Linkage Skrevet 20. april 2008 Del Skrevet 20. april 2008 Hei. Jeg har plutselig fått Spyware på PCen min, og keg har prøvd AdAware og AVG, men ingen av dem fjerner spywaren min. Er det noen som kan hjelpe meg. Her er loggen min fra HighJack This: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:35:32 PM, on 4/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NetProject\scit.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\sbsm.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MagicDVDRipper\MagicDVDRipper.exe C:\Program Files\Red Kawa\Video Converter 3\RKVideoConverter.exe C:\Program Files\Red Kawa\Video Converter 3\Tools\FFmpeg\ffmpeg.exe D:\Harry\BitComet\BitComet.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Harry\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [java] system.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [java] system.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [bitTorrent] "D:\Harry\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Harry\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{26D4F06A-2EC7-4E04-9181-BE4FF9EAEF67}: NameServer = 192.168.1.1 O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 8865 bytes Lenke til kommentar
norbat Skrevet 20. april 2008 Del Skrevet 20. april 2008 Ja, følg langversjonen i denne tråden: https://www.diskusjon.no/index.php?showtopic=691246, så tar vi det deretter Lenke til kommentar
Linkage Skrevet 20. april 2008 Forfatter Del Skrevet 20. april 2008 He he, jeg skjønte det nå. Nå holder jeg på med kjøre langversjonen, skal poste ny logg straks. Lenke til kommentar
Linkage Skrevet 20. april 2008 Forfatter Del Skrevet 20. april 2008 Jeg er nettopp blitt ferdog med del A i Punkt 2 i langversjonen, og nå virker det som om alt er bra, så skal jeg forsette med de andre punktene eller er jeg ferdig nå? Lenke til kommentar
norbat Skrevet 20. april 2008 Del Skrevet 20. april 2008 Selv om SAS er et glimrende antispywareprogram, så trenger vi loggen fra Combofix for å avgjøre om det er noe mer som må gjøres for at du blir spywarefri. Så ja, kjør gjennom HELE veiledningen Lenke til kommentar
Linkage Skrevet 20. april 2008 Forfatter Del Skrevet 20. april 2008 (endret) Ok, nå er jeg ferdig. Her er Loggene: ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-18.3 - Harry 2008-04-20 17:47:16.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1491 [GMT 2:00] Running from: C:\Documents and Settings\Harry\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\NetProject . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\SUPERAntiSpyware.com 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-20 16:53 . 2008-04-20 16:53 <DIR> d-------- C:\Program Files\CCleaner 2008-04-20 16:34 . 2008-04-20 16:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-20 16:08 . 2008-04-20 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-20 16:07 . 2008-04-20 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-20 12:57 . 2008-04-20 12:57 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Lavasoft 2008-04-20 12:56 . 2008-04-20 16:08 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-20 12:25 . 2008-04-20 12:27 <DIR> d-------- C:\Program Files\AoA DVD Ripper 2008-04-20 12:25 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll 2008-04-20 12:25 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe 2008-04-20 12:25 . 2008-04-20 12:25 0 --a------ C:\WINDOWS\AoADVDRipper.INI 2008-04-20 12:23 . 2008-04-20 12:23 <DIR> d-------- C:\Program Files\MagicDVDRipper 2008-04-20 12:17 . 2008-04-20 13:19 <DIR> d-------- C:\Program Files\SlySoft 2008-04-20 12:17 . 2008-04-20 12:17 0 --ahs---- C:\WINDOWS\S7E8B8AEB.tmp 2008-04-20 11:07 . 2008-04-20 11:07 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Grisoft 2008-04-20 11:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-20 00:48 . 2008-04-20 00:48 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-04-20 00:48 . 2008-04-20 00:48 2 --a------ C:\WINDOWS\Twain001.Mtx 2008-04-20 00:48 . 2008-04-20 00:48 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Sony 2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Publish Providers 2008-04-20 00:47 . 2008-04-20 12:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\Program Files\Vstplugins 2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-04-20 00:23 . 2008-04-20 00:23 <DIR> d-------- C:\Program Files\Sony 2008-04-20 00:18 . 2008-04-20 00:18 <DIR> d-------- C:\Program Files\MSBuild 2008-04-20 00:13 . 2008-04-20 00:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-20 00:11 . 2008-04-20 00:11 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-04-20 00:10 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-20 00:00 . 2008-04-20 00:00 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Sony Setup 2008-04-19 23:59 . 2008-04-19 23:59 <DIR> d-------- C:\Program Files\Sony Setup 2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Program Files\Red Kawa 2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-04-19 15:09 . 2008-04-20 01:13 <DIR> d-------- C:\Program Files\Xilisoft 2008-04-19 12:42 . 2008-04-19 12:42 <DIR> d-------- C:\Program Files\iPod 2008-04-19 12:42 . 2008-04-20 17:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-19 12:42 . 2008-04-19 12:42 1,409 --a------ C:\WINDOWS\QTFont.for Super Anti Spyware: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 04/20/2008 at 05:30 PM Application Version : 4.0.1154 Core Rules Database Version : 3442 Trace Rules Database Version: 1434 Scan type : Complete Scan Total Scan Time : 00:28:20 Memory items scanned : 499 Memory threats detected : 5 Registry items scanned : 5164 Registry threats detected : 135 File items scanned : 25573 File threats detected : 40 Trojan.Media-Codec/V5 C:\PROGRAM FILES\NETPROJECT\SCIT.EXE C:\PROGRAM FILES\NETPROJECT\SCIT.EXE C:\PROGRAM FILES\NETPROJECT\SCM.EXE C:\PROGRAM FILES\NETPROJECT\SCM.EXE C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE [some] C:\PROGRAM FILES\NETPROJECT\SCIT.EXE [start] C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE HKLM\Software\Classes\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E} HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E} HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E} HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}\Implemented Categories HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}\InprocServer32 HKCR\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}\InprocServer32#ThreadingModel C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{51D81DD5-55B7-497F-95DB-D356429BB54E} C:\Program Files\NetProject\sbun.exe C:\Program Files\NetProject\scu.exe C:\Program Files\NetProject\ts.ico C:\Program Files\NetProject\waun.exe C:\Program Files\NetProject HKU\S-1-5-21-484763869-1647877149-725345543-1003\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#UninstallString Trojan.FakeAlert-Gen/Variant C:\WINDOWS\SYSTEM32\BUBBJ.DLL C:\WINDOWS\SYSTEM32\BUBBJ.DLL Trojan.Media-Codec/V4 HKLM\Software\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88} HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}#xxx HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32 HKCR\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}\InprocServer32#ThreadingModel C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ] HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Trojan.Smitfraud Variant HKLM\Software\Classes\CLSID\{db763ed8-100a-481b-8913-50a2f41dcdc3} HKCR\CLSID\{DB763ED8-100A-481B-8913-50A2F41DCDC3} HKCR\CLSID\{DB763ED8-100A-481B-8913-50A2F41DCDC3}\InProcServer32 HKCR\CLSID\{DB763ED8-100A-481B-8913-50A2F41DCDC3}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{db763ed8-100a-481b-8913-50a2f41dcdc3} Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Trojan.Security Toolbar C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url Trojan.Media-Codec C:\Documents and Settings\Harry\Favorites\Online Security Test.url Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString Rogue.MalwareWar HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B} HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\ArIpUGssvs HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\ArVydrG HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\ecfgotaj HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\InprocServer32 HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\InprocServer32#ThreadingModel HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\KjwXwCeupi HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\NkmzqngvqWz HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\ProgID HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\VersionIndependentProgID HKCR\CLSID\{13901470-5BCF-0EA6-A762-AD195455772B}\yAmjt HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C} HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C}\1.0 HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C}\1.0 HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C}\1.0\win32 HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C}\1.0\FLAGS HKCR\TypeLib\{270ED688-20F5-4048-8BC1-0FDD9FC74D7C}\1.0\HELPDIR HKCR\Interface\{32D236FB-D737-4D71-99EB-03792294CF26} HKCR\Interface\{32D236FB-D737-4D71-99EB-03792294CF26}\ProxyStubClsid HKCR\Interface\{32D236FB-D737-4D71-99EB-03792294CF26}\ProxyStubClsid32 HKCR\Interface\{32D236FB-D737-4D71-99EB-03792294CF26}\TypeLib HKCR\Interface\{32D236FB-D737-4D71-99EB-03792294CF26}\TypeLib#Version HKCR\Interface\{357C6A0B-A6E5-4CEA-9341-473811DC2827} HKCR\Interface\{357C6A0B-A6E5-4CEA-9341-473811DC2827}\ProxyStubClsid HKCR\Interface\{357C6A0B-A6E5-4CEA-9341-473811DC2827}\ProxyStubClsid32 HKCR\Interface\{357C6A0B-A6E5-4CEA-9341-473811DC2827}\TypeLib HKCR\Interface\{357C6A0B-A6E5-4CEA-9341-473811DC2827}\TypeLib#Version HKCR\Interface\{3C3D2DD9-71AA-4F00-9535-1A7CD6FB3D97} HKCR\Interface\{3C3D2DD9-71AA-4F00-9535-1A7CD6FB3D97}\ProxyStubClsid HKCR\Interface\{3C3D2DD9-71AA-4F00-9535-1A7CD6FB3D97}\ProxyStubClsid32 HKCR\Interface\{3C3D2DD9-71AA-4F00-9535-1A7CD6FB3D97}\TypeLib HKCR\Interface\{3C3D2DD9-71AA-4F00-9535-1A7CD6FB3D97}\TypeLib#Version HKCR\Interface\{3F0F6985-848F-41FE-A084-C4113632B3B9} HKCR\Interface\{3F0F6985-848F-41FE-A084-C4113632B3B9}\ProxyStubClsid HKCR\Interface\{3F0F6985-848F-41FE-A084-C4113632B3B9}\ProxyStubClsid32 HKCR\Interface\{3F0F6985-848F-41FE-A084-C4113632B3B9}\TypeLib HKCR\Interface\{3F0F6985-848F-41FE-A084-C4113632B3B9}\TypeLib#Version HKCR\Interface\{3F3F340B-5747-480B-924B-171192439090} HKCR\Interface\{3F3F340B-5747-480B-924B-171192439090}\ProxyStubClsid HKCR\Interface\{3F3F340B-5747-480B-924B-171192439090}\ProxyStubClsid32 HKCR\Interface\{3F3F340B-5747-480B-924B-171192439090}\TypeLib HKCR\Interface\{3F3F340B-5747-480B-924B-171192439090}\TypeLib#Version HKCR\Interface\{4A92D630-DB84-4B74-9350-6F3E029B3B2A} HKCR\Interface\{4A92D630-DB84-4B74-9350-6F3E029B3B2A}\ProxyStubClsid HKCR\Interface\{4A92D630-DB84-4B74-9350-6F3E029B3B2A}\ProxyStubClsid32 HKCR\Interface\{4A92D630-DB84-4B74-9350-6F3E029B3B2A}\TypeLib HKCR\Interface\{4A92D630-DB84-4B74-9350-6F3E029B3B2A}\TypeLib#Version HKCR\Interface\{4B185567-67C4-47A3-BE9A-450A7D04B748} HKCR\Interface\{4B185567-67C4-47A3-BE9A-450A7D04B748}\ProxyStubClsid HKCR\Interface\{4B185567-67C4-47A3-BE9A-450A7D04B748}\ProxyStubClsid32 HKCR\Interface\{4B185567-67C4-47A3-BE9A-450A7D04B748}\TypeLib HKCR\Interface\{4B185567-67C4-47A3-BE9A-450A7D04B748}\TypeLib#Version HKCR\Interface\{53BC2481-1054-4F77-B05E-513EECAD6ABD} HKCR\Interface\{53BC2481-1054-4F77-B05E-513EECAD6ABD}\ProxyStubClsid HKCR\Interface\{53BC2481-1054-4F77-B05E-513EECAD6ABD}\ProxyStubClsid32 HKCR\Interface\{53BC2481-1054-4F77-B05E-513EECAD6ABD}\TypeLib HKCR\Interface\{53BC2481-1054-4F77-B05E-513EECAD6ABD}\TypeLib#Version HKCR\Interface\{6978A4D2-66CE-4C9A-B748-DADCE50491DA} HKCR\Interface\{6978A4D2-66CE-4C9A-B748-DADCE50491DA}\ProxyStubClsid HKCR\Interface\{6978A4D2-66CE-4C9A-B748-DADCE50491DA}\ProxyStubClsid32 HKCR\Interface\{6978A4D2-66CE-4C9A-B748-DADCE50491DA}\TypeLib HKCR\Interface\{6978A4D2-66CE-4C9A-B748-DADCE50491DA}\TypeLib#Version HKCR\Interface\{6E72CBCC-4094-4D51-AB82-64DB6E62D20E} HKCR\Interface\{6E72CBCC-4094-4D51-AB82-64DB6E62D20E}\ProxyStubClsid HKCR\Interface\{6E72CBCC-4094-4D51-AB82-64DB6E62D20E}\ProxyStubClsid32 HKCR\Interface\{6E72CBCC-4094-4D51-AB82-64DB6E62D20E}\TypeLib HKCR\Interface\{6E72CBCC-4094-4D51-AB82-64DB6E62D20E}\TypeLib#Version HKCR\Interface\{72C743BA-209A-4083-AB89-26BDA4243D74} HKCR\Interface\{72C743BA-209A-4083-AB89-26BDA4243D74}\ProxyStubClsid HKCR\Interface\{72C743BA-209A-4083-AB89-26BDA4243D74}\ProxyStubClsid32 HKCR\Interface\{72C743BA-209A-4083-AB89-26BDA4243D74}\TypeLib HKCR\Interface\{72C743BA-209A-4083-AB89-26BDA4243D74}\TypeLib#Version HKCR\Interface\{9D3648FC-A34E-4A8D-A216-F0D88DD083C7} HKCR\Interface\{9D3648FC-A34E-4A8D-A216-F0D88DD083C7}\ProxyStubClsid HKCR\Interface\{9D3648FC-A34E-4A8D-A216-F0D88DD083C7}\ProxyStubClsid32 HKCR\Interface\{9D3648FC-A34E-4A8D-A216-F0D88DD083C7}\TypeLib HKCR\Interface\{9D3648FC-A34E-4A8D-A216-F0D88DD083C7}\TypeLib#Version HKCR\Interface\{A159B961-14A3-4D8F-9869-EE7403367D98} HKCR\Interface\{A159B961-14A3-4D8F-9869-EE7403367D98}\ProxyStubClsid HKCR\Interface\{A159B961-14A3-4D8F-9869-EE7403367D98}\ProxyStubClsid32 HKCR\Interface\{A159B961-14A3-4D8F-9869-EE7403367D98}\TypeLib HKCR\Interface\{A159B961-14A3-4D8F-9869-EE7403367D98}\TypeLib#Version HKCR\Interface\{AB2888A8-6794-4914-BD3D-D943EB652BA0} HKCR\Interface\{AB2888A8-6794-4914-BD3D-D943EB652BA0}\ProxyStubClsid HKCR\Interface\{AB2888A8-6794-4914-BD3D-D943EB652BA0}\ProxyStubClsid32 HKCR\Interface\{AB2888A8-6794-4914-BD3D-D943EB652BA0}\TypeLib HKCR\Interface\{AB2888A8-6794-4914-BD3D-D943EB652BA0}\TypeLib#Version HKCR\Interface\{E7A088BF-A8D0-404B-B03A-7E47037E2DA2} HKCR\Interface\{E7A088BF-A8D0-404B-B03A-7E47037E2DA2}\ProxyStubClsid HKCR\Interface\{E7A088BF-A8D0-404B-B03A-7E47037E2DA2}\ProxyStubClsid32 HKCR\Interface\{E7A088BF-A8D0-404B-B03A-7E47037E2DA2}\TypeLib HKCR\Interface\{E7A088BF-A8D0-404B-B03A-7E47037E2DA2}\TypeLib#Version HKCR\Interface\{FCEAF5AF-5EC5-4AEB-96A9-32833EDB2BFF} HKCR\Interface\{FCEAF5AF-5EC5-4AEB-96A9-32833EDB2BFF}\ProxyStubClsid HKCR\Interface\{FCEAF5AF-5EC5-4AEB-96A9-32833EDB2BFF}\ProxyStubClsid32 HKCR\Interface\{FCEAF5AF-5EC5-4AEB-96A9-32833EDB2BFF}\TypeLib HKCR\Interface\{FCEAF5AF-5EC5-4AEB-96A9-32833EDB2BFF}\TypeLib#Version HKCR\AppId\MalwareWar.EXE HKCR\AppId\MalwareWar.EXE#AppID HKCR\AppId\{44D69AB4-9B85-49fa-A97B-360EADFFDFA3} C:\Program Files\MalwareWar 7.3\ignorelist.dat C:\Program Files\MalwareWar 7.3\MalwareWar 7.3.exe C:\Program Files\MalwareWar 7.3\MalwareWar.ini C:\Program Files\MalwareWar 7.3 Malware.VirusRanger D:\HARRY\DOWNLOADS\VRG_SETUP.EXE D:\HARRY\DOWNLOADS\VRG_SETUP[0].EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{AD6CCBBB-CD1D-4FED-8BEB-6D408C380B73}\RP89\A0047623.EXE Trace.Known Threat Sources C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8FMV07CV\glb[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\E323YZQ9\index[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\KFQVGRQF\managers[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8FMV07CV\crypt[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8LABW1IB\progressbar[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\CXSLENUV\shkaladelenie[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8FMV07CV\data[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8LABW1IB\head[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\CXSLENUV\box[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\OTAZWXAB\folder[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\E323YZQ9\bg[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8FMV07CV\lupa[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\KFQVGRQF\common[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\OTAZWXAB\botton_03[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\OTAZWXAB\shld[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\CXSLENUV\ajax[1].htm C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8LABW1IB\shield[1].gif C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\KFQVGRQF\a[1].gif HighJack This: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:51:33 PM, on 4/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Harry\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [bitTorrent] "D:\Harry\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Harry\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Harry\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{26D4F06A-2EC7-4E04-9181-BE4FF9EAEF67}: NameServer = 192.168.1.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7859 bytes Endret 20. april 2008 av Linkage Lenke til kommentar
norbat Skrevet 20. april 2008 Del Skrevet 20. april 2008 (endret) Fint, SAS tok ordentlig for seg Det er en fil du kan sjekke på følgende nettsted: http://virusscan.jotti.org/. Øverst på siden kan du laste opp følgnede fil for sjekk: C:\WINDOWS\system\Wowpost.exe (Sannsyligvis en grei fil, men det kan være lurt å få sjekket den ut) Etterpå kjører du combofix på nytt. Siste del av combofix-loggen mangler, så et nytt forsøk er nødvendig. Endret 20. april 2008 av norbat Lenke til kommentar
Linkage Skrevet 20. april 2008 Forfatter Del Skrevet 20. april 2008 Wowpost var clean ifølge nettsiden. Og nå har jeg kjørt Combofix på nytt: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-18.3 - Harry 2008-04-20 19:04:22.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1496 [GMT 2:00] Running from: C:\Documents and Settings\Harry\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\SUPERAntiSpyware.com 2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-20 16:34 . 2008-04-20 16:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-20 16:08 . 2008-04-20 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-20 16:07 . 2008-04-20 17:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-20 12:57 . 2008-04-20 12:57 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Lavasoft 2008-04-20 12:56 . 2008-04-20 17:54 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-20 12:25 . 2008-04-20 12:27 <DIR> d-------- C:\Program Files\AoA DVD Ripper 2008-04-20 12:25 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll 2008-04-20 12:25 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe 2008-04-20 12:25 . 2008-04-20 12:25 0 --a------ C:\WINDOWS\AoADVDRipper.INI 2008-04-20 12:23 . 2008-04-20 12:23 <DIR> d-------- C:\Program Files\MagicDVDRipper 2008-04-20 12:17 . 2008-04-20 13:19 <DIR> d-------- C:\Program Files\SlySoft 2008-04-20 12:17 . 2008-04-20 12:17 0 --ahs---- C:\WINDOWS\S7E8B8AEB.tmp 2008-04-20 11:07 . 2008-04-20 11:07 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Grisoft 2008-04-20 11:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-20 00:48 . 2008-04-20 00:48 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-04-20 00:48 . 2008-04-20 00:48 2 --a------ C:\WINDOWS\Twain001.Mtx 2008-04-20 00:48 . 2008-04-20 00:48 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Sony 2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Publish Providers 2008-04-20 00:47 . 2008-04-20 12:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\Program Files\Vstplugins 2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-04-20 00:23 . 2008-04-20 00:23 <DIR> d-------- C:\Program Files\Sony 2008-04-20 00:18 . 2008-04-20 00:18 <DIR> d-------- C:\Program Files\MSBuild 2008-04-20 00:13 . 2008-04-20 00:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-20 00:11 . 2008-04-20 00:11 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-04-20 00:10 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-20 00:00 . 2008-04-20 00:00 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Sony Setup 2008-04-19 23:59 . 2008-04-19 23:59 <DIR> d-------- C:\Program Files\Sony Setup 2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Program Files\Red Kawa 2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-04-19 15:09 . 2008-04-20 01:13 <DIR> d-------- C:\Program Files\Xilisoft 2008-04-19 12:42 . 2008-04-19 12:42 <DIR> d-------- C:\Program Files\iPod 2008-04-19 12:42 . 2008-04-20 17:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-19 12:42 . 2008-04-19 12:42 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-19 12:41 . 2008-04-19 12:41 <DIR> d-------- C:\Program Files\QuickTime 2008-04-17 21:48 . 2008-04-20 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania 2008-04-17 21:43 . 2008-04-17 21:45 <DIR> d-------- C:\Program Files\TmNationsForever 2008-04-13 12:17 . 2008-04-13 12:17 268 --ah----- C:\sqmdata17.sqm 2008-04-13 12:17 . 2008-04-13 12:17 244 --ah----- C:\sqmnoopt17.sqm 2008-04-13 00:35 . 2008-04-13 00:35 268 --ah----- C:\sqmdata16.sqm 2008-04-13 00:35 . 2008-04-13 00:35 244 --ah----- C:\sqmnoopt16.sqm 2008-04-12 23:52 . 2008-04-12 23:52 268 --ah----- C:\sqmdata15.sqm 2008-04-12 23:52 . 2008-04-12 23:52 244 --ah----- C:\sqmnoopt15.sqm 2008-04-06 16:32 . 2008-04-06 16:32 <DIR> d-------- C:\WINDOWS\vbSkinner 2008-04-06 13:45 . 2008-02-01 17:07 18,487 --a------ C:\WINDOWS\system32\Ntaccess.sys 2008-04-06 13:45 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd 2008-04-06 13:45 . 2008-01-31 17:18 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys 2008-04-03 16:13 . 2008-04-03 16:13 <DIR> d-------- C:\Program Files\Bonjour 2008-04-03 16:07 . 2008-04-03 16:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-03 15:26 . 2008-04-03 15:26 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 01:37 . 2008-03-28 01:37 268 --ah----- C:\sqmdata14.sqm 2008-03-28 01:37 . 2008-03-28 01:37 244 --ah----- C:\sqmnoopt14.sqm 2008-03-24 13:57 . 2008-04-09 18:39 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\Bioshock 2008-03-24 13:56 . 2007-05-31 20:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2008-03-24 13:56 . 2007-05-31 20:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2008-03-24 13:54 . 2008-03-24 13:54 <DIR> d-------- C:\Program Files\2K Games 2008-03-24 13:54 . 2008-03-24 13:54 <DIR> d-------- C:\Documents and Settings\Harry\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 10:25 --------- d-----w C:\Program Files\XviD 2008-04-20 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-19 23:59 --------- d-----w C:\Documents and Settings\Harry\Application Data\AVG7 2008-04-19 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-04-19 16:30 --------- d-----w C:\Documents and Settings\Harry\Application Data\dvdcss 2008-04-19 10:48 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 10:42 --------- d-----w C:\Program Files\iTunes 2008-04-18 21:22 --------- d-----w C:\Documents and Settings\Harry\Application Data\LimeWire 2008-04-14 04:58 24,072 ----a-w C:\Documents and Settings\Harry\Application Data\GDIPFONTCACHEV1.DAT 2008-04-13 10:07 --------- d-----w C:\Program Files\Setup Files 2008-04-07 19:25 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-04-07 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 14:44 --------- d-----w C:\Program Files\TrackMania Nations ESWC 2008-04-06 17:56 --------- d-----w C:\Documents and Settings\Harry\Application Data\uTorrent 2008-04-06 11:45 --------- d-----w C:\Program Files\MSI 2008-04-03 14:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-24 12:35 --------- d-----w C:\Program Files\Microsoft Games 2008-03-24 11:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-18 23:01 --------- d-----w C:\Program Files\Rockstar Games 2008-03-18 18:47 --------- d-----w C:\Program Files\DIFX 2008-03-18 13:57 --------- d-----w C:\Program Files\Electronic Arts 2008-03-18 12:10 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-18 12:10 --------- d-----w C:\Documents and Settings\Harry\Application Data\SystemRequirementsLab 2008-03-16 16:02 --------- d-----w C:\Program Files\Java 2008-03-09 17:36 --------- d-----w C:\Documents and Settings\Harry\Application Data\U3 2008-03-09 13:57 --------- d-----w C:\Program Files\TextPad 5 2008-03-09 13:57 --------- d-----w C:\Documents and Settings\Harry\Application Data\Helios 2008-03-03 21:50 --------- d-----w C:\Program Files\LimeWire 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [ ] "BitTorrent"="D:\Harry\BitTorrent\bittorrent.exe" [ ] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 08:09 579584] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 10:52 8531968] "nwiz"="nwiz.exe" [2007-10-28 10:52 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 10:52 81920] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 11:41 498176] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-20 11:09 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:08 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-03 16:00:54 1585152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\Harry\\BitComet\\BitComet.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\Harry\\BitComet\\plugin_emule\\plugin_eMule.exe"= "C:\\Program Files\\TmNationsForever\\TmForever.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6881:TCP"= 6881:TCP:BitComet "6881:UDP"= 6881:UDP:Bitocmet4 "23730:TCP"= 23730:TCP:BitComet 23730 TCP "23730:UDP"= 23730:UDP:BitComet 23730 UDP "60008:TCP"= 60008:TCP:BitComet 60008 TCP "60008:UDP"= 60008:UDP:BitComet 60008 UDP R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-08-30 18:50] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 21:50] *Newly Created Service* - APPMGMT *Newly Created Service* - AVGASCLN *Newly Created Service* - CATCHME *Newly Created Service* - WEBNTACCESS . Contents of the 'Scheduled Tasks' folder "2008-04-19 10:36:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 19:05:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-20 19:05:30 ComboFix-quarantined-files.txt 2008-04-20 17:05:25 ComboFix2.txt 2008-04-20 15:49:22 Pre-Run: 54,324,400,128 bytes free Post-Run: 54,310,694,912 bytes free 196 --- E O F --- 2007-12-11 22:19:53 Lenke til kommentar
norbat Skrevet 20. april 2008 Del Skrevet 20. april 2008 Følgende fil skulle det bare være å slette via utforsker: C:\WINDOWS\S7E8B8AEB.tmp Ut over dette ser loggene dine fine ut. Ingen tegn på noen infeksjoner mer. Hvordan kjører PC-en? Lenke til kommentar
Linkage Skrevet 20. april 2008 Forfatter Del Skrevet 20. april 2008 Fant ikke den filen. Men PCen kjører normalt nå. Takk for hjelpen norbat Lenke til kommentar
norbat Skrevet 20. april 2008 Del Skrevet 20. april 2008 Fint. Du kan avinstallere combofix ved å skrive combofix /u fra kjør-feltet (start-kjør). Dette fjerner programmet og nullstiller systemgjenopprettingen. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå