Major Skrevet 1. april 2008 Del Skrevet 1. april 2008 (endret) broren min skulle starte dataen min mens jeg var på skolen. han starta Utorrent, og gikk og for å se på tv. dette var kl 15. så når jeg kom hjem fra skolen, så ser jeg at jeg har fått en slags trojan på dataen. har kommet mange mappe o C:/ mappen. og antiviruset mitt klikker heilt. så får jeg ikke tilgang med den pcen til nette. så noen som kan hjelpe meg med og finne ut hva det er. jeg har tatt og scanet den med HijackThis Hvis dere vil at jeg skal scane med noe annet så si ifra. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:39, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\windows\system32\jowdw64p.exe C:\WINDOWS\system32\qcntpkdn.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\khufee.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\XoftSpySE\xoftspy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.daemon-search.com/startpage"]http://www.daemon-search.com/startpage[/url] R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink Class - {4a2aacf3-adf6-11d5-98a9-00e018981b9e} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing) O2 - BHO: Media Player Codec - {54202673-bd70-423c-ae57-5b2354567629} - C:\WINDOWS\dsaip32b.dll O2 - BHO: DealioBHO Class - {6a87b991-a31f-4130-ae72-6d0c294bf082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1207055536.dll (file missing) O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - C:\WINDOWS\system32\qommmki.dll O2 - BHO: SearchSettings Class - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\Search Settings\kb126\SearchSettings.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [{34-46-68-8B-DW}] C:\windows\system32\jowdw64p.exe DWoli5 O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\qcntpkdn.exe DWoli5 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [WintelUpdate] C:\khufee.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntpkdn.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jowdw64p.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url] O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - [url="http://www.tvkoo.com/update/UKooPlayer.ocx"]http://www.tvkoo.com/update/UKooPlayer.ocx[/url] O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [url="http://ax.emsisoft.com/asquared.cab"]http://ax.emsisoft.com/asquared.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{3DB7F2FC-8110-4398-B8BB-0FC05DC8BC3B}: NameServer = 81.167.36.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{3DB7F2FC-8110-4398-B8BB-0FC05DC8BC3B}: NameServer = 81.167.36.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{3DB7F2FC-8110-4398-B8BB-0FC05DC8BC3B}: NameServer = 81.167.36.3 O20 - Winlogon Notify: qommmki - C:\WINDOWS\SYSTEM32\qommmki.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NNServ (nnserv) - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 9507 bytes Endret 1. april 2008 av Major Lenke til kommentar
r2d290 Skrevet 1. april 2008 Del Skrevet 1. april 2008 Ja, var en del rusk her... kan du gå gjennom LANGVERSONEN av denne guiden? loggene det blir spurt etter, poster du her https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Major Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 jeg skal ta og gjør det med en gang Lenke til kommentar
Major Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 jeg har nå prøvd og få til internett, så den bærbare pcen. (den som har fått trojan på)' men nå får jeg bare blåskjerm. uansett hva jeg gjør så får jeg det. er det noe jeg kan gjør? eller er det bare og formatere den? Lenke til kommentar
snippsat Skrevet 1. april 2008 Del Skrevet 1. april 2008 Boot trykk f8 flere ganger,velg sikkerhetmodus med nettverk. Går det bra her,kjør en runde med SAS og lag en hjt-logg her. Lenke til kommentar
Major Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 (endret) en ny HijackThis scan Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:40:14, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\WINDOWS\system32\tcntpkdn.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AdVantage\AdVantage.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntpkdn.exe DWoli5 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [WintelUpdate] C:\khufee.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntpkdn.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwdw64d.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD1985A-04C9-4439-A085-9D312D231A36}: NameServer = 10.0.0.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: qommmki - qommmki.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 8666 bytes ComboFix ComboFix 08-03-30.5 - serial 2008-04-01 20:52:38.3 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.785 [GMT 2:00] Running from: E:\trojan-program\ComboFix3.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\grande48.sys . ((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))) . 2008-04-01 20:56 . 2008-04-01 20:57 17 --a------ C:\WINDOWS\system32\msnav32.ax 2008-04-01 20:47 . 2008-04-01 20:47 <DIR> d-------- C:\Program Files\CCleaner 2008-04-01 20:25 . 2008-04-01 20:37 <DIR> d-------- C:\ComboFix2 2008-04-01 20:04 . 2008-04-01 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 16:19 . 2008-04-01 16:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-01 16:18 . 2008-04-01 16:18 <DIR> d-------- C:\Program Files\XoftSpySE 2008-04-01 16:15 . 2008-04-01 16:15 <DIR> d-------- C:\Program Files\Windows Defender 2008-04-01 15:31 . 2008-04-01 15:31 49,173 --a------ C:\WINDOWS\system32\jowdw64p.exe 2008-04-01 15:15 . 2008-04-01 15:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-04-01 15:12 . 2008-04-01 15:12 211,456 --a------ C:\WINDOWS\dsaip32b.dll 2008-04-01 15:12 . 2008-04-01 15:12 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2008-04-01 15:12 . 2008-04-01 15:12 29 --a------ C:\WINDOWS\system32\porirepf.tmp 2008-04-01 15:11 . 2008-04-01 15:11 196,678 --a------ C:\WINDOWS\system32\qcntpkdn.exe 2008-04-01 15:11 . 2008-04-01 15:11 49,155 --a------ C:\WINDOWS\system32\rwwdw64d.exe 2008-04-01 15:11 . 2008-04-01 15:11 12,800 --a------ C:\sdfgh123-.exe 2008-04-01 15:11 . 2008-04-01 15:11 934 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-03-31 18:19 . 2008-03-31 18:19 <DIR> d-------- C:\Program Files\mIRC 2008-03-31 12:44 . 2008-03-31 12:44 <DIR> d-------- C:\Program Files\Groove Games 2008-03-30 15:54 . 2008-03-30 15:55 <DIR> d-------- C:\Program Files\OCAD 9.6 Demo 2008-03-29 19:14 . 2008-03-29 19:14 38 --a------ C:\WINDOWS\avisplitter.INI 2008-03-26 19:20 . 2008-03-26 19:20 <DIR> d-------- C:\Program Files\LimeWire 2008-03-26 19:13 . 2008-03-27 16:25 <DIR> d-------- C:\Documents and Settings\serial\Shared 2008-03-26 19:13 . 2008-03-27 16:25 <DIR> d-------- C:\Documents and Settings\serial\Incomplete 2008-03-26 19:13 . 2008-03-27 16:25 <DIR> d-------- C:\Documents and Settings\serial\Application Data\LimeWire 2008-03-25 17:21 . 2008-03-25 17:21 <DIR> d-------- C:\Program Files\Google 2008-03-24 21:39 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-03-24 21:39 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-03-24 21:39 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-03-24 21:39 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-03-24 21:39 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-03-24 21:39 . 2004-08-03 23:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-03-24 12:42 . 2008-03-24 12:42 <DIR> d-------- C:\Documents and Settings\serial\Application Data\DivX 2008-03-22 10:30 . 2008-03-22 10:30 <DIR> d-------- C:\Program Files\iPod 2008-03-22 10:30 . 2008-04-01 20:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-22 10:30 . 2008-03-22 10:30 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-22 10:29 . 2008-03-22 10:30 <DIR> d-------- C:\Program Files\iTunes 2008-03-22 10:27 . 2008-03-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-21 20:11 . 2008-03-21 20:11 <DIR> d-------- C:\Program Files\xchat 2008-03-21 20:11 . 2008-03-31 22:21 <DIR> d-------- C:\Documents and Settings\serial\Application Data\X-Chat 2 2008-03-21 20:08 . 2008-03-21 20:08 <DIR> d-------- C:\Documents and Settings\serial\.silc 2008-03-19 10:47 . 2008-03-19 10:47 <DIR> d-------- C:\Program Files\FlashFXP 2008-03-19 10:47 . 2008-03-19 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP 2008-03-18 15:03 . 2008-03-18 15:03 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-03-18 15:02 . 2008-03-18 15:02 <DIR> d-------- C:\Program Files\Real 2008-03-18 15:02 . 2008-03-18 15:03 <DIR> d-------- C:\Program Files\Common Files\Real 2008-03-18 14:58 . 2008-03-18 14:59 <DIR> d-------- C:\Program Files\QuickTime 2008-03-18 14:57 . 2008-03-18 14:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-18 14:57 . 2008-03-18 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-16 16:11 . 2008-03-16 16:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-03-15 22:43 . 2008-03-19 10:59 <DIR> d-------- C:\Program Files\A4Proxy 2008-03-15 20:40 . 2008-02-21 04:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-03-15 20:40 . 2008-02-21 04:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-03-15 20:40 . 2008-02-21 04:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-03-15 20:40 . 2008-02-21 04:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-15 20:40 . 2008-02-21 04:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-15 20:37 . 2008-03-15 20:38 <DIR> d-------- C:\Documents and Settings\serial\amsn 2008-03-15 20:36 . 2008-03-15 20:36 <DIR> d-------- C:\Program Files\aMSN 2008-03-15 17:48 . 2008-03-15 17:49 1,320 --a------ C:\WINDOWS\checkip.dat 2008-03-13 20:24 . 2008-03-13 20:33 168 --a------ C:\WINDOWS\nyno31.ini 2008-03-04 16:49 . 2008-03-23 21:27 <DIR> d-------- C:\Program Files\EasyPHP 2.0b1 2008-03-04 16:42 . 2008-03-23 21:27 <DIR> d-------- C:\Program Files\PHP Coder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-01 18:57 --------- d-----w C:\Program Files\Steam 2008-04-01 13:43 --------- d-----w C:\Documents and Settings\serial\Application Data\uTorrent 2008-03-31 16:29 --------- d-----w C:\Documents and Settings\serial\Application Data\mIRC 2008-03-31 13:59 --------- d-----w C:\Documents and Settings\serial\Application Data\dvdcss 2008-03-31 11:54 --------- d-----w C:\Program Files\AdVantage 2008-03-25 15:30 --------- d-----w C:\Program Files\TightVNC 2008-03-18 13:01 --------- d-----w C:\Program Files\Java 2008-03-18 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-15 18:41 --------- d-----w C:\Program Files\DivX 2008-03-15 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-11 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-02 19:16 --------- d-----w C:\Documents and Settings\serial\Application Data\skypePM 2008-02-28 14:57 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-21 18:17 --------- d-----w C:\Documents and Settings\serial\Application Data\Media Player Classic 2008-02-21 18:15 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-18 19:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-17 19:10 --------- d-----w C:\Documents and Settings\serial\Application Data\JLC's Software 2008-02-17 19:09 --------- d-----w C:\Program Files\JLC's Software . ((((((((((((((((((((((((((((( snapshot@2008-04-01_20.37.22.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-01 18:23:30 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-04-01 18:36:36 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-01 18:23:30 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-01 18:36:36 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-01 18:57:19 196,676 ----a-w C:\WINDOWS\system32\tcntpkdn.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}] C:\Program Files\NewDotNet\newdotnet6_38.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54202673-bd70-423c-ae57-5b2354567629}] 2008-04-01 15:12 211456 --a------ C:\WINDOWS\dsaip32b.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-01 20:57 1271032] "MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [ ] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 18:51 486856] "AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-06-28 16:19 880080] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ] "WintelUpdate"="C:\khufee.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05 344064] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17 409600] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59 794624] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-11 20:57 249896] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 15:02 185896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 15:48 479232] "{34-46-68-8B-DW}"="c:\windows\system32\rwwdw64d.exe" [2008-04-01 15:11 49155] "g]eeV\mWhjlnspB"="C:\WINDOWS\system32\tcntpkdn.exe" [2008-04-01 20:57 196676] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\serial\Start Menu\Programs\Startup\ Deewoo.lnk - C:\WINDOWS\system32\tcntpkdn.exe [2008-04-01 20:57:18 196676] DW_Start.lnk - C:\WINDOWS\system32\rwwdw64d.exe [2008-04-01 15:11:14 49155] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommmki] qommmki.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\serial\\Desktop\\utorrent.exe"= "C:\\Program Files\\Steam\\steamapps\\major89\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\xchat\\xchat.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06] . Contents of the 'Scheduled Tasks' folder "2008-03-29 06:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-01 18:59:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-04-01 18:56:20 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2008-04-01 14:18:58 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 20:56:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?7?6?1??????? ???B?????????????hLC? ?????? scanning hidden files ... C:\WINDOWS\system32\tcntpkdn.exe 196676 bytes executable C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes C:\WINDOWS\system32\drivers\Ofpl49.sys 167936 bytes executable scan completed successfully hidden files: 3 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\tcntpkdn.exe DWoli5" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofpl49] . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2008-04-01 21:02:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-01 19:02:03 ComboFix2.txt 2008-04-01 18:37:56 Pre-Run: 1,357,320,192 bytes free Post-Run: 273,969,152 bytes free . 2008-03-11 22:13:48 --- E O F --- jeg scana med sas, men der så fant jeg ikke filen. Endret 1. april 2008 av Major Lenke til kommentar
snippsat Skrevet 1. april 2008 Del Skrevet 1. april 2008 (endret) Kopiere fet tekst->lim inn i notisblokk. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\jowdw64p.exe C:\WINDOWS\system32\porirepf.tmp C:\WINDOWS\system32\qcntpkdn.exe C:\WINDOWS\system32\rwwdw64d.exe C:\sdfgh123-.exe C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\checkip.dat C:\khufee.exe c:\windows\system32\rwwdw64d.exe C:\WINDOWS\system32\tcntpkdn.exe C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\system32\drivers\Ofpl49.sys Folder:: C:\Program Files\AdVantage Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54202673-bd70-423c-ae57-5b2354567629}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdVantage"=- "WintelUpdate"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{34-46-68-8B-DW}"=- "g]eeV\mWhjlnspB"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommmki qommmki] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofpl49] Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Restart og en ny HijackThis logg. Endret 1. april 2008 av SNIPPSAT Lenke til kommentar
Major Skrevet 2. april 2008 Forfatter Del Skrevet 2. april 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:07:30, on 02.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntpkdn.exe DWoli5 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD1985A-04C9-4439-A085-9D312D231A36}: NameServer = 10.0.0.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: qommmki - qommmki.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9529 bytes Lenke til kommentar
snippsat Skrevet 2. april 2008 Del Skrevet 2. april 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntpkdn.exe DWoli5 O20 - Winlogon Notify: qommmki - qommmki.dll (file missing) Restart. Si litt om pcen kjører greit nå. Endret 2. april 2008 av SNIPPSAT Lenke til kommentar
Major Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 beklager for at det tok litt tid. men nå funker alt mye bedre Lenke til kommentar
snippsat Skrevet 3. april 2008 Del Skrevet 3. april 2008 Da sier vi at du er ren for grums Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Defragmering kan være greit og gjøre nå. Auslogics Disk Defrag + Free Registry Defrag Fortsett og bruk SAS og CCleaner. Surf trygt. Lenke til kommentar
r2d290 Skrevet 3. april 2008 Del Skrevet 3. april 2008 Og: endre emnetittelen din, ved å redigere første post med FULL REDIGERING. La den nye titelen bli: [LØST] har fått trojan på pc`en Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå