Gjest Slettet-INkUtP Skrevet 30. april 2008 Del Skrevet 30. april 2008 Hallo, jeg har et virus som dukker opp innimellom, med et eller annet system restore,så jeg valgte å skru av det for en liten periode, for å se om viruset dukker opp igjen. Kan det være dumt å skru av den? Takker til alle svar. Lenke til kommentar
el_cash Skrevet 30. april 2008 Del Skrevet 30. april 2008 Ja og nei. Virus har en tendens til å bli lagret i system restore, derfor er det en god idé å skru av system restore hvis et virus har det med å komme tilbake. Dette medfører imidlertid at du ikke får utført restore hvis maskinen kneler... Så skru på system restore igjen når viruset er fjernet permanent. Lenke til kommentar
Garegaupa Skrevet 30. april 2008 Del Skrevet 30. april 2008 (endret) Einig med siste talar. Systemgjenoppretting har redda skinnet mitt frå å måtte formatere PC-en eit par gongar, så eg ville ikkje slege det av permanent. Men, viss det er eit virus du plagast med å få bort så kan det hende at å slå det av mellombels er løysinga. Lukke til! Endret 30. april 2008 av Garegaupa Lenke til kommentar
Skagen Skrevet 30. april 2008 Del Skrevet 30. april 2008 Tråden var feilpostet og har blitt flyttet til riktig kategori. (Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding) Lenke til kommentar
snippsat Skrevet 30. april 2008 Del Skrevet 30. april 2008 Vi kan få fjernet alt grums. Når vi er ferdig vil combofix resette Systemgjenoppretting så du ikke blir infesert ved Systemgjenoppretting. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Gjest Slettet-INkUtP Skrevet 1. mai 2008 Del Skrevet 1. mai 2008 (endret) Her er logen: BTW hva gjør dette .exe? Når jeg kjørte .exe skjedde det noen endringer? jeg så at internett icon havnet på desktopen? ----------------------------------------------------------------------------------------------- ComboFix 08-04-29.5 - OmarO 2008-05-01 2:08:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.531 [GMT 2:00] Running from: C:\Documents and Settings\OmarO\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))) . 2008-04-30 22:26 . 2008-04-30 22:26 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Uniblue 2008-04-30 18:52 . 2008-04-30 18:52 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-30 18:52 . 2008-04-30 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-28 21:02 . 2008-04-28 21:02 <DIR> d-------- C:\Program Files\BillP Studios 2008-04-28 21:02 . 2008-04-28 21:02 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\WinPatrol 2008-04-24 21:32 . 2008-04-24 21:32 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\gtopala 2008-04-19 22:37 . 2008-04-19 22:37 <DIR> d-------- C:\Program Files\Lavalys 2008-04-19 15:25 . 2008-04-19 15:25 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-04-19 15:25 . 2008-04-19 15:25 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-04-19 15:24 . 2008-04-19 15:24 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-04-19 15:24 . 2008-04-19 15:24 <DIR> d-------- C:\Program Files\Futuremark 2008-04-19 15:24 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-04-19 15:24 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-04-19 15:24 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-04-19 15:24 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-04-19 15:08 . 2008-04-19 15:08 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-04-19 15:06 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-04-19 13:07 . 2008-04-30 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-04-19 13:03 . 2008-04-30 20:56 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared 2008-04-19 13:03 . 2008-04-30 20:58 <DIR> d-------- C:\Program Files\Autodesk 2008-04-19 01:54 . 2008-04-19 01:54 4 --a------ C:\WINDOWS\system32\ulfconfig0103.ulf 2008-04-19 01:38 . 2008-04-19 01:38 <DIR> d-------- C:\Program Files\Pixologic 2008-04-19 01:37 . 2008-04-19 01:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-04-18 23:29 . 2008-04-18 23:29 <DIR> d---s---- C:\Documents and Settings\OmarO\UserData 2008-04-17 16:08 . 2008-04-17 16:08 <DIR> d-------- C:\Program Files\Google 2008-04-16 22:59 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-04-16 22:58 . 2008-04-16 22:58 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-16 22:57 . 2008-04-16 22:57 <DIR> d-------- C:\Program Files\MSBuild 2008-04-16 22:54 . 2008-04-16 22:54 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-16 22:52 . 2008-04-16 22:52 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-04-16 22:51 . 2008-04-16 22:56 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-16 22:50 . 2008-04-16 22:50 <DIR> dr-h----- C:\MSOCache 2008-04-16 22:50 . 2008-04-18 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-16 22:22 . 2008-04-16 22:22 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-15 18:38 . 2008-04-15 18:38 <DIR> d-------- C:\Program Files\Red Kawa 2008-04-15 18:07 . 2008-04-15 18:07 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Apple Computer 2008-04-15 17:51 . 2008-04-29 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-15 17:51 . 2008-04-15 17:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-15 17:47 . 2008-04-15 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-12 01:57 . 2004-09-28 18:05 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll 2008-04-12 01:57 . 2004-10-01 18:37 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll 2008-04-12 01:57 . 2004-10-11 14:08 12,062 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys 2008-04-12 01:56 . 2008-04-12 01:56 <DIR> d-------- C:\Program Files\SEC 2008-04-10 23:37 . 2008-04-30 20:03 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-09 20:43 . 2008-04-09 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-09 20:42 . 2008-04-11 17:11 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Ventrilo 2008-04-09 20:36 . 2008-04-09 20:36 <DIR> d-------- C:\Program Files\Ventrilo 2008-04-09 20:36 . 2008-04-30 18:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-08 21:50 . 2008-04-08 21:50 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-04-08 21:47 . 2008-04-08 21:47 <DIR> d-------- C:\Program Files\Microsoft Games 2008-04-06 16:55 . 2008-04-30 18:13 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\AVG7 2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-06 16:51 . 2008-04-10 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-06 02:25 . 2008-04-06 02:42 <DIR> d-------- C:\Program Files\Albatross 2008-04-06 02:17 . 2008-04-06 02:55 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Mask Pro 4.0 2008-04-06 02:07 . 2008-04-06 02:07 <DIR> d-------- C:\Program Files\Plugin 2008-04-06 02:07 . 2004-03-29 17:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-04-06 01:57 . 2004-03-29 12:16 352,256 --a------ C:\WINDOWS\esellerateEngine.dll 2008-04-06 01:41 . 2008-04-06 02:16 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Alien Skin 2008-04-06 01:35 . 2008-04-06 01:35 <DIR> d-------- C:\Program Files\Alien Skin 2008-04-05 22:38 . 2008-04-05 23:31 4,608 --a------ C:\WINDOWS\system32\BReWErS.dll 2008-04-05 21:43 . 2008-04-05 21:43 <DIR> d-------- C:\Documents and Settings\OmarO\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-01 00:14 --------- d-----w C:\Documents and Settings\OmarO\Application Data\BitTorrent 2008-05-01 00:10 --------- d-----w C:\Documents and Settings\OmarO\Application Data\DNA 2008-04-19 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 15:48 --------- d-----w C:\Program Files\QuickTime 2008-04-06 15:31 --------- d-----w C:\Program Files\Yahoo! 2008-04-06 00:32 1,337 ----a-w C:\Program Files\INSTALL.LOG 2008-04-05 20:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-31 19:08 --------- d-----w C:\Program Files\XP Codec Pack 2008-03-31 19:06 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-30 16:32 --------- d-----w C:\Program Files\Tablet 2008-03-30 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-30 16:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-30 16:25 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-03-30 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM 2008-03-30 15:54 --------- d-----w C:\Program Files\Bonjour 2008-03-30 15:35 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-30 01:56 --------- d-----w C:\Documents and Settings\OmarO\Application Data\dvdcss 2008-03-30 00:02 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-03-29 21:53 --------- d-----w C:\Program Files\DNA 2008-03-29 21:53 --------- d-----w C:\Program Files\BitTorrent 2008-03-29 15:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-29 15:26 --------- d-----w C:\Program Files\Windows Live 2008-03-29 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-29 13:30 --------- d-----w C:\Documents and Settings\OmarO\Application Data\Command & Conquer 3 Tiberium Wars 2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-03-28 23:06 --------- d--h--r C:\Documents and Settings\OmarO\Application Data\SecuROM 2008-03-27 22:40 --------- d-----w C:\Program Files\Ray Adams 2008-03-27 21:43 --------- d-----w C:\Documents and Settings\OmarO\Application Data\ATI 2008-03-27 21:41 --------- d-----w C:\Program Files\Driver Cleaner Pro 2008-03-27 00:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-26 19:57 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe 2008-03-26 05:26 --------- d-----w C:\Program Files\VIAudioi 2008-03-26 05:16 --------- d-----w C:\Program Files\VIA 2008-03-26 04:52 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-25 21:35 --------- d-----w C:\Program Files\Razer 2008-03-25 21:35 --------- d-----w C:\Program Files\DIFX 2008-03-25 21:35 --------- d-----w C:\Documents and Settings\OmarO\Application Data\InstallShield 2008-03-25 21:08 --------- d-----w C:\Documents and Settings\OmarO\Application Data\vlc 2008-03-25 21:05 --------- d-----w C:\Documents and Settings\OmarO\Application Data\atitray 2008-03-25 21:03 --------- d-----w C:\Program Files\CCleaner 2008-03-25 20:46 --------- d-----w C:\Program Files\VideoLAN 2008-03-25 20:46 --------- d-----w C:\Program Files\PowerISO 2008-03-25 20:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-03-25 20:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-12 12:51 288576] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 07:32 15360] "EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2007-04-05 00:00 2141544] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-02-27 21:53 587568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-07-26 08:19 540672] "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-14 17:15 579584] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 19:31 333120] "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-06 16:55 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-03-30 18:32:22 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Games\\Aspyr\\GuitarHeroIII\\gh3.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Games\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "C:\\Games\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "C:\\Games\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "E:\\Steam\\Steam\\steamapps\\eirik_fs\\counter-strike source\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39] R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05] R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00] R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 13:09] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [] S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 12:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Setup\rsrc\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\baldur.exe *Newly Created Service* - AD-WATCH_REGISTRY_FILTER *Newly Created Service* - CATCHME *Newly Created Service* - EVERESTDRIVER . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 02:12:48 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1???,??|????D:\Sound\VIA\vinf??|???|????????? scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . Completion time: 2008-05-01 2:21:22 ComboFix-quarantined-files.txt 2008-05-01 00:20:19 Pre-Run: 41,351,172,096 bytes free Post-Run: 41,340,899,328 bytes free 226 --- E O F --- 2008-04-24 00:20:55 ---------------------------------------------------------------------------------------------------------- Endret 1. mai 2008 av Slettet-INkUtP Lenke til kommentar
snippsat Skrevet 1. mai 2008 Del Skrevet 1. mai 2008 (endret) Combofix er et multifix verktøy. Fjener kjente infeksjoner kjører rootkitscann og lager en detaliert logg for videre fjerning av grums. Combofix loggen ser bra ut Kan poste HijackThis-logg og for og være sikker. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Endret 1. mai 2008 av SNIPPSAT Lenke til kommentar
Gjest Slettet-INkUtP Skrevet 1. mai 2008 Del Skrevet 1. mai 2008 (endret) Her er loggen: Hva er det du ser etter? tvilsomme prosesserOSV? ------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:13:49, on 01.05.2008 Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Razer\Habu\razerhid.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Program Files\BitTorrent\bittorrent.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\Razer\Habu\razertra.exe C:\Program Files\Razer\Habu\razerofa.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\OmarO\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Software\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 8319 bytes ---------------------------------------------------------------- Endret 1. mai 2008 av Slettet-INkUtP Lenke til kommentar
snippsat Skrevet 1. mai 2008 Del Skrevet 1. mai 2008 (endret) Ja så like bra ut dette Med hjt+combofix kan man se om all deler deler av systemet er rent. Prosesser-tjenster-register-drivere-oppstart-Browser Helper Object. Alt dette kan fjernes manuelt ved infeksjon,dette krever at man må forstå dette godt. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Endret 1. mai 2008 av SNIPPSAT Lenke til kommentar
Gjest Slettet-INkUtP Skrevet 1. mai 2008 Del Skrevet 1. mai 2008 Ok, takker for hjelpen "SNIPPSATT" Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå