TheNarsissist Skrevet 13. april 2008 Del Skrevet 13. april 2008 Har fått det viruset , men PC-en er ikke noe treigere på nettet. Det som er plagsomt er at det hele tiden kommer opp windows system alert eller no. Og at ikone på skrivebordet har en slags blå bagrun bak seg. Fks Papirkurv ikonet på kantene av bildet av søppel kassa er det blått. og på teksten under (Papirkurv) er det blått bak det er veldig iriterende å se på. Hvordan fjerner jeg dette viruset. Lenke til kommentar
snippsat Skrevet 13. april 2008 Del Skrevet 13. april 2008 (endret) Hei! Vi må noen logger. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 13. april 2008 av SNIPPSAT Lenke til kommentar
TheNarsissist Skrevet 13. april 2008 Forfatter Del Skrevet 13. april 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:56:12, on 13.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Documents and Settings\All Users\Programdata\xcdihsnq\zwzodsha.exe C:\Programfiler\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\DNA\btdna.exe C:\WINDOWS\system32\hknedkbk.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\The Cleaner\cleaner.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Anders\Mine dokumenter\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Anders\Mine dokumenter\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [egeiutda] C:\WINDOWS\system32\hknedkbk.exe O4 - HKLM\..\Policies\Explorer\Run: [XxzJVTPcUN] C:\Documents and Settings\All Users\Programdata\xcdihsnq\zwzodsha.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O21 - SSODL: PrxVolume - {5c652a0d-b125-425a-8dfa-eab63c6843d6} - C:\WINDOWS\Resources\PrxVolume.dll O21 - SSODL: CDBoot - {00f9e0ca-f33d-4438-8698-503ddbc39862} - C:\WINDOWS\Resources\CDBoot.dll O21 - SSODL: dsktbwfe - {BB8D6B6A-1E17-4B70-A8E8-7E22E502190D} - C:\WINDOWS\dsktbwfe.dll O21 - SSODL: ogxtsepr - {5E9D1541-1956-4413-948D-1C36EB2E923F} - C:\WINDOWS\ogxtsepr.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9349 bytes Lenke til kommentar
norbat Skrevet 13. april 2008 Del Skrevet 13. april 2008 Så fortsetter du bare med Combofix. Loggen den lager poster du her Lenke til kommentar
TheNarsissist Skrevet 13. april 2008 Forfatter Del Skrevet 13. april 2008 ComboFix 08-04-13.1 - Anders 2008-04-13 20:58:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.586 [GMT 2:00] Running from: C:\Documents and Settings\Anders\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Anders\Favoritter\Error Cleaner.url C:\Documents and Settings\Anders\Favoritter\Privacy Protector.url C:\Documents and Settings\Anders\Favoritter\Spyware&Malware Protection.url C:\Documents and Settings\Anders\Programdata\inst.exe C:\Documents and Settings\Anders\Skrivebordblackbird.jpg C:\Documents and Settings\Anders\SkrivebordEditorFKWP1.5.exe C:\Documents and Settings\Anders\SkrivebordEditorFKWP2.0.exe C:\Documents and Settings\Anders\Skrivebordfilemanagerclient.exe C:\Documents and Settings\Anders\Skrivebordfkwp1.5.exe C:\Documents and Settings\Anders\Skrivebordfkwp2.0.exe C:\Documents and Settings\Anders\Skrivebordfwebd.exe C:\Documents and Settings\Anders\SkrivebordFWebdEditor.exe C:\Documents and Settings\Anders\SkrivebordTrojan.Win32.BlackBird.exe C:\Documents and Settings\Anders\Skrivebordvirii C:\Programfiler\akl C:\Programfiler\akl\akl.dll C:\Programfiler\akl\akl.exe C:\Programfiler\akl\uninstall.exe C:\Programfiler\akl\unsetup.exe C:\Programfiler\bho.exe C:\Programfiler\Inet Delivery C:\Programfiler\Inet Delivery\inetdl.exe C:\Programfiler\Inet Delivery\intdel.exe C:\Programfiler\PC-Cleaner C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\FVProtect.exe C:\WINDOWS\install.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\resources\CDBoot.dll C:\WINDOWS\resources\PrxVolume.dll C:\WINDOWS\system32akttzn.exe C:\WINDOWS\system32anticipator.dll C:\WINDOWS\system32awtoolb.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32bsva-egihsg52.exe C:\WINDOWS\system32dpcproxy.exe C:\WINDOWS\system32emesx.dll C:\WINDOWS\system32h@tkeysh@@k.dll C:\WINDOWS\system32hoproxy.dll C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32hxiwlgpm.exe C:\WINDOWS\system32medup012.dll C:\WINDOWS\system32medup020.dll C:\WINDOWS\system32msgp.exe C:\WINDOWS\system32msnbho.dll C:\WINDOWS\system32mssecu.exe C:\WINDOWS\system32msvchost.exe C:\WINDOWS\system32mtr2.exe C:\WINDOWS\system32mwin32.exe C:\WINDOWS\system32netode.exe C:\WINDOWS\system32newsd32.exe C:\WINDOWS\system32ps1.exe C:\WINDOWS\system32psof1.exe C:\WINDOWS\system32psoft1.exe C:\WINDOWS\system32regc64.dll C:\WINDOWS\system32regm64.dll C:\WINDOWS\system32Rundl1.exe C:\WINDOWS\system32smp C:\WINDOWS\system32smp\msrc.exe C:\WINDOWS\system32sncntr.exe C:\WINDOWS\system32ssurf022.dll C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32ssvchost.exe C:\WINDOWS\system32sysreq.exe C:\WINDOWS\system32temp#01.exe C:\WINDOWS\system32thun.dll C:\WINDOWS\system32thun32.dll C:\WINDOWS\system32taack.dat C:\WINDOWS\system32taack.exe C:\WINDOWS\system32VBIEWER.OCX C:\WINDOWS\system32vbsys2.dll C:\WINDOWS\system32vcatchpi.dll C:\WINDOWS\system32winlogonpc.exe C:\WINDOWS\system32winsystem.exe C:\WINDOWS\system32WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))) . 2008-04-13 20:30 . 2008-04-13 20:46 <DIR> d-------- C:\Programfiler\The Cleaner 2008-04-13 19:40 . 2008-04-13 19:40 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\TmpRecentIcons 2008-04-13 17:41 . 2008-04-13 15:08 217,088 --a------ C:\WINDOWS\dsktbwfe.dll 2008-04-13 17:41 . 2008-04-13 15:08 188,416 --a------ C:\WINDOWS\ogxtsepr.dll 2008-04-13 17:41 . 2008-04-13 15:08 81,920 --a------ C:\WINDOWS\spnkfwad.exe 2008-04-13 17:40 . 2008-04-13 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\xcdihsnq 2008-04-13 17:40 . 2008-04-13 17:40 110,592 --a------ C:\WINDOWS\system32\hknedkbk.exe 2008-04-12 23:02 . 2008-04-12 23:02 <DIR> d-------- C:\Programfiler\SIW 2008-04-10 21:16 . 2008-04-10 21:16 <DIR> d-------- C:\Programfiler\MagicISO 2008-04-08 20:57 . 2008-04-08 21:27 <DIR> d-------- C:\Programfiler\SlySoft 2008-04-08 20:57 . 2008-04-08 21:00 24 ---hs---- C:\WINDOWS\S02C4E37A.tmp 2008-04-08 20:44 . 2008-04-08 20:44 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\DAEMON Tools 2008-04-08 20:44 . 2008-04-08 20:44 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-08 20:26 . 2008-04-13 19:00 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\BitTorrent 2008-04-08 20:25 . 2008-04-08 20:25 <DIR> d-------- C:\Programfiler\DNA 2008-04-08 20:25 . 2008-04-13 20:53 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\DNA 2008-04-07 21:45 . 2008-04-07 21:45 <DIR> d-------- C:\Programfiler\KellySoftware 2008-04-02 22:27 . 2008-04-02 22:28 <DIR> d-------- C:\Programfiler\FrostWire 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Programfiler\AskSBar 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\FrostWire 2008-03-31 22:18 . 2006-01-23 11:51 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2008-03-31 22:17 . 2008-03-31 22:17 <DIR> d-------- C:\Programfiler\Fellesfiler\NVIDIA Shared 2008-03-31 22:17 . 2006-01-23 11:48 176,128 --a------ C:\WINDOWS\system32\nvuaudio.exe 2008-03-31 22:17 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu 2008-03-30 21:44 . 2008-03-30 21:44 <DIR> d-------- C:\Programfiler\NetProject 2008-03-24 15:08 . 2008-03-24 15:08 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\PCF-VLC 2008-03-24 14:35 . 2008-03-24 14:35 <DIR> d-------- C:\Documents and Settings\Anders\Programdata\Participatory Culture Foundation 2008-03-24 14:33 . 2008-03-24 14:34 <DIR> d-------- C:\Programfiler\Participatory Culture Foundation 2008-03-20 23:45 . 2008-03-20 23:47 23 --a------ C:\WINDOWS\popcinfot.dat 2008-03-17 00:19 . 2008-03-17 00:19 <DIR> d-------- C:\Programfiler\WinAVI MP4 Converter 2008-03-16 21:54 . 2008-03-16 21:54 <DIR> d-------- C:\Programfiler\Neoretix 2008-03-16 21:50 . 2008-03-16 21:51 <DIR> d-------- C:\Programfiler\RedTube NETMovie Ripper V3.1.0 2008-03-16 21:50 . 2007-12-13 23:59 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE 2008-03-13 23:29 . 2008-03-15 18:32 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\AVG7 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 18:33 --------- d-----w C:\Programfiler\Steam 2008-04-13 15:58 --------- d-----w C:\Programfiler\LimeWire 2008-04-13 15:58 --------- d-----w C:\Documents and Settings\Anders\Programdata\LimeWire 2008-04-12 14:48 1,846 ----a-w C:\Documents and Settings\Anders\Programdata\wklnhst.dat 2008-04-10 19:54 47,360 ----a-w C:\Documents and Settings\Anders\Programdata\pcouffin.sys 2008-04-10 19:54 --------- d-----w C:\Documents and Settings\Anders\Programdata\Vso 2008-04-10 19:50 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-09 13:43 --------- d-----w C:\Programfiler\VideoLAN 2008-03-31 20:17 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-31 20:17 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-03-31 20:17 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-03-31 14:32 --------- d-----w C:\Documents and Settings\Anders\Programdata\AdobeUM 2008-03-21 14:00 --------- d-----w C:\Programfiler\Norton Security Scan 2008-03-18 14:48 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-03-18 14:36 --------- d-----w C:\Documents and Settings\Anders\Programdata\AVG7 2008-03-17 18:48 --------- d-----w C:\Programfiler\Red Kawa 2008-03-17 13:42 90,112 ----a-w C:\WINDOWS\DUMP4ab5.tmp 2008-03-17 13:34 90,112 ----a-w C:\WINDOWS\DUMP4650.tmp 2008-03-11 21:55 --------- d-----w C:\Documents and Settings\Anders\Programdata\Xfire 2008-03-11 18:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-03-11 18:46 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-11 18:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-08 13:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-07 20:19 --------- d-----w C:\Programfiler\Xfire 2008-03-07 20:18 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Xfire 2008-03-06 19:50 --------- d-----w C:\Programfiler\Gabest 2008-03-05 21:23 --------- d-----w C:\Programfiler\Handbrake 2008-03-02 20:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-03-02 19:47 --------- d-----w C:\Programfiler\AviSynth 2.5 2008-03-02 19:44 --------- d-----w C:\Documents and Settings\Anders\Programdata\GetRightToGo 2008-03-02 19:44 --------- d-----w C:\Documents and Settings\Anders\Programdata\dvdcss 2008-03-02 19:39 --------- d-----w C:\Programfiler\Smallvideosoft 2008-02-27 21:38 --------- d-----w C:\Programfiler\Windows Live 2008-02-24 18:18 --------- d-----w C:\Documents and Settings\Anders\Programdata\vlc 2008-02-24 12:54 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Teleca 2008-02-24 12:53 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Sony Ericsson 2008-02-23 16:03 --------- d-----w C:\Programfiler\MSXML 4.0 2008-02-23 14:26 --------- d-----w C:\Programfiler\Google 2008-02-23 09:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-02-22 22:04 --------- d-----w C:\Documents and Settings\Anders\Programdata\Teleca 2008-02-22 22:01 --------- d-----w C:\Documents and Settings\Anders\Programdata\Sony Ericsson 2008-02-22 21:56 --------- d-----w C:\Programfiler\Disc2Phone 2008-02-17 21:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-02-17 21:43 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2008-02-15 16:15 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-02-13 20:23 --------- d-----w C:\Programfiler\World of Warcraft 2008-02-13 20:23 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-04-02 22:27 267592 --a------ C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-04-02 22:27 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "Steam"="c:\programfiler\steam\steam.exe" [2008-03-28 16:53 1271032] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-04-11 15:59 288576] "DAEMON Tools Lite"="C:\Documents and Settings\Anders\Mine dokumenter\DAEMON Tools Lite\daemon.exe" [ ] "egeiutda"="C:\WINDOWS\system32\hknedkbk.exe" [2008-04-13 17:40 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 12:49 139264] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 15:51 178312] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-11 11:56 286720] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe" [ ] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 20:48 579072] "NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 20:46 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "XxzJVTPcUN"= C:\Documents and Settings\All Users\Programdata\xcdihsnq\zwzodsha.exe [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Steam\\SteamApps\\andersio12\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Atari\\Deer Hunter 2005\\DH2005.exe"= "C:\\Programfiler\\Steam\\SteamApps\\andersio12\\day of defeat source\\hl2.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"= "C:\\Programfiler\\Steam\\SteamApps\\andersio12\\source dedicated server\\srcds.exe"= "C:\\Programfiler\\Xfire\\xfire.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Steam\\SteamApps\\andersio12\\team fortress 2\\hl2.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Documents and Settings\\Anders\\Mine dokumenter\\BitTorrent\\bittorrent.exe"= S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 16:11] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 16:11] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 16:11] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 16:11] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 16:11] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 16:11] S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys [] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-03-21 14:00:20 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 20:59:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-13 21:00:10 ComboFix-quarantined-files.txt 2008-04-13 18:59:59 Pre-Run: 402,306,859,008 byte ledig Post-Run: 402,347,323,392 byte ledig . 2008-04-11 22:01:30 --- E O F --- Lenke til kommentar
norbat Skrevet 13. april 2008 Del Skrevet 13. april 2008 (endret) Hvis Ask Toolbar ikke er noe du selv har installert, avinstallerer du den fra legg til/fjern programmer. Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [egeiutda] C:\WINDOWS\system32\hknedkbk.exe O4 - HKLM\..\Policies\Explorer\Run: [XxzJVTPcUN] C:\Documents and Settings\All Users\Programdata\xcdihsnq\zwzodsha.exe O21 - SSODL: dsktbwfe - {BB8D6B6A-1E17-4B70-A8E8-7E22E502190D} - C:\WINDOWS\dsktbwfe.dll O21 - SSODL: ogxtsepr - {5E9D1541-1956-4413-948D-1C36EB2E923F} - C:\WINDOWS\ogxtsepr.dll O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm PS! Før du gjør det som står under, plasserer du Combofix på skrivebordet Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\hknedkbk.exe C:\WINDOWS\dsktbwfe.dll C:\WINDOWS\ogxtsepr.dll C:\WINDOWS\spnkfwad.exe Folder:: C:\Documents and Settings\All Users\Programdata\xcdihsnq C:\Programfiler\NetProject Kjør deretter en full scan med gratisversjonen til SAS Post ny HJT-logg + loggen fra SAS (preferences->statistics/logs) Endret 13. april 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå