Annie_P Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 Jeg tror je har et virus på maskina. Detter stadig ut av internett, spesielt når jeg bruker EXplorer. Har Avast på maskinen men den gir ingen melding. Har kjørt HIJACK, loggen ser slik ut: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52, on 2008-05-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Programfiler\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Programfiler\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programfiler\HP\Digital Imaging\bin\hpqusgm.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Programfiler\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Programfiler\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) -- End of file - 8302 bytes Jeg har også kjørt Combofix. Der ser loggen slik ut: ComboFix 08-05-08.1 - Compaq_Eier 2008-05-09 21:01:20.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.100 [GMT 2:00] Running from: C:\Documents and Settings\Compaq_Eier\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2008-05-09 20:47 . 2008-05-09 20:47 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Contacts 2008-05-09 20:37 . 2008-05-09 20:37 <DIR> d-------- C:\Documents and Settings\Veslem°y\Lokale innstillinger 2008-05-09 20:37 . 2008-05-09 20:37 <DIR> d-------- C:\Documents and Settings\Veslem°y 2008-05-09 20:14 . 2008-05-09 20:14 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-09 18:26 . 2008-05-09 18:26 <DIR> d-------- C:\Programfiler\Azureus 2008-05-07 20:45 . 2008-05-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2008-05-07 20:36 . 2008-05-07 20:55 <DIR> d-------- C:\SEMAFOR 2008-05-07 20:36 . 1995-05-11 21:00 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL 2008-05-07 20:36 . 2003-02-10 14:30 54,811 --a------ C:\WINDOWS\SETUPSE.EXE 2008-05-07 20:36 . 1993-04-27 21:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL 2008-05-06 18:11 . 2008-05-06 18:11 <DIR> d-------- C:\Programfiler\PAN Vision 2008-05-06 17:46 . 2008-05-06 17:46 <DIR> d-------- C:\Programfiler\Nordic Softsales 2008-05-05 23:03 . 2008-05-05 23:03 <DIR> d-------- C:\Programfiler\VideoLAN 2008-05-05 21:46 . 2008-05-05 21:46 244 --ah----- C:\sqmnoopt06.sqm 2008-05-05 21:46 . 2008-05-05 21:46 232 --ah----- C:\sqmdata06.sqm 2008-05-05 21:34 . 2008-05-05 21:34 244 --ah----- C:\sqmnoopt05.sqm 2008-05-05 21:34 . 2008-05-05 21:34 232 --ah----- C:\sqmdata05.sqm 2008-05-05 21:29 . 2008-05-05 21:29 244 --ah----- C:\sqmnoopt04.sqm 2008-05-05 21:29 . 2008-05-05 21:29 232 --ah----- C:\sqmdata04.sqm 2008-05-05 21:28 . 2008-05-05 21:28 244 --ah----- C:\sqmnoopt03.sqm 2008-05-05 21:28 . 2008-05-05 21:28 244 --ah----- C:\sqmnoopt02.sqm 2008-05-05 21:28 . 2008-05-05 21:28 232 --ah----- C:\sqmdata03.sqm 2008-05-05 21:28 . 2008-05-05 21:28 232 --ah----- C:\sqmdata02.sqm 2008-05-04 21:19 . 2008-05-04 21:19 268 --ah----- C:\sqmdata01.sqm 2008-05-04 21:19 . 2008-05-04 21:19 244 --ah----- C:\sqmnoopt01.sqm 2008-04-29 22:29 . 2008-04-29 22:29 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\HP 2008-04-29 22:29 . 2008-04-29 22:29 712,704 --a------ C:\Documents and Settings\Gjest\log.exe 2008-04-29 22:28 . 2006-01-03 05:40 <DIR> d-------- C:\Documents and Settings\Gjest\WINDOWS 2008-04-29 22:28 . 2008-04-26 18:24 <DIR> dr------- C:\Documents and Settings\Gjest\Start-meny 2008-04-29 22:28 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Gjest\Skrivere 2008-04-29 22:28 . 2005-10-20 23:51 <DIR> d-------- C:\Documents and Settings\Gjest\Skrivebord 2008-04-29 22:28 . 2008-04-29 22:29 <DIR> dr-h----- C:\Documents and Settings\Gjest\Siste 2008-04-29 22:28 . 2008-04-29 22:29 <DIR> dr-h----- C:\Documents and Settings\Gjest\Programdata 2008-04-29 22:28 . 2008-04-29 22:29 <DIR> dr------- C:\Documents and Settings\Gjest\Mine dokumenter 2008-04-29 22:28 . 2005-10-27 04:33 <DIR> d--h----- C:\Documents and Settings\Gjest\Maler 2008-04-29 22:28 . 2008-05-09 21:02 <DIR> d--h----- C:\Documents and Settings\Gjest\Lokale innstillinger 2008-04-29 22:28 . 2008-04-29 22:29 <DIR> dr------- C:\Documents and Settings\Gjest\Favoritter 2008-04-29 22:28 . 2005-10-20 23:51 <DIR> d--h----- C:\Documents and Settings\Gjest\AndrMask 2008-04-29 22:28 . 2008-04-29 22:29 <DIR> d-------- C:\Documents and Settings\Gjest 2008-04-29 22:28 . 2008-05-09 20:55 1,024 --ah----- C:\Documents and Settings\Gjest\ntuser.dat.LOG 2008-04-29 21:02 . 2008-04-29 21:02 0 --a------ C:\LOGD.tmp 2008-04-29 20:56 . 2008-04-29 20:56 0 --a------ C:\LOG2A.tmp 2008-04-29 18:23 . 2008-04-29 18:23 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{A74BBA70-2C36-4610-95D0-215D91992A03} 2008-04-29 18:04 . 2008-04-29 18:04 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-29 17:55 . 2008-04-29 17:55 <DIR> d-------- C:\Programfiler\Aspyr 2008-04-29 17:54 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-04-29 17:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-04-29 17:52 . 2008-04-29 20:58 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-04-29 17:50 . 2008-04-29 17:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-29 16:21 . 2008-04-29 16:21 244 --ah----- C:\sqmnoopt00.sqm 2008-04-29 16:21 . 2008-04-29 16:21 232 --ah----- C:\sqmdata00.sqm 2008-04-29 15:28 . 2008-04-29 17:25 712,704 --a------ C:\Documents and Settings\Compaq_Eier\log.exe 2008-04-29 00:03 . 2008-04-29 00:03 1,156 --a------ C:\WINDOWS\mozver.dat 2008-04-28 23:46 . 2008-04-28 23:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-28 23:41 . 2008-04-28 23:45 <DIR> d-------- C:\Programfiler\Windows Live 2008-04-28 23:41 . 2008-04-28 23:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-04-28 23:40 . 2008-04-28 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-04-28 23:37 . 2008-05-09 19:22 712,704 --a------ C:\log.exe 2008-04-28 22:30 . 2008-04-28 22:30 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-04-28 06:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-28 06:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-28 06:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-27 17:57 . 2008-05-09 19:22 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-04-27 15:01 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-27 15:01 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-27 15:01 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-27 15:01 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2008-04-27 15:01 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-04-27 15:01 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-04-27 12:06 . 2008-04-27 12:06 <DIR> d-------- C:\WINDOWS\Sun 2008-04-27 10:40 . 2008-04-27 10:40 2,048 --a------ C:\WINDOWS\CDCOPS.X08 2008-04-27 10:27 . 2008-04-27 10:40 <DIR> d-------- C:\Programfiler\FGP 2008-04-27 08:40 . 2008-04-27 08:40 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-04-26 22:13 . 2008-04-26 22:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-26 18:25 . 2008-05-09 20:42 248 --a------ C:\WINDOWS\system\hpsysdrv.dat 2008-04-26 18:21 . 2008-05-09 20:19 <DIR> dr------- C:\Programfiler 2008-04-26 18:21 . 2008-04-26 18:24 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny 2008-04-26 18:21 . 2008-04-26 18:24 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata 2008-04-26 18:21 . 2005-10-27 04:33 <DIR> d--h----- C:\Documents and Settings\Default User\Lokale innstillinger 2008-04-26 18:21 . 2008-04-26 11:20 <DIR> dr------- C:\Documents and Settings\All Users\Start-meny 2008-04-26 18:21 . 2008-05-07 20:45 <DIR> dr-h----- C:\Documents and Settings\All Users\Programdata 2008-04-26 18:21 . 2008-05-09 20:44 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenter 2008-04-26 18:18 . 2008-04-28 22:30 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache 2008-04-26 18:18 . 2008-04-26 18:24 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Start-meny 2008-04-26 18:18 . 2008-04-26 18:24 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Programdata 2008-04-26 18:18 . 2008-05-09 21:02 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger 2008-04-26 17:57 . 2008-04-26 17:58 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-04-26 17:50 . 2008-03-01 15:05 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-26 17:50 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-26 17:50 . 2007-03-08 07:11 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-26 17:50 . 2008-03-01 15:05 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-26 17:50 . 2008-03-01 15:05 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-26 17:50 . 2008-03-01 15:05 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-26 17:50 . 2008-03-01 15:05 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-26 17:50 . 2008-03-01 15:05 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-26 17:50 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-26 17:48 . 2008-05-09 20:40 12 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A74BBA70-2C36-4610-95D0-215D91992A03} 2008-04-26 17:48 . 2008-05-09 20:35 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME 2008-04-26 17:45 . 2008-04-26 17:45 <DIR> d-------- C:\Programfiler\ANI 2008-04-26 17:44 . 2008-04-26 17:44 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\InstallShield 2008-04-26 17:27 . 2008-04-26 17:27 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-04-26 17:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-04-26 17:16 . 2008-04-26 17:16 <DIR> d-------- C:\Programfiler\MSBuild 2008-04-26 17:16 . 2008-04-26 17:16 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-26 17:14 . 2008-04-26 17:16 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-26 17:13 . 2008-05-07 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-04-26 17:12 . 2008-04-26 17:12 <DIR> dr-h----- C:\MSOCache 2008-04-26 16:50 . 2008-04-26 16:50 <DIR> d-------- C:\Programfiler\Alwil Software 2008-04-26 11:29 . 2008-04-26 17:45 <DIR> d-------- C:\Programfiler\D-Link 2008-04-26 11:29 . 2008-04-26 11:29 <DIR> d-------- C:\Programfiler\Alpha Networks 2008-04-26 11:29 . 2003-08-12 11:57 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll 2008-04-26 11:29 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys 2008-04-26 11:29 . 2003-05-05 18:25 15,973 --a------ C:\WINDOWS\system32\ANIO.VXD 2008-04-26 11:29 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys 2008-04-26 11:25 . 2008-04-26 11:25 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\HP 2008-04-26 11:24 . 2008-04-26 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP 2008-04-26 11:21 . 2008-04-26 11:21 <DIR> d-------- C:\bin 2008-04-26 11:19 . 2008-04-26 11:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-04-26 11:18 . 2006-04-13 03:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-04-26 11:18 . 2006-04-13 03:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-04-26 11:17 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-04-26 11:17 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-04-26 11:17 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-04-26 11:17 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-04-26 11:17 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 16:12 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-06 15:45 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-26 19:58 --------- d-----w C:\Programfiler\Google 2008-04-26 15:17 --------- d-----w C:\Programfiler\Microsoft Works 2008-04-26 09:46 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-04-26 09:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 23:30 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "PCDrProfiler"="" [] "HPBootOp"="C:\Programfiler\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768] "D-Link AirPlus XtremeG DWL-G520"="C:\Programfiler\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe" [2007-06-21 14:43 1327104] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] C:\Documents and Settings\Gjest\Start-meny\Programmer\Oppstart\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 05:07:26 27136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Aspyr\\Guitar Hero III\\GH3.exe"= "C:\\Programfiler\\Java\\jre1.5.0_05\\bin\\javaw.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-10-16 00:58] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 21:02:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-09 21:02:54 ComboFix-quarantined-files.txt 2008-05-09 19:02:50 ComboFix2.txt 2008-05-09 18:57:47 ComboFix3.txt 2008-05-09 18:37:18 Pre-Run: 138,521,284,608 byte ledig Post-Run: 138,511,736,832 byte ledig 220 --- E O F --- 2008-04-28 20:32:20 Er det noen som har tips til hva som kan være problemet, og hva jeg kan gjøre med det? Lenke til kommentar
r2d290 Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 last opp fila på http://virusscan.jotti.org/ Hvis den gir noe respons, limer du resultatet inn hit Lenke til kommentar
norbat Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 (endret) Fila r2d290 snakker om er antakelig c:\log.exe Den opptrer på de andre brukerene også, så mye kan tyde på at dette er en infeksjon. Det du da kan gjøre etter sjekken, og den sier at fila inneholder malware, kan du gjøre følgende: Åpne notisblokk, kopier og lim inn det som står i fet skrift under. Lagre fila som CFScript og legg den på skrivebordet. Dra og slipp fila over combofix-iconet. Combofix vil starte igjen: File:: C:\Documents and Settings\Gjest\log.exe C:\LOGD.tmp C:\LOG2A.tmp C:\Documents and Settings\Compaq_Eier\log.exe C:\log.exe Driver:: PSEXESVC Post den ny combofix-loggen. Du bør også kjøre en scan med et antispywareprog. Anbefaler gratisversjonen til SAS Endret 10. mai 2008 av norbat Lenke til kommentar
r2d290 Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 (endret) åja, ja det var log.exe jeg mente Endret 10. mai 2008 av r2d290 Lenke til kommentar
Gjest medlem-105082 Skrevet 10. mai 2008 Del Skrevet 10. mai 2008 last opp fila på http://virusscan.jotti.org/Hvis den gir noe respons, limer du resultatet inn hit VirusTotal er et bedre alternativ, da det er fleste antivirus og antispyware scannere i forhold til Jotti. Jotti gir nok et klart svar det også, men jo flere jo bedre. Lenke til kommentar
Annie_P Skrevet 11. mai 2008 Forfatter Del Skrevet 11. mai 2008 last opp fila på http://virusscan.jotti.org/Hvis den gir noe respons, limer du resultatet inn hit Nå har jeg kjørt virusscan.jotti.org. Det ser ut som om det er virus her, ja. Hvordan kan jeg kvitte meg med det? Scan taken on 11 May 2008 08:25:12 (GMT) A-Squared Found nothing AntiVir Found BDS/Eggdrop.BI.1 ArcaVir Found nothing Avast Found nothing AVG Antivirus Found IRC/BackDoor.SdBot3.ZKE BitDefender Found Backdoor.IRCBot.ABRR ClamAV Found Trojan.Eggdrop-35 CPsecure Found BackDoor.W32.IRCBot.bcv Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Backdoor.Win32.EggDrop.bi Fortinet Found nothing Ikarus Found Virus.Win32.Agent.OJX Kaspersky Anti-Virus Found Backdoor.Win32.EggDrop.bi NOD32 Found probably a variant of Win32/Agent (probable variant) Norman Virus Control Found nothing Panda Antivirus Found Bck/EggDrop.Y Sophos Antivirus Found Mal/Generic-A VirusBuster Found Backdoor.EggDrop.RM VBA32 Found nothing Lenke til kommentar
r2d290 Skrevet 11. mai 2008 Del Skrevet 11. mai 2008 Du følger Norbat sin veiledning (post #3), og gir deretter respons på hvordan du synes maskinen din fungerer Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå