snippsat Skrevet 12. mars 2008 Del Skrevet 12. mars 2008 (endret) Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Hjt slett. Surf trygt Endret 12. mars 2008 av SNIPPSAT Lenke til kommentar
theboss22 Skrevet 12. mars 2008 Forfatter Del Skrevet 12. mars 2008 ja, da funker alt sammen kjempe bra.. Takk for all hjelp og innsats!.. Godt å ha data experter kun et tastetrykk unna gett Lenke til kommentar
theboss22 Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 ja, da funker alt sammen kjempe bra.. Takk for all hjelp og innsats!.. Godt å ha data experter kun et tastetrykk unna gett Fyfaen.. Nå har det kommet igjen!.. Hjelp ??????????????????? Lenke til kommentar
snippsat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Ja må ha noen logger igjen da. Lenke til kommentar
theboss22 Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 Ja må ha noen logger igjen da. Tar det i morgen;).. Så ser vi på det da hvis det er greit! Skjønner ikke åssen det skjer jeg altså!... Lenke til kommentar
theboss22 Skrevet 27. mars 2008 Forfatter Del Skrevet 27. mars 2008 HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:12:48, on 27.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\sysqyzwud.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll (file missing) O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}] "C:\WINDOWS\sysqyzwud.exe" O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe -- End of file - 7274 bytes ComboFix 08-03-26.1 - Compaq_Eier 2008-03-27 15:15:11.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.154 [GMT 1:00] Running from: C:\Documents and Settings\Compaq_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\B3GA3HCE\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\xewuaqj.exe . ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) . 2008-03-25 22:11 . 2008-03-27 15:12 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Siste 2008-03-25 05:42 . 2008-03-25 05:42 81,472 --a------ C:\WINDOWS\sysutrnez.exe 2008-03-25 05:42 . 2008-03-25 05:42 75,840 --a------ C:\WINDOWS\sysqyzwud.exe 2008-03-25 05:42 . 2008-03-25 05:42 64,576 --a------ C:\WINDOWS\sysscpmqn.exe 2008-03-25 05:42 . 2008-03-25 05:43 3,072 --a------ C:\WINDOWS\xcbhwuq.exe 2008-03-25 05:42 . 2008-03-25 05:43 1,855 --a------ C:\WINDOWS\config.ini 2008-03-25 05:42 . 2008-03-25 05:43 1,409 --a------ C:\WINDOWS\xhbxcnv.exe 2008-03-25 05:42 . 2008-03-25 05:43 1,272 --a------ C:\WINDOWS\xfjzrby.dll 2008-03-20 03:20 . 2008-03-25 05:24 51 --a------ C:\xmp.bat 2008-03-18 17:59 . 2008-03-18 19:10 45 --a------ C:\TEST.XML 2008-03-18 16:38 . 2004-08-04 13:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-03-18 16:38 . 2004-08-04 13:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-03-13 17:33 . 2008-03-13 17:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-03-13 17:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-13 17:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-13 17:31 . 2008-03-13 17:31 <DIR> d-------- C:\Programfiler\HP 2008-03-13 17:31 . 2008-03-13 17:34 103,509 --a------ C:\WINDOWS\hpoins04.dat 2008-03-13 17:31 . 2004-06-22 07:04 17,176 --------- C:\WINDOWS\hpomdl04.dat 2008-03-13 04:45 . 2008-03-13 04:45 50 --a------ C:\tmp.bat 2008-03-12 19:55 . 2008-03-12 19:55 <DIR> d-------- C:\Programfiler\Avira 2008-03-12 19:55 . 2008-03-12 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira 2008-03-12 18:53 . 2008-03-12 18:53 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\SUPERAntiSpyware.com 2008-03-12 18:07 . 2008-03-12 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-12 18:06 . 2008-03-12 18:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-12 16:06 . 2008-03-12 16:06 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-11 21:33 . 2008-03-11 21:33 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Printer Info Cache 2008-03-11 21:33 . 2008-03-11 21:40 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Image Zone Express 2008-03-11 04:13 . 2008-03-13 04:40 50 --a------ C:\amp.bat 2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d-------- C:\WINDOWS\system32\Engines 2008-03-09 09:58 . 2008-03-10 03:01 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-01 20:04 . 2008-03-01 20:04 2,193,024 --a------ C:\WINDOWS\system32\kernel1.exe 2008-03-01 20:04 . 2007-09-06 13:09 212 -rahs---- C:\BOOT.BKK 2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Programfiler\TGTSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 19:21 1,670 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\wklnhst.dat 2008-03-12 20:56 --------- d-----w C:\Programfiler\Fellesfiler\MinneSparere 2008-03-10 09:40 252,432 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\install_no[1].exe 2008-02-11 22:55 19,584 ----a-w C:\WINDOWS\system32\drivers\wedmrcnn.dat 2008-02-09 22:32 --------- d-----w C:\Programfiler\MinneSparere 2008-02-08 17:40 --------- d-----w C:\Programfiler\IObit 2008-02-02 18:16 260,624 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\setup_no[1].exe 2008-01-31 11:47 --------- d-----w C:\Programfiler\Google 2008-01-30 13:49 --------- d-----w C:\Programfiler\Java 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-01-01 12:43 1,600,864 ----a-w C:\Documents and Settings\Compaq_Eier\setup.exe 2004-02-04 18:53 24,070,405 ----a-w C:\Documents and Settings\Compaq_Eier\nero6303.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030}] C:\WINDOWS\system32\atrac.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Programfiler\Ares\Ares.exe" [ ] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "Yahoo! Pager"="C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-30 15:04 171448] "NBJ"="C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-01-01 15:27 180269] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 19:59 249896] "{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}"="C:\WINDOWS\sysqyzwud.exe" [2008-03-25 05:42 75840] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] Icatch(VI) SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2008-01-06 21:19:52 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\WebEye\\WebEye.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= R0 yfkutzfn;yfkutzfn;C:\WINDOWS\system32\drivers\wedmrcnn.dat [] . Contents of the 'Scheduled Tasks' folder "2008-03-27 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Programfiler\AdwareAlert\AdwareAlert.ex - C:\Programfiler\AdwareAlert "2008-03-12 00:27:02 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 15:16:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yfkutzfn] "ImagePath"="system32\drivers\wedmrcnn.dat" . Completion time: 2008-03-27 15:17:18 ComboFix-quarantined-files.txt 2008-03-27 14:17:09 ComboFix2.txt 2008-03-12 17:34:32 Pre-Run: 174,013,378,560 byte ledig Post-Run: 174,002,991,104 byte ledig . 2008-03-12 19:39:01 --- E O F --- Lenke til kommentar
snippsat Skrevet 27. mars 2008 Del Skrevet 27. mars 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix File:: C:\WINDOWS\sysutrnez.exe C:\WINDOWS\sysqyzwud.exe C:\WINDOWS\sysscpmqn.exe C:\WINDOWS\xcbhwuq.exe C:\WINDOWS\config.ini C:\WINDOWS\xhbxcnv.exe C:\WINDOWS\xfjzrby.dll C:\xmp.bat C:\tmp.bat C:\amp.bat Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030} C:\WINDOWS\system32\atrac] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"=- "ISUSScheduler"=- "{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}"=- Driver:: yfkutzfn Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" Oppdatere og kjør en runde med SAS som du har. Restart og en ny HijackThis logg. Endret 27. mars 2008 av SNIPPSAT Lenke til kommentar
hans A Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 (endret) Tar opp en gammel tråd. Ser det henvises mye til topsalgantivirus. Har selv opplevd ved flere anledninger å få opp et popupvindu der man får advarsel om virus og blir henvist til siden topsalgantivirus.com...... Er dette en link til et virus? Endret 28. juni 2008 av hans A Lenke til kommentar
r2d290 Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 (endret) Ville aldri lasta ned antivirusprogram som ikke er fra dets offisielle side. Se her: https://www.diskusjon.no/index.php?showtopic=776083 hvis du lurer på hvor du kan få tak i diverse anbefalte sikkerhetsprogram (under "hva trenger jeg av beskyttelse") Hvis du lurer på om du har malware på maskinen din, kan du følge denne guiden, og poste loggene i din egen tråd ved å trykke på nytt emne knappen edit: da jeg ser i tidligere logger at toppsalg antivirus lagres som mappe/fil på maskinen din, kan du nok gå god for at dette er malware-relatert Endret 28. juni 2008 av r2d290 Lenke til kommentar
hans A Skrevet 28. juni 2008 Del Skrevet 28. juni 2008 Jeg bruker alltid å steng brannmuren hvis jeg får slike popupmeldinger. Og når man lukker disse vinduene etter at brannmuren er lukket så får man se hvilken side den prøver å åpne. Kjøre selv Norman Security Suite. Lenke til kommentar
r2d290 Skrevet 29. juni 2008 Del Skrevet 29. juni 2008 Får du beskjeder fra noen av sikkerhetsprogrammene dine ang. denne siden, bør du ABSOLUTT følge den guiden... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå