Teds Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 (endret) Hei! Fikk akkurat inn en bærbar fra et familiemedlem og her har det virkelig skjedd et massivt virusangrep. Jeg har fått tatt backup av det mest kjære og nå driver jeg å prøver intenst å få fjernet det. Problemet er at "blåskjermen" hvor hovedstikkordene er: - "En driver har overkjørt en stakkbasert buffer. -STOP: 0x000000F7 (0x0090EC50,0x0000A876,0xFFFF5789,0x00000000) alltid dukker opp ved et arbeid. Prøver intenst å kjøre Spybot, men da problemene skal fikses kommer blåskjermen. Det fungerer heller ikke i sikkerhetsmodus, men regner med jeg snart skal få klart å få en HJT-logg. HJT-logg er ordnet: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:22, on 24.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\NetProject\scm.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\NetProject\sbsm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\NetProject\scit.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Programfiler\NetProject\sbmdl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Programfiler\Helper\1206374985.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124825886996 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151255385563 O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10938 bytes Endret 24. mars 2008 av Teds Lenke til kommentar
snippsat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 (endret) Ja det er litt grums Må ha en logg fra comofix her. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Går det ikke for du sifra. Endret 24. mars 2008 av SNIPPSAT Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Prøv dette: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 (endret) Tusen takk for respons! Sitter på min egen data nå og holder meg av internett på pasienten. Har med noe som heter "NetProject" og deretter baller det seg på med verktøylinjer også videre... Kommer tilbake med mer informasjon når Combofix-loggen er klar. Edit1: Helvette som den lyden skremte meg! Programmet surrer og går nå, samtidig driver NOD32 for første gang og finner problemer. Dro gjennom en full skann i stad og da fant den ingenting så synes det er merkelig at det er først nå den oppdager problemene... Edit2: ComboFix-loggen er funnet og ligger i "spoiler-taggen nedenfor. ComboFix 08-03-24.1 - Linn Haugesten 2008-03-24 21:35:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.175 [GMT 1:00] Running from: C:\Documents and Settings\Linn Haugesten\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\tdidrv32.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_tdidrv32.sys -------\tdidrv32.sys ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 21:38 . 2004-08-04 12:00 24,576 --a------ C:\WINDOWS\system32\CF_init.exe 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-03-24 20:53 . 2005-08-16 14:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-03-24 19:39 . 2008-03-24 19:39 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-24 18:54 . 2008-03-24 18:53 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-24 18:54 . 2008-03-24 18:54 2,550 --a------ C:\WINDOWS\unins000.dat 2008-03-24 17:09 . 2008-03-24 17:09 <DIR> d-------- C:\Programfiler\NetProject 2008-03-24 17:09 . 2008-03-24 17:09 <DIR> d-------- C:\Programfiler\Helper 2008-02-24 15:07 . 2008-02-24 17:58 <DIR> d-------- C:\Programfiler\Google 2008-02-24 15:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-24 14:34 . 2008-02-24 14:34 <DIR> d-------- C:\Documents and Settings\Linn Haugesten\Programdata\Apple Computer 2008-02-24 14:33 . 2008-02-24 14:33 <DIR> d-------- C:\Programfiler\iTunes 2008-02-24 14:33 . 2008-02-24 14:33 <DIR> d-------- C:\Programfiler\iPod 2008-02-24 14:33 . 2008-03-24 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-24 14:33 . 2008-02-24 14:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-24 14:32 . 2008-02-24 14:32 <DIR> d-------- C:\Programfiler\Bonjour 2008-02-24 14:31 . 2008-02-24 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-02-24 14:30 . 2008-02-24 14:31 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-02-24 14:25 . 2008-02-24 14:32 <DIR> d-------- C:\Programfiler\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 18:26 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-03-24 16:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-03-24 16:16 --------- d-----w C:\Programfiler\ESET 2008-02-24 16:59 --------- d-----w C:\Documents and Settings\Linn Haugesten\Programdata\AdobeUM 2008-02-24 14:06 --------- d-----w C:\Programfiler\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}] 2008-03-24 21:30 9728 --a------ C:\Programfiler\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47DD37-AC11-4A93-8E16-2B2364AF0897}] 2008-03-24 17:09 13312 --a------ C:\Programfiler\Helper\1206374985.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Programfiler\NetProject\wamdl.dll [2008-03-24 17:09 83456] [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 18:53 68856] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 16:33 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-03-27 18:13 949376] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-24 14:25 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-08-16 14:48:51 24576] dlbcserv.lnk - C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe [2005-09-20 16:44:06 315392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{7d7bd0c4-4913-4933-b870-7388a7bffb82}"= C:\WINDOWS\system32\lvhjtsa.dll [2008-02-24 15:06 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= . Contents of the 'Scheduled Tasks' folder "2008-03-14 19:04:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-24 20:39:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 21:40:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\lvhjtsa.dll . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-03-24 21:43:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-24 20:43:14 . 2008-03-11 21:57:07 --- E O F --- Endret 24. mars 2008 av Teds Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Noen av-prog. kan reagere på noen prosesser som combofix kjører. Blir det problemer med å kjøre prog. så slå av NOD midlertidig. Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Gikk bra i alle fall, og loggen ligger i min forrige post. Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Porblemet med blåskjerm kommer mest sannsynlig av fila tdidrv32.sys, som combofix fjernet. Dette er en Rootkit som har som oppgave å beskytte infeksjonen du har. Gjør dette: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Programfiler\NetProject C:\Programfiler\Helper Etter restart, fortsetter du med følgende: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post ny combofix-logg (den som ble laget etter at du kjørte CFScript) + loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Den er i gang nå! Spm1: Angående blåskjermen; ville man da i teorien også kunne kjørt Spybot nå? Spm2: Tar ikke sjansen på å koble pasienten på internett, så hvordan kan jeg få oppdatert Super AntiSpyware da? Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Ja, i teorien skulle ikke driveren som forårsaket blåskjerm gjøre noe mer skade Koble gjerne PC-en til nett for oppdatering av SAS. Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Da var Super AntiSpyware kjørt gjennom og maken til program! ComboFix før SAS ble kjørt gjennom: ComboFix 08-03-24.1 - Linn Haugesten 2008-03-24 22:04:08.2 - NTFSx86 Running from: C:\Documents and Settings\Linn Haugesten\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Linn Haugesten\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Helper C:\Programfiler\Helper\1206374985.dll C:\Programfiler\NetProject C:\Programfiler\NetProject\ot.ico C:\Programfiler\NetProject\sbmdl.dll C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\NetProject\sbsm.exe C:\Programfiler\NetProject\sbun.exe C:\Programfiler\NetProject\scit.exe C:\Programfiler\NetProject\scm.exe C:\Programfiler\NetProject\scu.exe C:\Programfiler\NetProject\ts.ico C:\Programfiler\NetProject\wamdl.dll C:\Programfiler\NetProject\waun.exe . ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 21:38 . 2004-08-04 12:00 24,576 --a------ C:\WINDOWS\system32\CF_init.exe 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-03-24 20:53 . 2005-08-16 14:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-03-24 20:53 . 2004-09-28 18:30 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-03-24 20:53 . 2004-09-28 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-03-24 19:39 . 2008-03-24 19:39 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-24 18:54 . 2008-03-24 18:53 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-24 18:54 . 2008-03-24 18:54 2,550 --a------ C:\WINDOWS\unins000.dat 2008-02-24 15:07 . 2008-02-24 17:58 <DIR> d-------- C:\Programfiler\Google 2008-02-24 15:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-24 14:34 . 2008-02-24 14:34 <DIR> d-------- C:\Documents and Settings\Linn Haugesten\Programdata\Apple Computer 2008-02-24 14:33 . 2008-02-24 14:33 <DIR> d-------- C:\Programfiler\iTunes 2008-02-24 14:33 . 2008-02-24 14:33 <DIR> d-------- C:\Programfiler\iPod 2008-02-24 14:33 . 2008-03-24 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-24 14:33 . 2008-02-24 14:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-24 14:32 . 2008-02-24 14:32 <DIR> d-------- C:\Programfiler\Bonjour 2008-02-24 14:31 . 2008-02-24 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-02-24 14:30 . 2008-02-24 14:31 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-02-24 14:25 . 2008-02-24 14:32 <DIR> d-------- C:\Programfiler\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 18:26 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-03-24 16:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-03-24 16:16 --------- d-----w C:\Programfiler\ESET 2008-02-24 16:59 --------- d-----w C:\Documents and Settings\Linn Haugesten\Programdata\AdobeUM 2008-02-24 14:06 13,312 --s-a-w C:\WINDOWS\system32\lvhjtsa.dll 2008-02-24 14:06 --------- d-----w C:\Programfiler\Java 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 18:53 68856] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 16:33 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-03-27 18:13 949376] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-24 14:25 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-08-16 14:48:51 24576] dlbcserv.lnk - C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe [2005-09-20 16:44:06 315392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{7d7bd0c4-4913-4933-b870-7388a7bffb82}"= C:\WINDOWS\system32\lvhjtsa.dll [2008-02-24 15:06 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= . Contents of the 'Scheduled Tasks' folder "2008-03-14 19:04:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-24 21:04:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 22:06:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-24 22:07:24 ComboFix-quarantined-files.txt 2008-03-24 21:07:09 . 2008-03-11 21:57:07 --- E O F --- SAS sin logg; fjernet en del rusk så jeg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/24/2008 at 10:42 PM Application Version : 4.0.1154 Core Rules Database Version : 3423 Trace Rules Database Version: 1415 Scan type : Complete Scan Total Scan Time : 00:25:50 Memory items scanned : 483 Memory threats detected : 1 Registry items scanned : 5671 Registry threats detected : 14 File items scanned : 12227 File threats detected : 44 Trojan.FakeAlert-Gen/Variant C:\WINDOWS\SYSTEM32\LVHJTSA.DLL C:\WINDOWS\SYSTEM32\LVHJTSA.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{7d7bd0c4-4913-4933-b870-7388a7bffb82} HKCR\CLSID\{7D7BD0C4-4913-4933-B870-7388A7BFFB82} HKCR\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32 HKCR\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32#ThreadingModel C:\PROGRAMFILER\WINAMP\PLUGINS\GEN_TRAY.DLL Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@winsecureav[1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][3].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@hornyeurosluts[2].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@winpcdoctor[1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@stopzilla[1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@socialmedia[1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@imrworldwide[2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@yadro[2].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@virusranger[1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\[email protected][1].txt C:\Documents and Settings\Linn Haugesten\Cookies\linn_haugesten@antispykit[1].txt Trojan.Media-Codec C:\Documents and Settings\Linn Haugesten\Favoritter\Online Security Test.url Trojan.Media-Codec/V4 HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Trojan.Media-Codec/V5 HKU\S-1-5-21-640433167-317197202-2487349771-1006\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#UninstallString Rogue.NetProject-Installer C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0026753.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0027753.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0027787.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0028780.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0029780.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0030782.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0031782.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0032782.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0034782.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP239\A0035782.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP240\A0035796.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP241\A0035855.EXE Adware.E404 Helper/Variant-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP241\A0035851.DLL Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Fint. Da ser vi på en ny hjt-logg til slutt. Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Kjører en Spybot nå; så blir det en HJT til slutt... Så får vi se om natten bringer med en formatering for det var mye snuskent jobb her inne. Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 (endret) Det vil nå ligge flere malwarefiler i div. karantenemapper. Når du kjører forskjellige antispywareprog. vil disse mest sannsynlig finne hverandres 'karantenefiler'. Det ville derfor ha vært greit og fått ryddet litt først, men du bestemmer Edit: Og en formatering burde være unødvendig Endret 24. mars 2008 av norbat Lenke til kommentar
Teds Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 HJT-logg er tatt og med min erfaring var det meget bra! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:15, on 24.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124825886996 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151255385563 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10228 bytes Opprydningen er tatt allerede, kjedelig for lite datakyndige å finne ComboFix og trykke med mer. Formateringen skjer som en bonus; kanskje. Ikke for sikkerhetens skyld. Takker alle; spesielt norbat for hjelpen gjennom denne kvelden. Fått lære å kjenne både ComboFix og SAS som jeg aldri har brukt før... Takk igjen, om det ikke er noe mer i HJT-loggen som jeg overså. Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Loggen ser fin ut Combofix bør avinstalleres. Det gjør du ved å skrive combofix /u i kjør-vinduet (start->kjør). Dette fjerner backupsfiler, samt nullstiller systemgjenopprettingen. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå