runejors Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 (endret) Har klart å få dette fordømte greiene inn i maskinen. kjører i dag med avast som sikring. Avast detekterte denne rakkaren, men den klarte seg. hvordan blir jeg kvitt denne. har også prøvd med Cclean uten å lykkes Rune Endret 6. mars 2008 av runejors Lenke til kommentar
r2d290 Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 Last ned HijackThis legg i egen mappe på skrivebordet. Start hjt og velg "Do a system scan and save a logfile". Loggfilen kopierer du og limer inn i posten din. Lenke til kommentar
runejors Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Last ned HijackThis legg i egen mappe på skrivebordet.Start hjt og velg "Do a system scan and save a logfile". Loggfilen kopierer du og limer inn i posten din. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:18, on 29.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe c:\Programfiler\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\DOCUME~1\Rune\LOKALE~1\Temp\Midlertidig mappe 1 for HiJackThis.zip\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176964600078 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{673511D8-33EB-45A8-AC0C-AE3FDEBA7F03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8027DA87-9213-402F-94F3-6C0A1120EA03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D477BA97-32B1-4783-AA90-838DDDDA1C8E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA11D93E-A3AD-4E86-B804-9C647815194C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - C:\WINDOWS\system32\heuvth.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11168 bytes Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 (endret) Last ned SmitfraudFix legg det på skrivebordet. Boot trykk flere ganger på f8 velg sikkerhetmodus. Kjør Smitfraudfix, velg valg 2. Post loggen C:\rapport.txt I normalmodus. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. Endret 29. februar 2008 av SNIPPSAT Lenke til kommentar
runejors Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Last ned SmitfraudFix legg det på skrivebordet.Boot trykk flere ganger på f8 velg sikkerhetmodus. Kjør Smitfraudfix, velg valg 2. Post loggen C:\rapport.txt I normalmodus. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. Ny logg kan se ut til at problemet er løst Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:33:07, on 01.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE c:\Programfiler\Microsoft IntelliPoint\dpupdchk.exe D:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Windows Live\Family Safety\fssui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Rune\LOKALE~1\Temp\Midlertidig mappe 1 for HiJackThis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176964600078 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{673511D8-33EB-45A8-AC0C-AE3FDEBA7F03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8027DA87-9213-402F-94F3-6C0A1120EA03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D477BA97-32B1-4783-AA90-838DDDDA1C8E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA11D93E-A3AD-4E86-B804-9C647815194C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10949 bytes Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 (endret) Ja ser bra ut dette. Kunne ta med hva SmitfraudFix fant. Viss du kjørte combofix vil jeg gjerne se loggen. Den må også avinnstallers. Er dette en adresse du kjenner? 208.67.220.220 Address: 50 Freemont St. Address: 16 Floor Endret 29. februar 2008 av SNIPPSAT Lenke til kommentar
runejors Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Ja ser bra ut dette. Kunne ta med hva SmitfraudFix fant. Viss du kjørte combofix vil jeg gjerne se loggen. Den må også avinnstallers. Er dette en adresse du kjenner? 208.67.220.220 Address: 50 Freemont St. Address: 16 Floor Kjenner ikke denne adressen helt ukjent. Tok ikke vare på de loggene , skal jeg kjøre de på nytt ??? Rune Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 (endret) Nei du trenger ikke og kjøre på nytt. Fra start->kjør sc stop Microsoft System Management sc delete Microsoft System Management Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing) ) O17 - HKLM\System\CCS\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{673511D8-33EB-45A8-AC0C-AE3FDEBA7F03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8027DA87-9213-402F-94F3-6C0A1120EA03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D477BA97-32B1-4783-AA90-838DDDDA1C8E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 Kunne du kjørt combofix en gang til og postet loggen. Restart og en ny HijackThis logg. Endret 1. mars 2008 av SNIPPSAT Lenke til kommentar
runejors Skrevet 1. mars 2008 Forfatter Del Skrevet 1. mars 2008 Nei du trenger ikke og kjøre på nytt. Fra start->kjør sc stop Microsoft System Management sc delete Microsoft System Management Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing) ) O17 - HKLM\System\CCS\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{673511D8-33EB-45A8-AC0C-AE3FDEBA7F03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8027DA87-9213-402F-94F3-6C0A1120EA03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D477BA97-32B1-4783-AA90-838DDDDA1C8E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 Kunne du kjørt combofix en gang til og postet loggen. Restart og en ny HijackThis logg. Combo fix ComboFix 08-03-01 - Rune 2008-03-02 12:13:40.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.602 [GMT 1:00] Running from: C:\Documents and Settings\Rune\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))) . 2008-03-02 10:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-02 10:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-02 10:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-01 22:10 . 2008-03-01 22:10 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-02-29 21:23 . 2008-02-29 21:23 2,352 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-29 21:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-02-29 21:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-02-29 21:21 . 2008-02-28 11:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe 2008-02-29 21:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-02-29 21:21 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-02-29 21:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-02-29 21:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-02-29 21:13 . 2008-02-29 21:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-29 21:11 . 2008-02-29 21:13 <DIR> d-------- C:\Documents and Settings\Rune\.housecall6.6 2008-02-29 20:55 . 2008-03-01 21:37 <DIR> d-------- C:\Programfiler\Windows Live 2008-02-29 20:55 . 2008-02-29 21:00 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-02-29 20:55 . 2008-02-29 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-02-29 20:18 . 2008-02-29 20:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-29 20:18 . 2008-02-29 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-02-27 21:48 . 2008-03-02 12:03 <DIR> dr-h----- C:\Documents and Settings\Rune\Siste 2008-02-27 21:42 . 2008-02-27 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-02-27 21:34 . 2008-02-27 21:34 <DIR> d-------- C:\Programfiler\Yahoo! 2008-02-27 21:34 . 2008-02-27 21:39 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-10 16:33 . 2008-02-10 16:33 <DIR> d-------- C:\Programfiler\R-Studio 2008-02-10 16:14 . 2008-02-10 16:14 <DIR> d-------- C:\Programfiler\Convar 2008-02-10 16:14 . 2003-07-18 13:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll 2008-02-10 16:14 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-10 16:14 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-10 16:14 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-02-10 16:14 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll 2008-02-10 16:14 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca 2008-02-09 16:10 . 2008-02-09 16:10 <DIR> d-------- C:\Programfiler\iPod 2008-02-09 16:09 . 2008-02-09 16:09 <DIR> d-------- C:\Programfiler\Bonjour 2008-02-09 16:08 . 2008-02-09 16:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-02-09 16:03 . 2008-03-02 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 16:03 . 2008-02-09 16:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-09 12:54 . 2008-02-09 12:53 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-09 12:54 . 2008-02-09 12:54 3,443 --a------ C:\WINDOWS\unins000.dat 2008-02-05 18:12 . 2008-02-05 18:12 <DIR> d-------- C:\Documents and Settings\Rune\Programdata\vlc 2008-02-03 10:20 . 2008-02-03 10:20 <DIR> d-------- C:\Programfiler\Canon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 20:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-11 19:26 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-09 17:27 --------- d-----w C:\Documents and Settings\Rune\Programdata\LimeWire 2008-02-09 15:10 --------- d-----w C:\Documents and Settings\Rune\Programdata\Apple Computer 2008-02-09 15:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-09 15:09 --------- d-----w C:\Programfiler\QuickTime 2008-02-09 11:54 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-02-03 15:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-02-03 10:37 --------- d-----w C:\Documents and Settings\Rune\Programdata\Canon 2008-01-26 11:44 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-01-22 21:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-01-22 21:43 249,856 ------w C:\WINDOWS\Setup1.exe 2008-01-13 11:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\espionServerData 2008-01-13 11:46 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-13 11:46 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-13 11:46 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-13 11:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-04 19:14 --------- d-----w C:\Programfiler\SoIP-player 2008-01-03 19:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2007-12-11 17:31 22,328 ----a-w C:\Documents and Settings\Rune\Programdata\PnkBstrK.sys 2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-03-30 19:21 1 ----a-w C:\Documents and Settings\Rune\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "IntelliPoint"="c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736] "Adobe Photo Downloader"="F:\Programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" [ ] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-27 18:03 152872 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] --a------ 2006-05-22 13:26 694272 C:\Programfiler\dvd43\dvd43_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2007-01-17 17:01 496640 C:\Programfiler\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] --a------ 2004-07-29 03:41 1122304 C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-01-22 16:22 81920 C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] f:\PROGRA~1\Pinnacle\PPE\PPE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] f:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 02:01 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-11-14 16:21 16270848 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Fellesfiler\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "D:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\Programfiler\\LimeWire\\LimeWire.exe"= "D:\\Programfiler\\BitLord2\\BitLord.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 02:33] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46] R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 03:13] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] R2 X4HSX32;X4HSX32;C:\Programfiler\SoIP-player\X4HSX32.Sys [2006-12-13 09:34] R3 mssmbios;BIOS-driver for Microsoft System Management;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-04 13:00] S4 Microsoft System Management;Microsoft System Management;C:\WINDOWS\system32\system.exe [] . Contents of the 'Scheduled Tasks' folder "2007-12-24 13:00:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 12:15:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-02 12:15:29 ComboFix-quarantined-files.txt 2008-03-02 11:15:27 ComboFix2.txt 2008-03-01 20:30:57 . 2008-03-01 21:10:28 --- E O F --- Nei du trenger ikke og kjøre på nytt. Fra start->kjør sc stop Microsoft System Management sc delete Microsoft System Management Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing) ) O17 - HKLM\System\CCS\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{673511D8-33EB-45A8-AC0C-AE3FDEBA7F03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8027DA87-9213-402F-94F3-6C0A1120EA03}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D477BA97-32B1-4783-AA90-838DDDDA1C8E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{02BDD9BA-3735-4466-A66B-BAB8C6C384FD}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 Kunne du kjørt combofix en gang til og postet loggen. Restart og en ny HijackThis logg. Combo fix ComboFix 08-03-01 - Rune 2008-03-02 12:13:40.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.602 [GMT 1:00] Running from: C:\Documents and Settings\Rune\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))) . 2008-03-02 10:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-02 10:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-02 10:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-01 22:10 . 2008-03-01 22:10 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-02-29 21:23 . 2008-02-29 21:23 2,352 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-29 21:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-02-29 21:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-02-29 21:21 . 2008-02-28 11:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe 2008-02-29 21:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-02-29 21:21 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-02-29 21:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-02-29 21:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-02-29 21:13 . 2008-02-29 21:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-29 21:11 . 2008-02-29 21:13 <DIR> d-------- C:\Documents and Settings\Rune\.housecall6.6 2008-02-29 20:55 . 2008-03-01 21:37 <DIR> d-------- C:\Programfiler\Windows Live 2008-02-29 20:55 . 2008-02-29 21:00 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-02-29 20:55 . 2008-02-29 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-02-29 20:18 . 2008-02-29 20:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-29 20:18 . 2008-02-29 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-02-27 21:48 . 2008-03-02 12:03 <DIR> dr-h----- C:\Documents and Settings\Rune\Siste 2008-02-27 21:42 . 2008-02-27 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-02-27 21:34 . 2008-02-27 21:34 <DIR> d-------- C:\Programfiler\Yahoo! 2008-02-27 21:34 . 2008-02-27 21:39 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-10 16:33 . 2008-02-10 16:33 <DIR> d-------- C:\Programfiler\R-Studio 2008-02-10 16:14 . 2008-02-10 16:14 <DIR> d-------- C:\Programfiler\Convar 2008-02-10 16:14 . 2003-07-18 13:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll 2008-02-10 16:14 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-10 16:14 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-10 16:14 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-02-10 16:14 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll 2008-02-10 16:14 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca 2008-02-09 16:10 . 2008-02-09 16:10 <DIR> d-------- C:\Programfiler\iPod 2008-02-09 16:09 . 2008-02-09 16:09 <DIR> d-------- C:\Programfiler\Bonjour 2008-02-09 16:08 . 2008-02-09 16:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-02-09 16:03 . 2008-03-02 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 16:03 . 2008-02-09 16:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-09 12:54 . 2008-02-09 12:53 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-09 12:54 . 2008-02-09 12:54 3,443 --a------ C:\WINDOWS\unins000.dat 2008-02-05 18:12 . 2008-02-05 18:12 <DIR> d-------- C:\Documents and Settings\Rune\Programdata\vlc 2008-02-03 10:20 . 2008-02-03 10:20 <DIR> d-------- C:\Programfiler\Canon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 20:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-11 19:26 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-09 17:27 --------- d-----w C:\Documents and Settings\Rune\Programdata\LimeWire 2008-02-09 15:10 --------- d-----w C:\Documents and Settings\Rune\Programdata\Apple Computer 2008-02-09 15:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-09 15:09 --------- d-----w C:\Programfiler\QuickTime 2008-02-09 11:54 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-02-03 15:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-02-03 10:37 --------- d-----w C:\Documents and Settings\Rune\Programdata\Canon 2008-01-26 11:44 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-01-22 21:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-01-22 21:43 249,856 ------w C:\WINDOWS\Setup1.exe 2008-01-13 11:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\espionServerData 2008-01-13 11:46 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-13 11:46 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-13 11:46 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-13 11:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-04 19:14 --------- d-----w C:\Programfiler\SoIP-player 2008-01-03 19:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2007-12-11 17:31 22,328 ----a-w C:\Documents and Settings\Rune\Programdata\PnkBstrK.sys 2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-03-30 19:21 1 ----a-w C:\Documents and Settings\Rune\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "IntelliPoint"="c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736] "Adobe Photo Downloader"="F:\Programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" [ ] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-27 18:03 152872 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] --a------ 2006-05-22 13:26 694272 C:\Programfiler\dvd43\dvd43_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2007-01-17 17:01 496640 C:\Programfiler\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] --a------ 2004-07-29 03:41 1122304 C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-01-22 16:22 81920 C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] f:\PROGRA~1\Pinnacle\PPE\PPE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] f:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 02:01 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-11-14 16:21 16270848 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Fellesfiler\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "D:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\Programfiler\\LimeWire\\LimeWire.exe"= "D:\\Programfiler\\BitLord2\\BitLord.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 02:33] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46] R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 03:13] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] R2 X4HSX32;X4HSX32;C:\Programfiler\SoIP-player\X4HSX32.Sys [2006-12-13 09:34] R3 mssmbios;BIOS-driver for Microsoft System Management;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-04 13:00] S4 Microsoft System Management;Microsoft System Management;C:\WINDOWS\system32\system.exe [] . Contents of the 'Scheduled Tasks' folder "2007-12-24 13:00:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 12:15:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-02 12:15:29 ComboFix-quarantined-files.txt 2008-03-02 11:15:27 ComboFix2.txt 2008-03-01 20:30:57 . 2008-03-01 21:10:28 --- E O F --- Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:53, on 02.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe c:\Programfiler\Microsoft IntelliPoint\dpupdchk.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\DOCUME~1\Rune\LOKALE~1\Temp\Midlertidig mappe 1 for HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176964600078 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{DA11D93E-A3AD-4E86-B804-9C647815194C}: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9598 bytes Lenke til kommentar
norbat Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Bruk Norton Removal Tool til å fjerne rester etter Norton. Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O17 - HKLM\System\CCS\Services\Tcpip\..\{DA11D93E-A3AD-4E86-B804-9C647815194C}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE Hvordan kjører forøvrig PC-en? Lenke til kommentar
runejors Skrevet 1. mars 2008 Forfatter Del Skrevet 1. mars 2008 Bruk Norton Removal Tool til å fjerne rester etter Norton. Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O17 - HKLM\System\CCS\Services\Tcpip\..\{DA11D93E-A3AD-4E86-B804-9C647815194C}: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE Hvordan kjører forøvrig PC-en? Virker forsåvidt greit nå. kanskje litt mange prosesser som går. Nå er ikke jeg så kyndig at jeg kan slå av disse. ellers så har jeg denne konfigurasjonen. må vel kunne si at problemet er løst ------------------ System Information ------------------ Time of this report: 11/6/2007, 18:06:58 Machine name: SPILL Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.070227-2254) Language: Norwegian (Bokmål) (Regional Setting: Norwegian (Bokmål)) System Manufacturer: MSI System Model: MS-7250 BIOS: Default System BIOS Processor: AMD Athlon 64 X2 Dual Core Processor 3800+, MMX, 3DNow (2 CPUs), ~2.0GHz Memory: 1024MB RAM Page File: 269MB used, 2192MB available Windows Dir: C:\WINDOWS DirectX Version: DirectX 9.0c (4.09.0000.0904) DX Setup Parameters: Not found DxDiag Version: 5.03.2600.2180 32bit Unicode --------------- Display Devices --------------- Card name: NVIDIA GeForce 8800 GTS Manufacturer: NVIDIA Chip type: GeForce 8800 GTS DAC type: Integrated RAMDAC Device Key: Enum\PCI\VEN_10DE&DEV_0193&SUBSYS_042110DE&REV_A2 Display Memory: 640.0 MB Current Mode: 1024 x 768 (32 bit) (60Hz) Monitor: Plug and Play-skjerm Monitor Max Res: 1600,1200 Driver Name: nv4_disp.dll Driver Version: 6.14.0011.6904 (English) DDI Version: 9 (or higher) Driver Attributes: Final Retail Driver Date/Size: 10/28/2007 16:52:00, 5768320 bytes Lenke til kommentar
r2d290 Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Da kan du avinstallere combofix: Start ->kjør Skriv: combofix /u dette avinstallerer programmet, og sletter minnet for systemgjennopretting, så du slipper å gjennoprette maskinen til en gang du hadde virus. Når dette er gjort, skriver du "[LØST]" i starten av emnetittelen din (rediger første post med full redigering). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå