Insomniatic Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Jeg har fått et virus, på prosesser er det en prosess som heter firefox.exe, i tillegg til den jeg bruker, og selvom jeg avbryter begge prosessene så kommer den ene tilbake HELE tiden, tok en full systemscan med AVG Anti-SpyWare, fikk fjerna mye men den er der FORTSATT! Hvordan skal jeg få den vekk? Lenke til kommentar
norbat Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Insomniatic Skrevet 22. mai 2008 Forfatter Del Skrevet 22. mai 2008 PC-en frøs totalt når den reboota. Hva skal jeg gjøre nå? btw, er det plutselig blitt en iexplorer.exe som aldri vil dø... Lenke til kommentar
norbat Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Fikk du kjørt combofix og finnes det en logg (c:\combofix.txt)? Hvis det er problemer, prøv å kjør combofix på nytt. Lenke til kommentar
geir__hk Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Start opp i sikkerhetsmodus. Installer windows fra scratch. Ta backup/snapshot/diskimage Lenke til kommentar
Insomniatic Skrevet 22. mai 2008 Forfatter Del Skrevet 22. mai 2008 Kan jeg ikke bare poste en HJT logg? Lenke til kommentar
Insomniatic Skrevet 23. mai 2008 Forfatter Del Skrevet 23. mai 2008 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:35, on 2008-05-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/index.php?autocom=my_forum R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {61E294DD-80BC-4A35-9AB5-CF8022F82359} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: coresysd.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABA6710-96B4-4197-AEDC-8741AE2F3712}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{63FBE47F-C984-4DFC-8EEA-59DD2FB2F045}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC1C19F-BF39-4BFE-ACB4-50205B825569}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{1ABA6710-96B4-4197-AEDC-8741AE2F3712}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{1ABA6710-96B4-4197-AEDC-8741AE2F3712}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing) O20 - Winlogon Notify: winghf - winghf.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.12\dopewars.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O24 - Desktop Component 1: (no name) - https://www.diskusjon.no/index.php?autocom=my_forum -- End of file - 7591 bytes Her er loggen Lenke til kommentar
norbat Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {61E294DD-80BC-4A35-9AB5-CF8022F82359} - C:\WINDOWS\system32\pmnli.dll (file missing) O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing) O20 - Winlogon Notify: winghf - winghf.dll (file missing) Last ned gratisversjonen til SAS. Installer og oppdater. Kjør en full scan og la SAS fjerne det den finner. Last ned ny Combofix og kjør programmet. Post combofix-loggen. Lenke til kommentar
Insomniatic Skrevet 23. mai 2008 Forfatter Del Skrevet 23. mai 2008 ComboFix 08-05-21.3 - Micke 2008-05-23 16:59:08.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.130 [GMT 2:00] Running from: C:\Program Files\Mappe\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Micke.MICKES\Programdata\ASEMBL~1 C:\Documents and Settings\Micke.MICKES\Programdata\ASEMBL~1\??mbols\ C:\Documents and Settings\Micke.MICKES\Programdata\ECURIT~1 C:\Documents and Settings\Micke.MICKES\Programdata\FNTS~1 C:\explorer.exe C:\Programfiler\download plugin C:\Programfiler\download plugin\DlPlugin-Moz\buddy.dat C:\Programfiler\download plugin\DlPlugin-Moz\vendor.txt C:\Programfiler\Google\googletoolbar1.dll C:\Programfiler\IEToolbar C:\Programfiler\IEToolbar\basis.xml C:\Programfiler\IEToolbar\icons.bmp C:\Programfiler\IEToolbar\inst.bat C:\Programfiler\IEToolbar\metacrawl.ws.crc C:\Programfiler\IEToolbar\metacrawl.ws.inf C:\Programfiler\IEToolbar\metacrawlit.bmp C:\Programfiler\IEToolbar\version.txt C:\Programfiler\ipwins C:\Programfiler\ipwins\count.dat C:\Programfiler\ipwins\data.dat C:\Programfiler\ipwins\date.dat C:\Programfiler\ipwins\s3do.dat C:\Programfiler\ipwins\settingsDate.dat C:\Programfiler\ipwins\Uninst.exe C:\Programfiler\windows C:\Programfiler\winupdates C:\Programfiler\winupdates\a.zip C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\SNMPAPI.DLL C:\WINDOWS\sysk32.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\ilnmp.bak1 C:\WINDOWS\system32\ilnmp.bak2 C:\WINDOWS\system32\ilnmp.ini C:\WINDOWS\system32\ilnmp.ini2 C:\WINDOWS\system32\ilnmp.tmp C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\setup.exe.tmp C:\WINDOWS\system32\sinvfct.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))) . 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\SUPERAntiSpyware.com 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com 2008-05-22 17:56 . 2008-05-23 16:58 19,772 --a------ C:\WINDOWS\system32\nav32update 2008-05-22 17:54 . 2006-07-16 16:32 8,192 --a------ C:\WINDOWS\system32\nav32update.exe 2008-05-22 09:59 . 2008-05-23 16:57 <DIR> dr-h----- C:\Documents and Settings\Micke.MICKES\Siste 2008-05-20 19:11 . 2008-03-21 19:11 32 -ra------ C:\Documents and Settings\All Users\hash.dat 2008-05-18 23:29 . 2008-05-18 23:29 <DIR> d-------- C:\Programfiler\Dopewars 2008-05-16 23:13 . 2008-05-23 16:58 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Programfiler\dopewars-1.5.12 2008-05-16 15:47 . 2008-05-16 15:47 20,992 --a------ C:\WINDOWS\bw-uninstall.exe 2008-05-11 14:06 . 2002-02-18 10:23 172,304 --a------ C:\WINDOWS\system32\jview.exe 2008-05-11 14:06 . 2002-02-18 10:23 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2008-05-11 14:06 . 2002-02-18 10:23 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2008-05-11 13:40 . 2008-05-11 20:53 <DIR> d-------- C:\rscache 2008-05-10 15:11 . 2008-05-18 21:13 <DIR> d-------- C:\Programfiler\SwiftKit 2008-05-10 15:11 . 2008-05-10 15:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SwiftKit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-23 13:55 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-23 06:32 --------- d--h--w C:\Programfiler\XSoftware 2008-05-22 21:22 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\wsInspector 2008-05-22 18:37 --------- d-----w C:\Programfiler\Google 2008-05-22 18:28 --------- d-----w C:\Programfiler\Cheat Engine 2008-05-22 17:41 --------- d-----w C:\Programfiler\Corel 2008-05-20 14:13 9,394 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-11 12:06 155,995 ----a-w C:\WINDOWS\java\Packages\YV7RN9FL.ZIP 2008-04-26 19:56 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\Azureus 2008-04-26 19:34 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\LimeWire 2008-04-26 19:26 --------- d-----w C:\Programfiler\Azureus 2008-04-23 06:13 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\mIRC 2008-04-23 06:09 --------- d-----w C:\Programfiler\mIRC 2008-04-18 16:33 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-04-18 16:30 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-15 17:39 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\tor 2008-04-06 13:22 --------- d-----w C:\Programfiler\Java 2008-04-06 13:15 --------- d-----w C:\Programfiler\Sun 2008-04-03 20:23 --------- d-----w C:\Programfiler\AV Music Morpher Gold 2008-03-29 15:04 --------- d-----w C:\Programfiler\MSN Messenger 2008-03-29 15:04 --------- d-----w C:\Programfiler\MessengerDiscovery 2008-03-28 21:15 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-02-01 13:50 4 ----a-w C:\Programfiler\KeyLog.txt 2008-01-31 13:05 167 ----a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\saopts.dat 2007-08-28 19:51 152 ----a-w C:\Programfiler\HALLO.txt 2006-06-12 14:48 217,088 ----a-w C:\Programfiler\GLF71.tmp.exe 2006-04-18 12:55 834 ----a-w C:\Documents and Settings\Micke\Programdata\wklnhst.dat 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2006-06-18 19:27 80 --sh--r C:\WINDOWS\system32\744BE5167C.dll 2008-01-17 15:28 104 --sh--r C:\WINDOWS\system32\744BE5167C.sys 2008-02-03 18:30 168 --sh--r C:\WINDOWS\system32\7C16E54B74.sys 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-07-17 09:26 65,210 --sha-w C:\WINDOWS\system32\fhgniw.dat 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2006-06-15 21:03 8,384 --sha-w C:\WINDOWS\system32\srsc.dat 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . <pre> ----a-w 360,448 2004-10-02 11:21:08 C:\Program Files\Mappe\Cheatpack\Auto Miners\Sythe's Powerminer .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 22:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe" [ ] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\ coresysd.exe [2006-06-25 01:36:14 195461] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=61.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mappe\\err41beta\\client.exe"= "C:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Program Files\\Mappe\\err31\\client.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 17:18] S3 C;C NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\C.sys [] S3 CSNPD51;CSNPD51 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CSNPD51.sys [] S3 dopewars-server;dopewars server;C:\Programfiler\dopewars-1.5.12\dopewars.exe [2008-05-16 15:47] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-03 00:53] S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48] S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 13:34] S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E5F932B-6766-4624-0006-000602040807}] C:\WINDOWS\system32\nav32update.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30ADB197-4D38-660D-0707-080508000804}] C:\WINDOWS\system32\virusdelete.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 17:06:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PsSdk30] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv" . Completion time: 2008-05-23 17:14:47 ComboFix-quarantined-files.txt 2008-05-23 15:14:36 Pre-Run: 18,026,496,000 byte ledig Post-Run: 18,024,304,640 byte ledig 221 --- E O F --- 2008-01-31 13:46:21 Lenke til kommentar
norbat Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 Hvis sponsorprogrammet til Messenger Plus! Live er installert, avinstallerer du det via legg til/fjern programmer. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\nav32update.exe Folder:: C:\WINDOWS\system32\nav32update Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E5F932B-6766-4624-0006-000602040807}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30ADB197-4D38-660D-0707-080508000804}] RenV:: ----a-w 360,448 2004-10-02 11:21:08 C:\Program Files\Mappe\Cheatpack\Auto Miners\Sythe's Powerminer .exe Post loggen den lager + ny hjt-logg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå