Chubbyoslo Skrevet 9. mai 2008 Del Skrevet 9. mai 2008 Har hatt en del virus og annen dritt på pcen. Kjørte hijackthis og fikk opp denne loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:55, on 10.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\msanton.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\GameSpot\GDM_TrayApp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REGystem.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GameXL] "C:\Program Files\Game Accelerator\gamexl.exe" O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Startup: setings.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe O4 - Global Startup: startup.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 15314 bytes Noen som kan si hva jeg skal gjøre nå? Lenke til kommentar
snippsat Skrevet 9. mai 2008 Del Skrevet 9. mai 2008 Ja er forsatt en del grums. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Chubbyoslo Skrevet 10. mai 2008 Forfatter Del Skrevet 10. mai 2008 ComboFix 08-05-08.1 - Tor Andre 2008-05-10 23:33:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT 2:00] Running from: C:\Downloads\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartUp.exe . ((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))) . 2008-05-09 23:21 . 2008-05-09 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft 2008-05-09 23:06 . 2008-05-09 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-05-09 22:53 . 2008-05-09 23:06 <DIR> d-------- C:\Program Files\Flower Shop Big City Break 2008-05-09 22:53 . 2008-05-09 22:53 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-05-08 00:06 . 2008-05-08 00:06 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-05-01 21:54 . 2008-05-01 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Emotum 2008-04-29 23:18 . 2008-05-01 18:48 <DIR> d-------- C:\Russ 2008-04-28 13:14 . 2008-04-28 13:14 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2008-04-24 16:10 . 2008-04-24 16:12 <DIR> d-------- C:\Program Files\MPD 2008-04-21 17:00 . 2008-04-21 17:00 <DIR> d-------- C:\ConvertTemp 2008-04-17 20:00 . 2008-04-17 20:06 <DIR> d-------- C:\Documents and Settings\Tor Andre\Programdata\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 21:23 --------- d-----w C:\Program Files\GamesBar 2008-05-09 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar 2008-05-05 15:35 --------- d-----w C:\Program Files\Call of Duty 2008-05-05 13:42 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\AVG7 2008-05-01 19:54 --------- d-----w C:\Program Files\Telenor 2008-05-01 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Telenor 2008-05-01 18:02 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\Skype 2008-04-25 15:58 --------- d-----w C:\Program Files\Apple Software Update 2008-04-25 10:50 --------- d-----w C:\Program Files\iTunes 2008-04-25 10:50 --------- d-----w C:\Program Files\iPod 2008-04-25 10:48 --------- d-----w C:\Program Files\QuickTime 2008-04-23 14:34 --------- d-----w C:\Program Files\Zylom Games 2008-04-23 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2008-04-13 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-13 17:12 --------- d-----w C:\Program Files\Red Storm Entertainment 2008-04-13 15:53 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\BitTorrent 2008-04-09 13:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-09 13:53 --------- d-----w C:\Program Files\Gamenext 2008-04-09 12:21 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\Zylom 2008-04-09 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-08 22:32 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\PlayFirst 2008-04-06 19:30 --------- d-----w C:\Program Files\DAEMON Tools 2008-03-29 15:44 --------- d-----w C:\Documents and Settings\Tor Andre\Programdata\vlc 2008-03-29 15:43 --------- d-----w C:\Program Files\VideoLAN 2008-03-29 08:55 --------- d-----w C:\Program Files\Screamer Radio 2008-03-28 10:33 2,260 ----a-w C:\Documents and Settings\Tor Andre\Programdata\wklnhst.dat 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-15 16:19 --------- d-----w C:\Program Files\Maxis 2008-03-15 15:50 --------- d-----w C:\Program Files\Close Combat 2008-03-15 15:43 --------- d-----w C:\Program Files\Paradox Interactive 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-17 07:58 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-02-12 17:51 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2008-01-30 18:40 15,617 ----a-w C:\Program Files\Furnish Lite uninstal.log 2007-10-15 12:04 49,181,904 ----a-w C:\Program Files\nis2007.exe 2007-02-13 21:58 384 ----a-w C:\Program Files\Common Files\Snarvei til Program Files.lnk 2004-03-02 19:00 2,935,467 ----a-w C:\Program Files\CoDSP.exe . ------- Sigcheck ------- 2005-05-26 05:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 03:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-16 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 05:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 12:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2007-10-14 17:14 359808 388520f998df810a7db90af05d1229a4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-02-17 09:58 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-02-17 09:58 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\drivers\tcpip.sys 2006-03-15 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 06:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 12:38 68856] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11 43008] "Steam"="C:\Program Files\Steam\Steam.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872] "froody"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 09:23 6144] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-17 00:36 8437760] "nwiz"="nwiz.exe" [2007-04-17 00:36 1626112 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52 643072] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-16 06:00 110592 C:\WINDOWS\system32\bthprops.cpl] "CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-10-12 04:29 69632] "MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 11:45 787096] "Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [ ] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 10:08 579584] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-17 00:36 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "GameXL"="C:\Program Files\Game Accelerator\gamexl.exe" [ ] "version"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 09:23 6144] "dumprep"="C:\WINDOWS\system32\spoolc.exe" [ ] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Telenorhjelpen"="C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 15:35 189120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 06:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 17:51 219136] C:\Documents and Settings\Tor Andre\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [2007-05-09 18:48:26 237568] setings.exe [2007-11-22 09:23:00 6144] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ CONNECTAUTrayApp.lnk - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2005-10-14 03:18:13 114688] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] MediaChecker.lnk - C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 11:48:22 913560] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-05 16:01:40 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoChangeAnimation"= 1 (0x1) "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoStrCmpLogical"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "C:\\Program Files\\Call of Duty\\CoDUOMP.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\ravenshield.exe"= "C:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\UCC.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Telenor\\Telenorhjelpen\\Telenor.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-06-23 00:15] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-07-19 22:08] R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 22:39] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49] S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe [2007-05-09 18:48] S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 08:27] S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c502aad8-61f7-11dc-a4a0-001636c2f71e}] \Shell\AutoRun\command - G:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-04-25 10:39:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 23:39:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???x\??????Y?@?????<?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant] "ImagePath"="" . Completion time: 2008-05-10 23:47:29 ComboFix-quarantined-files.txt 2008-05-10 21:47:25 ComboFix2.txt 2008-01-10 20:40:00 Pre-Run: 4,942,270,464 bytes free Post-Run: 5,508,845,568 bytes free 209 --- E O F --- 2008-04-13 12:23:26 Lenke til kommentar
snippsat Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 (endret) Kjør kun hjt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. F2 - REGystem.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe O4 - Startup: setings.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere Restart. Finn denne filen og slett. C:\WINDOWS\system32\msanton.exe Post ny hijackthis-logg. Endret 10. mai 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå