Sertito Skrevet 30. april 2008 Del Skrevet 30. april 2008 (endret) Hey jeg har virus på noen system32 filer. Jeg vet at de fleste system32 filer i alle fall er viktige for dataen. Men jeg har bare fått holdt filene i karantene. Er det noen måter å reparere de på eller erstatte med like filer? disse filene er problemet rqRkiFwT.dll xxYQKCSm.dll Takk for evt hjelp Endret 30. april 2008 av Sertito Lenke til kommentar
snippsat Skrevet 30. april 2008 Del Skrevet 30. april 2008 Hei! Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Sertito Skrevet 5. mai 2008 Forfatter Del Skrevet 5. mai 2008 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:31:28, on 05.05.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Users\Alexander\Desktop\Spill\Programmer\hijackthis\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) O13 - Gopher Prefix: O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://luvar.himolde.no/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7861 bytes Lenke til kommentar
snippsat Skrevet 5. mai 2008 Del Skrevet 5. mai 2008 Kjør combofix og post loggen Lenke til kommentar
Sertito Skrevet 5. mai 2008 Forfatter Del Skrevet 5. mai 2008 Av en eller annen grunn ville ikke combofixen fungere. fant ikke filen 0x8 eller noe:P Og s kom det en 1/100 PC-er klarer ikke å gå igjennom denne desinfectionen så jeg tørte ikke mer xD Lenke til kommentar
norbat Skrevet 5. mai 2008 Del Skrevet 5. mai 2008 Bare se bort i fra div. meldinger og klikk Ok / yes / continue på de vinduene som evt. kommer fram. Lenke til kommentar
Sertito Skrevet 6. mai 2008 Forfatter Del Skrevet 6. mai 2008 ComboFix 08-05-01.3 - Alexander 2008-05-06 18:34:43.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1309 [GMT 2:00] Running from: C:\Drivers\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 16:30 --------- d-----w C:\Users\Alexander\AppData\Roaming\Skype 2008-05-06 16:30 --------- d-----w C:\Program Files\Steam 2008-05-06 16:19 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs 2008-05-06 15:45 --------- d-----w C:\ProgramData\Logishrd 2008-05-06 15:41 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-05-06 15:40 --------- d-----w C:\Program Files\Logitech 2008-05-06 14:13 --------- d-----w C:\Program Files\Warcraft III 2008-05-05 17:52 --------- d-----w C:\Users\Alexander\AppData\Roaming\uTorrent 2008-05-05 16:13 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-04 14:49 --------- d-----w C:\ProgramData\Logitech 2008-05-02 17:34 --------- d-----w C:\Users\Alexander\AppData\Roaming\skypePM 2008-04-30 14:08 --------- d-----w C:\Program Files\AskTBar 2008-04-29 14:08 --------- d-----w C:\Program Files\uTorrent 2008-04-28 16:12 --------- d-----w C:\Users\Alexander\AppData\Roaming\Bioshock 2008-04-28 16:10 --------- d-----w C:\ProgramData\ATI 2008-04-27 00:05 --------- d-----w C:\Program Files\ATI 2008-04-26 23:49 --------- d-----w C:\Program Files\ATI Technologies 2008-04-25 16:36 --------- d-----w C:\Program Files\SmartAudioConverterPro 2008-04-20 20:51 --------- d-----w C:\Users\Alexander\AppData\Roaming\DAEMON Tools 2008-04-20 14:26 --------- d-----w C:\Program Files\AGEIA Technologies 2008-04-20 14:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-20 14:22 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-20 14:16 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-04-10 17:38 --------- d-----w C:\Program Files\Windows Mail 2008-04-03 14:18 --------- d-----w C:\Program Files\iTunes 2008-04-03 14:18 --------- d-----w C:\Program Files\iPod 2008-03-30 17:37 --------- d-----w C:\Program Files\Game_Maker7 2008-03-28 13:22 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-28 13:22 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-27 14:09 --------- d-----w C:\Program Files\WinPcap 2008-03-27 14:09 --------- d-----w C:\Program Files\WC3Banlist 2008-03-26 21:29 --------- d-----w C:\Program Files\Java 2008-03-24 19:48 --------- d-----w C:\Program Files\Audacity 2008-03-23 23:21 --------- d-----w C:\ProgramData\Messenger Plus! 2008-03-23 17:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-23 12:49 --------- d-----w C:\Program Files\MSN Messenger 2008-03-21 19:39 --------- d-----w C:\Users\Alexander\AppData\Roaming\IMVU 2008-03-21 19:00 --------- d-----w C:\Program Files\IMVU 2008-03-11 20:37 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-11 18:20 --------- d-----w C:\Program Files\PowerISO 2008-03-11 18:09 --------- d-----w C:\Users\Alexander\AppData\Roaming\Uniblue 2008-03-10 15:54 --------- d-----w C:\Program Files\Thief - Deadly Shadows 2008-03-08 11:22 --------- d-----w C:\ProgramData\Earthsim 2008-03-08 10:21 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-03-08 00:36 --------- d-----w C:\ProgramData\DAEMON Tools Pro 2008-03-07 13:41 --------- d-----w C:\Program Files\RivaTuner v2.07 2008-03-07 11:32 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-07 11:31 --------- d-----w C:\Users\Alexander\AppData\Roaming\SUPERAntiSpyware.com 2008-03-07 11:31 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-04 23:02 90,112 ----a-w C:\Windows\System32\atibrtmon.exe 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-28 20:56 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-28 20:56 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-15 18:36 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-02-13 23:02 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 22:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 22:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 22:58 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 22:58 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 22:58 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 22:58 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 22:58 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 22:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-13 22:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 22:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 22:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 22:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-12 13:48 17,408 ----a-w C:\psapi.dll 2008-02-11 13:54 19 ----a-w C:\Users\Alexander\cmd.bat 2007-10-19 12:31 174 --sha-w C:\Program Files\desktop.ini 2007-11-25 17:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-25 17:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-25 17:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-12-10 23:11 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:15 1271032] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [ ] "HitwarePKLite"="C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe" [ ] "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-19 15:07 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 14:50 4702208 C:\Windows\RtHDVCpl.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7DA715CB-3F9F-4330-A518-6C9E61734C21}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{00E0EE1B-95BE-4EAA-814E-F158857E00AC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{59136A40-2702-40D7-BC79-E14C7EB41ABD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{A7EED320-5BF2-4FC9-9175-4238D078FDC3}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{4BD91CF7-C1CF-4AEE-A9AA-C6092A486BA1}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{753E788D-C5E5-4692-836D-5B795F4FB774}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{3109E5DE-E4A3-4F6D-8889-FC6BE1B3D608}C:\\program files\\steam\\steamapps\\sertito\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\sertito\counter-strike source\hl2.exe:hl2 "UDP Query User{3AC3687B-D10D-42AF-B526-0B50A0F15C8E}C:\\program files\\steam\\steamapps\\sertito\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\sertito\counter-strike source\hl2.exe:hl2 "TCP Query User{FA6F6A44-BA68-4EE1-984F-6A047FDCE11A}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus "UDP Query User{7B7FBE84-3BCE-4113-9589-BAE7FAF5FE12}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus "TCP Query User{9868A294-9AD7-4604-85CC-6BF439B47811}C:\\program files\\steam\\steamapps\\sertito\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\sertito\day of defeat source\hl2.exe:hl2 "UDP Query User{2668330C-488C-4366-802A-CA2D4E9D77F4}C:\\program files\\steam\\steamapps\\sertito\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\sertito\day of defeat source\hl2.exe:hl2 "{1AE073DE-016B-4D8A-AEC5-148AFE5A11D7}"= UDP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{60CCD238-5D38-47BD-9572-0D453D960CCE}"= TCP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{4E84900E-8AED-4A85-89E2-D267E2FE3F8C}C:\\program files\\electronic arts\\kampen om midgard ii\\patchget.dat"= UDP:C:\program files\electronic arts\kampen om midgard ii\patchget.dat:patchgrabber "UDP Query User{D89D85D1-70C1-4016-B743-F9EC877D0051}C:\\program files\\electronic arts\\kampen om midgard ii\\patchget.dat"= TCP:C:\program files\electronic arts\kampen om midgard ii\patchget.dat:patchgrabber "{A5423C69-2BE7-4445-8BA1-79EC81D5A3E6}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{273F47E7-9CB3-4A4A-B678-37BF60745CB4}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{02ABF4F9-3C5B-4895-ACB3-C83F43C7C324}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{5EBE60E4-FFB6-4498-9D18-E38F4E68E01D}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{A0A0FC2E-6768-43FA-9332-80B802D3E557}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{89317A15-180A-44D3-84E0-0ABAC3CCF7F5}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{D611690B-8193-46A5-9379-A70B989953AC}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{6F670580-5F2F-464D-AE92-4A0EEE87BC5D}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "TCP Query User{D13992EC-EFBB-4795-8C33-A1307D589FF2}C:\\flatout2\\flatout2.exe"= UDP:C:\flatout2\flatout2.exe:FlatOut2 "UDP Query User{024BE48A-664D-42E4-9CE1-37BC081961BC}C:\\flatout2\\flatout2.exe"= TCP:C:\flatout2\flatout2.exe:FlatOut2 "{DD75CAFB-6604-4993-9DEF-FC8A7102AA70}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{1A980736-D0CF-4F10-BDF6-578BF8AD54CA}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{60A95C91-B818-4F4B-9DE7-5A259057B474}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{8659FDC7-6398-4312-86CB-ACB57F8422E2}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{DD53D900-6073-4DDB-8163-15C8D63DE14A}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2 "UDP Query User{1B707F38-B865-466B-8214-0149C6FAE395}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2 "TCP Query User{DDDF69C1-8898-466F-A63E-288EC6DDE50C}C:\\ijji\\english\\u_sf\\soldierfront.exe"= Disabled:UDP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront "UDP Query User{FDACC840-3455-4B93-8964-ED1373ACFF21}C:\\ijji\\english\\u_sf\\soldierfront.exe"= Disabled:TCP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront "TCP Query User{1A89DE1E-AF76-4F00-A4B4-F441EE9BBFF0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{13425C5E-9FED-4F71-A50B-67685446F3A2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E1D3093E-E527-4FFC-8FAE-79172FBD3219}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{76AF023D-12C5-4909-BF13-6614FA34000A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{0FB282DF-2A66-4C18-B9D3-BEB4660CF10B}C:\\program files\\the creative assembly\\rome - total war\\rometw.exe"= UDP:C:\program files\the creative assembly\rome - total war\rometw.exe:Rome: Total War "UDP Query User{4E5F8B54-6401-41B1-B392-0CF9EB091016}C:\\program files\\the creative assembly\\rome - total war\\rometw.exe"= TCP:C:\program files\the creative assembly\rome - total war\rometw.exe:Rome: Total War "TCP Query User{E28BB261-5A07-483D-9F89-43E85DABD646}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{9C742B8F-4497-4428-81D0-26CBB9F54A12}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{43296CBD-CA66-444A-B236-165A76A632F1}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "UDP Query User{29AB6810-FD40-4985-8449-F4B1CFD0626C}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "{71AE937E-4112-4314-9C92-DC053EC4615E}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "{0D1B0EB4-5082-4A75-A6EB-C260F833710F}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "TCP Query User{FD69CB9A-5073-47BD-ABC9-8D0D90C3E266}C:\\program files\\steam\\steamapps\\manowar1993\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\manowar1993\counter-strike source\hl2.exe:hl2 "UDP Query User{C89D1978-A46A-4AD0-AA5B-A57DAA9F1A42}C:\\program files\\steam\\steamapps\\manowar1993\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\manowar1993\counter-strike source\hl2.exe:hl2 "TCP Query User{8674E3D7-4B2B-41AF-90AB-516411279126}C:\\program files\\steam\\steamapps\\andre_naarstad\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\andre_naarstad\counter-strike source\hl2.exe:hl2 "UDP Query User{7FECC849-E6E4-4619-94CD-132F837235F5}C:\\program files\\steam\\steamapps\\andre_naarstad\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\andre_naarstad\counter-strike source\hl2.exe:hl2 "{13715A71-542C-4E91-ABF3-6D97D92B6FDB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{79DC9EA7-A578-4882-9E93-C15237EC0841}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{C4F14219-8A35-4048-8F85-12DCFCC60D44}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "UDP Query User{3E722CAF-8B0A-4F4D-8CCD-28D7509D390C}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-09-06 12:02] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 05:13] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 23:10] S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 12:34] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2006-11-14 04:04] S4 UGURU;UGURU;C:\Windows\system32\drivers\uguru.sys [2006-10-02 04:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{000f308a-7789-11dc-b097-0019db6c2716}] \shell\AutoRun\command - I:\FarCryAutoCD.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 18:38:07 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 216 ************************************************************************** . Completion time: 2008-05-06 18:40:30 ComboFix-quarantined-files.txt 2008-05-06 16:39:39 ComboFix2.txt 2008-03-08 09:26:10 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Lenke til kommentar
snippsat Skrevet 6. mai 2008 Del Skrevet 6. mai 2008 Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Scann med antivirus og sas problemet er nok borte,gi tilbakemelding. Lenke til kommentar
Sertito Skrevet 13. mai 2008 Forfatter Del Skrevet 13. mai 2008 Viruset er der fortsatt, men det er nok min feil for jeg har dem i avast-chest. Men den 09- filen på hijackthis kunne ikke bli slettet og det kom en feilmelding. Jeg prøvde igjen men samme feilmelding kom:/ Lenke til kommentar
r2d290 Skrevet 13. mai 2008 Del Skrevet 13. mai 2008 (endret) Viruset er der fortsatt, men det er nok min feil for jeg har dem i avast-chest. Men den 09- filen på hijackthis kunne ikke bli slettet og det kom en feilmelding. Jeg prøvde igjen men samme feilmelding kom:/ prøv å starte programmet i sikkehetsmodus, og se om du får fjerna den da. edit: hvva slags feilmelding<? Endret 13. mai 2008 av r2d290 Lenke til kommentar
Sertito Skrevet 13. mai 2008 Forfatter Del Skrevet 13. mai 2008 Husker ikke, feilmeldingen vil ikke komme igjen -.- Alt som skjer nå er at den går igjennom på "fix checked" så blir lista tom. Men den er ikke fjernet. Men har sendt den til trend så tar de sikker en sjekk på det;) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå