotDeletingA6023] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC1031] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA9499] command /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC4120] cmd /c del "C:\Program Files\Online Add-on\icun.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA96] command /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2569] cmd /c del "C:\Program Files\Online Add-on\icthis.exe" O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe O4 - HKCU\..\RunOnce: [spybotDeletingB2254] command /c del "C:\Program Files\Online Add-on\icmntr.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD5688] cmd /c del "C:\Program Files\Online Add-on\icmntr.exe" O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing) O22 - SharedTaskScheduler: cured - {7265100a-17e1-41bf-bd08-63b95a25a9c3} - C:\WINDOWS\system32\ofcpi.dll Gå deretter til nettstedet http://virusscan.jotti.org/. Der kan du laste opp følgende fil for sjekk (i fet): C:\WINDOWS\unvise32.exe Last deretter ned SAS, installer, oppdater og kjør en full (Complete) scan. Post loggen fra SAS (preferences->statistics/logs) + ny hjt-logg. Fortell også hvordan PC-en kjører. Edit: Hvor fant Panda disse filene? Endret 1. februar 2008 av norbat Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 (endret) Edit: Hvor fant Panda disse filene? eww.. det så jeg ikke etter:/ begge var på C: ene var i program filer. men så ikke så nøye etter:/ kan ikke klikke "submit" etter jeg har valgt C:\WINDOWS\unvise32.exe på online malware scan. Edit: hvorfor nettop SAS? er det et bedre valg enn Ad-aware og/eller spybot S&D? Endret 1. februar 2008 av MysticoN Lenke til kommentar
norbat Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 Jotti-siden kan være 'opptatt'. En alt. side er http://www.virustotal.com/ - og SAS er nok noe kvassere enn de to du nevner og det er dette prog. jeg bruker i min veiledning Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/01/2008 at 08:13 PM Application Version : 3.9.1008 Core Rules Database Version : 3393 Trace Rules Database Version: 1385 Scan type : Complete Scan Total Scan Time : 00:09:22 Memory items scanned : 423 Memory threats detected : 0 Registry items scanned : 3948 Registry threats detected : 1 File items scanned : 18492 File threats detected : 15 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt Rogue.AntiSpywareShield HKU\S-1-5-21-436374069-1292428093-725345543-500\Software\AntiSpywareShield C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareShield\AntiSpywareShield.lnk C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareShield Adware.E404 Helper/Variant C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\HELPER\1201760848.DLL.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{425F0BDA-7BB2-41CE-97A3-3E0EFC42D3C4}\RP3\A0000208.DLL Trojan.Smitfraud Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{425F0BDA-7BB2-41CE-97A3-3E0EFC42D3C4}\RP3\A0000303.DLL Må restarte får å fjerne disse. så kommer med hijackthis snart. Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 (endret) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:22:36, on 01.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Steam\Steam.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera 9.5 beta\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe -- End of file - 5372 bytes Haha.. dette kan ta sin tid.. Your file is queued in position: 3813. Estimated start time is between 202 and 288 minutes. Do not close the window until scan is complete. Endret 1. februar 2008 av MysticoN Lenke til kommentar
norbat Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 Fix følgende linje med HJT: O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file) Du får sjekke fila på jotti eller virustotal når nettstedene har mer ledig kapasitet Hvordan går det med det opprinnelige problemet? Lenke til kommentar
MysticoN Skrevet 1. februar 2008 Forfatter Del Skrevet 1. februar 2008 Fix følgende linje med HJT:O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file) Du får sjekke fila på jotti eller virustotal når nettstedene har mer ledig kapasitet Hvordan går det med det opprinnelige problemet? Det er borte. men er enda noe som ikke stemmer helt. Vinduet jeg jobber i mister "focus" av og til (eller ganske ofte) og jeg må trykke på det med musa får å kunne "arbeide" vidre. Dette gjelder ArchiCAD, World of Warcraft og Opera. Ellers har du vært til enormt stor hjelp. du burde blitt promota her på forumet til life saver:p Lenke til kommentar
MysticoN Skrevet 2. februar 2008 Forfatter Del Skrevet 2. februar 2008 enda et problem.. jeg får ikke opp explorer. win (windows knapp) + e , my computer og andre metoder funker ikke lengre. blir bare et blått bilde (over hele skjermen) i 1-2 sek også hopper den tilbake tilbake hvor jeg var. eneste som funker er opera. vist jeg skriver inn C: f.eks. Lenke til kommentar
norbat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Kunne du ha kjørt combofix igjen og lagt ut loggen. Du kan også kjøre en sjekk av systemfiler: skriv sfc /scannow fra kjør-feltet (start->kjør) Lenke til kommentar
MysticoN Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 hmm.. ka det har seg at hver gang jeg kjører combofix så må jeg restarte PC-en får å få tilbake internett. ComboFix 08-02.01.1 - Administrator 2008-02-04 23:32:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2613 [GMT -6:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) . 2008-02-03 21:58 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-02-03 21:58 . 2008-02-03 22:00 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-02-01 20:03 . 2008-02-03 07:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-01 20:03 . 2008-02-01 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-01 20:03 . 2008-02-01 20:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-02-01 19:49 . 2008-02-01 19:49 255,797 --a------ C:\eep.JPG 2008-02-01 19:46 . 2008-02-04 07:28 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys 2008-02-01 19:11 . 2008-02-01 19:26 1,164 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\WINDOWS\system32\oobe 2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\WINDOWS\srchasst 2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\WINDOWS\msagent 2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-01-31 20:43 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Yahoo! 2008-01-31 20:43 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\CCleaner 2008-01-31 20:37 . 2008-01-31 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-31 18:28 . 2008-01-31 18:31 465 --a------ C:\WINDOWS\wininit.ini 2008-01-31 12:11 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2008-01-31 12:11 . 2003-03-19 05:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-01-31 09:50 . 2008-02-01 20:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-31 09:47 . 2008-02-01 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-31 09:41 . 2008-01-31 09:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-31 09:41 . 2008-01-31 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-31 01:57 . 2008-01-31 07:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-25 17:16 . 2008-02-04 11:36 <DIR> d-------- C:\Documents and Settings\Administrator\amsn 2008-01-25 17:15 . 2008-01-25 17:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-01-25 17:15 . 2008-01-25 17:15 <DIR> d-------- C:\Program Files\aMSN 2008-01-24 22:48 . 2008-01-24 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2008-01-24 22:47 . 2008-01-24 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-01-24 22:46 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2008-01-24 22:45 . 2008-01-24 22:46 <DIR> d-------- C:\Program Files\CyberLink 2008-01-24 18:54 . 2008-02-03 22:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-23 22:54 . 2007-10-31 05:12 3,590,656 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2008-01-23 22:53 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-01-23 22:53 . 2007-04-01 23:58 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-01-23 22:52 . 2007-07-09 07:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-23 22:51 . 2006-12-06 23:29 2,374,472 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2008-01-22 04:37 . 2008-01-22 18:32 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-01-20 18:00 . 2008-01-31 08:16 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-20 09:22 . 2008-01-26 17:10 <DIR> d-------- C:\Program Files\FlashFXP 2008-01-20 09:22 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-01-18 00:52 . 2008-01-18 00:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-01-18 00:47 . 2008-01-18 00:47 <DIR> d-------- C:\Program Files\XP Codec Pack 2008-01-18 00:47 . 2007-08-18 01:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-01-18 00:42 . 2008-01-24 18:08 <DIR> d-------- C:\Program Files\DC++ 2008-01-17 07:47 . 2008-01-17 07:47 <DIR> d-------- C:\Program Files\uTorrent 2008-01-17 07:47 . 2008-02-04 23:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-01-17 07:43 . 2008-01-17 07:43 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2008-01-17 07:40 . 2008-01-17 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-01-17 07:40 . 2008-02-04 14:16 267,468 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-01-17 07:40 . 2008-02-04 23:31 1,264 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-01-17 07:38 . 2008-01-17 07:38 <DIR> d-------- C:\Program Files\Panda Security 2008-01-17 07:37 . 2008-01-17 07:37 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-01-17 07:37 . 2007-07-12 06:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-01-17 07:37 . 2007-05-23 08:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-01-15 20:05 . 2008-02-04 07:27 <DIR> d-------- C:\Program Files\Steam 2008-01-15 17:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-15 17:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-15 17:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-15 01:47 . 2008-01-18 14:54 0 --a------ C:\bejewel.jar 2008-01-15 00:54 . 2008-01-15 00:54 <DIR> d--h----- C:\LG3G 2008-01-14 18:00 . 2008-01-14 18:00 <DIR> d-------- C:\Program Files\Realtek 2008-01-14 18:00 . 2008-01-14 18:00 <DIR> d-------- C:\Program Files\Marvell 2008-01-14 18:00 . 2008-01-24 22:44 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-01-14 14:27 . 2008-01-14 14:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LG Electronics 2008-01-14 14:26 . 2008-01-14 14:26 <DIR> d-------- C:\Program Files\LG Electronics 2008-01-14 14:26 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2008-01-14 14:26 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2008-01-14 14:26 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2008-01-14 14:24 . 2008-01-14 14:25 <DIR> d-------- C:\Program Files\LG PC Suite 2 2008-01-14 14:05 . 2008-01-25 17:16 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-01-14 14:05 . 2008-01-14 14:05 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts 2008-01-14 14:03 . 2008-01-14 14:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-14 14:03 . 2008-01-17 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 05:31 1,264 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-02-04 20:16 267,468 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-02-02 01:10 --------- d-----w C:\Program Files\Opera 9.5 beta 2008-01-25 04:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-18 06:48 --------- d-----w C:\Program Files\QuickTime Alternative 2008-01-15 06:46 --------- d-----w C:\Program Files\Winamp 2008-01-15 00:00 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-14 23:59 --------- d-----w C:\Program Files\Intel 2008-01-14 23:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-01-14 23:57 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-14 23:54 --------- d-----w C:\Program Files\Real Alternative 2008-01-14 23:54 --------- d-----w C:\Program Files\Java 2008-01-14 23:54 --------- d-----w C:\Program Files\Common Files\Java 2008-01-14 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-14 23:48 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-14 17:02 24,064 ----a-w C:\WINDOWS\autoload.exe 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-05 08:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 07:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 07:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 07:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 07:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 07:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 07:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 07:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 07:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 07:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 07:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 07:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 07:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 07:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 07:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 07:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 07:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 07:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 07:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 07:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 07:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 07:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 07:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 07:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 07:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 07:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 07:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 07:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 07:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-15 20:06 1266936] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-06-10 16:49 16377344 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [2007-07-19 15:23 455984] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-10 17:55 124928 C:\WINDOWS\system32\advpack.dll] "TSClientMSIUninstaller"="cmd.exe" [2004-08-04 05:00 388608 C:\WINDOWS\system32\cmd.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 08:40] R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33] R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 06:49] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43] R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-04 23:32:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-04 23:33:00 ComboFix-quarantined-files.txt 2008-02-01 13:42:41 ComboFix2.txt 2008-02-01 13:42:43 . 2008-02-04 04:00:51 --- E O F --- Lenke til kommentar
norbat Skrevet 5. februar 2008 Del Skrevet 5. februar 2008 At du mister nett etter combofix kan ha med å gjøre at combofix bryter nettforbindelsen når den scanner. Dette for at evt. infeksjoner ikke skal koble seg på nett og laste ned mer bugs. Forbindelsen blir normalt gjenopprettet etterpå. Klarer ikke helt å se noen infiserte filer i loggen din. Hvis det er problemer med det du nevner 3/2, så kunne du ha kjørt en systemgjenoppretting til før dette tidspunktet for å se om det ikke ordner saken. Du kunne også ha kjørt en onlinescanner for å se om den finner noe. Prøv f.eks. Bitdefender Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå