norbat Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\ojxuubrk.dll C:\WINDOWS\system32\dkuhxbeh.dll C:\WINDOWS\system32\jgvbjlcv.dll Folder:: C:\WINDOWS\system32\169b0f35 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4150a87-9868-40d4-8ea5-2735b3783fb0}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C769E703-2929-44B2-89E8-C39913D046EA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "169b1dbb"=- Har du nylig kjørt en scan med SuperAntiSpyware? Trenger ingen ny combofix-logg. Post en HJT-logg Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Endret 21. juni 2008 av norbat Lenke til kommentar
sjabby Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 Ja kjørte nettopp en scan med den også.. Kjører ComboFix igjen nå så skal jeg kjørte HJT etterpå og legge ut logg.. Lenke til kommentar
sjabby Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 Ja kjørte nettopp en scan med den også.. Kjører ComboFix igjen nå så skal jeg kjørte HJT etterpå og legge ut logg.. Her er logg fra HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:03:04, on 21.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\bjørn sømme\Skrivebord\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {a4150a87-9868-40d4-8ea5-2735b3783fb0} - C:\WINDOWS\system32\qtlwlxwh.dll (file missing) O2 - BHO: (no name) - {C769E703-2929-44B2-89E8-C39913D046EA} - C:\WINDOWS\system32\cbXpOIxV.dll (file missing) O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [169b1dbb] rundll32.exe "C:\WINDOWS\system32\cdvcbdyy.dll",b O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe -- End of file - 8428 bytes Lenke til kommentar
r2d290 Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: (no name) - {a4150a87-9868-40d4-8ea5-2735b3783fb0} - C:\WINDOWS\system32\qtlwlxwh.dll (file missing) O2 - BHO: (no name) - {C769E703-2929-44B2-89E8-C39913D046EA} - C:\WINDOWS\system32\cbXpOIxV.dll (file missing) O4 - HKLM\..\Run: [169b1dbb] rundll32.exe "C:\WINDOWS\system32\cdvcbdyy.dll",b Frivillig: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Du kan fikse denne dersom du selv ikke installerte den. Yahoo Toolbar kommer ofte sammen med andre programmer, og er i de fleste tilfeller uønsket. Velg selv O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u Dumprep har å gjøre med memory dumps og feil-raportering til Microsoft. Trenger ikke bli kjørt fra oppstarten. (Ved å fjerne O4-linje, fjerner du ting fra oppstart) Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter restarter du maskinen. Bruk utforsker, og se om du finner følgende fil. Hvis du gjør det, sletter du den: C:\WINDOWS\system32\cdvcbdyy.dll Mulig du må skru på "Vis skjulte filer og mapper": Åpne min datamaskin, trykk på "Verktøy", velg "Mappealternativer", velg tabben "vis", og sett "dotten" foran "Vis skjulte filer og mapper". NB! Sett den tilbake til "Ikke vi skjulte filer og mapper" når du er ferdig med denne veiledningen. Så lager du en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Endret 21. juni 2008 av r2d290 Lenke til kommentar
sjabby Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:37, on 21.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\bjørn sømme\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe -- End of file - 8008 bytes Finner ikke den .dll filen.. Lenke til kommentar
norbat Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Da ser loggen fin ut. Fila du letet etter ligger ikke på pc'n, det var kun en registeroppføring men greit å sjekke allikevel. Du kan avinstallere alle gamle versjoner av Java fra legg til/fjern programmer. Last deretter ned nyeste versjon: http://java.com/en/download/index.jsp Litt opprydding: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Fjern combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette fjerner programmet + nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Endret 21. juni 2008 av norbat Lenke til kommentar
sjabby Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 Da ser loggen fin ut. Fila du letet etter ligger ikke på pc'n, det var kun en registeroppføring men greit å sjekke allikevel. Du kan avinstallere alle gamle versjoner av Java fra legg til/fjern programmer. Last deretter ned nyeste versjon: http://java.com/en/download/index.jsp Litt opprydding: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Fjern combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette fjerner programmet + nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Takk for hjelpen, pcen virker mye bedre nå Lenke til kommentar
r2d290 Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Du fikk installert ny verson av java? Vil bare påpeke at det er ganske viktig at du gjør det, siden en så gammel versjon av java som du har, inneholder en del sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. -Surf trygt- Endret 21. juni 2008 av r2d290 Lenke til kommentar
2reolsen Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Jeg har også hatt samme problemet, og har lest hva jeg skal gjøre. Har scannet med SUPERAntiSpyware og har brukt Combofix. Men forsatt så finner maskinen ikke: \system32\airdifja.dll og \system32\cpcyelxm.dll Combofix liste: ComboFix 08-06-20.4 - Tore 2008-06-26 21:21:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.401 [GMT 2:00] Running from: C:\Documents and Settings\Tore\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb7f89bb8.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ajfidria.ini C:\WINDOWS\system32\gosytlis.ini C:\WINDOWS\system32\kbrbkhik.dll C:\WINDOWS\system32\lhgiwqoo.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\PVFPstwa.ini C:\WINDOWS\system32\PVFPstwa.ini2 C:\WINDOWS\system32\reutxxvl.dll C:\WINDOWS\system32\vlqkfmsw.dll C:\WINDOWS\system32\xwbqeqtv.ini C:\WINDOWS\system32\yemkqrwb.ini C:\WINDOWS\system32\ymulfruy.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 21:16 . 2008-06-26 21:16 <DIR> d-------- C:\Programfiler\Sun 2008-06-26 21:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-26 21:14 . 2008-06-26 21:16 <DIR> d-------- C:\Programfiler\Java 2008-06-26 21:12 . 2008-06-26 21:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-06-26 12:20 . 2008-06-26 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-26 12:19 . 2008-06-26 12:19 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-26 12:19 . 2008-06-26 12:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-26 12:19 . 2008-06-26 12:19 <DIR> d-------- C:\Documents and Settings\Tore\Programdata\SUPERAntiSpyware.com 2008-06-26 11:47 . 2008-06-26 11:47 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-26 11:13 . 2008-06-26 11:13 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-06-26 00:50 . 2008-06-26 00:50 <DIR> d-------- C:\VundoFix Backups 2008-06-26 00:47 . 2008-06-26 00:47 164 --a------ C:\install.dat 2008-06-24 13:16 . 2006-07-19 23:46 0 --a------ C:\AUTOEXEC.CAM 2008-06-07 14:58 . 2008-06-07 14:58 <DIR> d-------- C:\Programfiler\Secunia 2008-06-06 23:38 . 2003-01-29 09:29 8,703 -r------- C:\WINDOWS\system32\drivers\EIO.sys 2008-06-05 21:55 . 2008-06-05 21:55 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-06-05 21:53 . 2004-02-03 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-06-05 21:35 . 2008-06-05 21:35 10 --a------ C:\WINDOWS\WININIT.INI 2008-06-04 00:07 . 2008-06-04 00:07 <DIR> dr-h----- C:\Documents and Settings\LocalService\Siste 2008-06-04 00:01 . 2008-06-04 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-06-03 23:59 . 2008-05-16 11:28 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-06-03 23:39 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-06-03 23:32 . 2008-02-07 13:12 79,752 --a------ C:\WINDOWS\system32\drivers\ndis_rd.sys 2008-06-03 23:32 . 2008-02-07 13:12 74,624 --a------ C:\WINDOWS\system32\drivers\tdi_rd.sys 2008-06-01 22:29 . 2008-06-01 22:29 <DIR> d-------- C:\Programfiler\AVG 2008-05-31 13:48 . 2004-08-04 14:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2008-05-31 13:48 . 2004-08-04 14:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2008-05-31 13:48 . 2004-08-04 14:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2008-05-31 13:48 . 2004-08-04 14:00 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2008-05-31 13:48 . 2004-08-04 14:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2008-05-31 13:48 . 2004-08-04 14:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2008-05-31 13:48 . 2004-08-04 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2008-05-31 13:48 . 2004-08-04 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2008-05-31 13:48 . 2004-08-04 14:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2008-05-31 13:46 . 2004-08-04 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-05-31 13:45 . 2004-08-04 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-05-31 13:44 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-31 13:43 . 2008-05-31 13:43 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-31 13:43 . 2008-05-31 13:43 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-31 13:43 . 2008-05-31 13:43 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-31 13:43 . 2008-05-31 13:43 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-31 13:43 . 2008-05-31 13:43 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-31 13:43 . 2008-05-31 13:43 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-31 13:37 . 2001-08-17 20:19 111,872 --a------ C:\WINDOWS\system32\drivers\cwcspud.sys 2008-05-31 13:36 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-05-31 13:32 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SET161.tmp 2008-05-31 13:32 . 2004-08-04 14:00 1,014,193 -ra------ C:\WINDOWS\SET15E.tmp 2008-05-31 13:32 . 2004-08-04 14:00 14,043 -ra------ C:\WINDOWS\SET16D.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 19:25 --------- d-----w C:\Programfiler\Norman 2008-06-26 19:07 --------- d-----w C:\Programfiler\PCPitstop 2008-06-06 21:40 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-06-06 21:40 --------- d-----w C:\Programfiler\ATI Technologies 2008-06-05 20:44 --------- d-----w C:\Documents and Settings\Tore\Programdata\LimeWire 2008-06-05 19:53 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-06-03 21:46 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-06-03 21:40 4 ----a-w C:\NPF_USER.DAT 2008-06-03 21:17 --------- d-----w C:\Documents and Settings\Tore\Programdata\AdobeUM 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-04-27 18:18 --------- d-----w C:\Programfiler\ReaSoft 2007-12-15 23:50 25,406,752 -c--a-w C:\Programfiler\Fellesfiler\earthsim_ati.exe 2007-11-19 22:47 14,603,672 -c--a-w C:\Programfiler\jre-6u3-windows-i586-p-s.exe 2007-11-19 22:44 382,352 -c--a-w C:\Programfiler\jre-6u3-windows-i586-p-iftw.exe 2007-07-14 00:03 287,592 -c--a-w C:\Programfiler\dxwebsetup.exe 2006-12-16 18:38 457 -c--a-w C:\Programfiler\INSTALL.LOG 2006-08-25 22:13 13,325,208 -c--a-w C:\Programfiler\Poker_Superstars2-setup.exe 2006-08-25 21:19 250,558 -c--a-w C:\Programfiler\NetInstallBetssonPoker.exe 2006-08-19 19:11 22,083,376 -c--a-w C:\Programfiler\QuickTimeInstaller.exe 2006-08-11 22:02 2,530,332 -c--a-w C:\Programfiler\VenteloSMS_3_46159Q.exe 2006-07-28 11:41 17,938,274 -c--a-w C:\Documents and Settings\Tore\Programdata\norton.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92180705-8687-459C-BF8C-C3DA6813AF2B}] C:\WINDOWS\system32\awtsPFVP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4482a7d-0740-4fca-afa8-38bfdc6e564a}] C:\WINDOWS\system32\dniaprau.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-15 00:19 282624] "Norman ZANDA"="C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 09:47 277616] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-03 21:10 335872] "b4cba824"="C:\WINDOWS\system32\airdifja.dll" [ ] "BMb7f89bb8"="C:\WINDOWS\system32\cpcyelxm.dll" [ ] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-01-21 20:54:59 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programfiler\\Limewire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-02-07 13:12] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2008-02-07 13:12] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-05-06 09:16] R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-02-07 11:07] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2008-04-30 13:28] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2008-04-15 15:57] S2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2008-04-22 09:36] S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 21:27:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Norman\Npm\Bin\elogsvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Norman\npf\bin\npfuser.exe C:\Programfiler\Norman\Npm\Bin\Njeeves.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Norman\NVC\bin\Nip.exe C:\PROGRA~1\Norman\NVC\bin\CClaw.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2008-06-26 21:29:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-26 19:29:47 Pre-Run: 199,014,359,040 byte ledig Post-Run: 198,931,193,856 byte ledig 208 --- E O F --- 2008-06-26 11:49:09 HJT fil: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:04, on 26.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Norman\Nvc\Bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programfiler\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {92180705-8687-459C-BF8C-C3DA6813AF2B} - C:\WINDOWS\system32\awtsPFVP.dll (file missing) O2 - BHO: {a465e6cd-fb83-8afa-acf4-0470d7a2844f} - {f4482a7d-0740-4fca-afa8-38bfdc6e564a} - C:\WINDOWS\system32\dniaprau.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programfiler\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [b4cba824] "rundll32.exe" "C:\WINDOWS\system32\airdifja.dll",b O4 - HKLM\..\Run: [bMb7f89bb8] "Rundll32.exe" "C:\WINDOWS\system32\cpcyelxm.dll",s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programfiler\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmemb...etective-nm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191445355421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191445335953 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe -- End of file - 8297 bytes kan noen hjelpe?? Tore Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Hei, Tore Punkt 1: Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programfiler\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: (no name) - {92180705-8687-459C-BF8C-C3DA6813AF2B} - C:\WINDOWS\system32\awtsPFVP.dll (file missing) O2 - BHO: {a465e6cd-fb83-8afa-acf4-0470d7a2844f} - {f4482a7d-0740-4fca-afa8-38bfdc6e564a} - C:\WINDOWS\system32\dniaprau.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programfiler\ICQToolbar\toolbaru.dll (file missing) O4 - HKLM\..\Run: [b4cba824] "rundll32.exe" "C:\WINDOWS\system32\airdifja.dll",b O4 - HKLM\..\Run: [bMb7f89bb8] "Rundll32.exe" "C:\WINDOWS\system32\cpcyelxm.dll",s O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe (file missing) Punkt 2: Selv om SAS er det 'beste', så kjør også en scan med MBAM: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster om det finner noe Fortell hvordan det går med 'problemet'. Lenke til kommentar
2reolsen Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Hei Norbat. Takk for en effektivt svar her er malware listen: Malwarebytes' Anti-Malware 1.18 Database versjon: 894 01:02:46 27.06.2008 mbam-log-6-27-2008 (01-02-46).txt Skann type: Rask Skann Objekter skannet: 40065 Tid tilbakelagt: 6 minute(s), 20 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. og HJT liste etter sletting: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:06:30, on 27.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Norman\npf\bin\npfuser.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programfiler\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmemb...etective-nm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191445355421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191445335953 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe -- End of file - 7449 bytes Jeg håper alt er i ordren nå. Jeg gir deg nærmere beskjed i morgen (senere i dag) Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Loggen ser fin ut Antar problemet er borte? Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet. Lenke til kommentar
2reolsen Skrevet 27. juni 2008 Del Skrevet 27. juni 2008 Hei Norbat, så ut som om denne Trojaneren ble borte. Men nå oppdaget "Norman" en ny trojaner: HTML/Exploit!lFrame.G. Scanner med SUPERAntispy nå, håper dette vil bli kvitt denne. Har ikke sjekket ut hva denne trojaner gjør, men lurer på hvorfor jeg skal få så mange slike nå... har jo ikke brukt PC på en stund heller.... Men Takk for god og rask hjelp :!: Lenke til kommentar
norbat Skrevet 27. juni 2008 Del Skrevet 27. juni 2008 Hvor sier Norman at denne trojaneren skal ligge? Lenke til kommentar
2reolsen Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 Vet ikke, den er borte nå....??.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå