YMF Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 (endret) Heeei Jeg fikk virus her om dagen, hver gang jeg starter PC-en får jeg denne feilmeldinga: Exception processing message c00000a3 parameters 75b4bf9c 4 75b4bf9c ||Prøv på nytt||Avbryt||Fortsett|| Maskina kjører helt greit etter jeg har spam trykt ||Fortsett||, men etter at det har passert 30-40min går alt til helvette, eneste programmet som funker 100% er MSN, Windows oppgavebehandling blir blokka, når jeg prøver å trykke ctrl-alt-del så får jeg den windows feilmelding lyden. Jeg har heller ingen adgang til Min Datamaskin. systemgjenoppretting funker heller ikke. Noen tips på hvordan jeg får fjerna dette viruset uten å formatere ? hvilke antivirus stuff som kanskje kan gjøre nytta si ? EDIT: Vil ha seriøse svar, ikkenoe "hold deg unna porno" etc... eneste tvilsomme sider jeg er på er 4chan og puretna ! Endret 27. mai 2008 av ito Lenke til kommentar
Skagen Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 Tråden var feilpostet og har blitt flyttet til riktig kategori. (Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding) Lenke til kommentar
snippsat Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
YMF Skrevet 26. mai 2008 Forfatter Del Skrevet 26. mai 2008 ok : ) her kommer loggen ComboFix.txt: Other Deletions. C:\Programfiler\tmp0.exe C:\Programfiler\tmp1.exe C:\Programfiler\tmp2.exe C:\WINDOWS\resources\AlrtCheck.dll C:\WINDOWS\system32\818646\818646.dll C:\WINDOWS\system32\avxbhuin.ini C:\WINDOWS\system32\awtSmNeC.dll C:\WINDOWS\system32\CeNmStwa.ini C:\WINDOWS\system32\CeNmStwa.ini2 c:\windows\system32\Drivers\syE84.sys c:\windows\system32\Drivers\Tag30.sys C:\WINDOWS\system32\glyrfftm.ini C:\WINDOWS\system32\HOpAaccf.ini C:\WINDOWS\system32\HOpAaccf.ini2 C:\WINDOWS\system32\kaokjyfy.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\NTvxIkkj.ini C:\WINDOWS\system32\NTvxIkkj.ini2 C:\WINDOWS\system32\qkxubrdb.ini C:\WINDOWS\system32\WinCtrl32.dll C:\WINDOWS\system32\WLCtrl32.dll C:\WINDOWS\system32\yhijhufl.ini C:\WINDOWS\system32\Yyycefii.ini C:\WINDOWS\system32\Yyycefii.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYE84 -------\Legacy_TAG30 -------\Service_syE84 -------\Service_Tag30 ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))) . 2008-05-26 19:32 . 2008-05-26 19:32 294 ---hs---- C:\WINDOWS\system32\glyrfftm.ini 2008-05-25 22:22 . 2008-05-25 22:22 90,624 --a------ C:\WINDOWS\system32\mtffrylg.dll 2008-05-25 21:44 . 2008-05-25 21:44 <DIR> d-------- C:\Programfiler\uTorrent 2008-05-25 21:44 . 2008-05-26 19:30 <DIR> d-------- C:\Documents and Settings\Ole Christian\Programdata\uTorrent 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-25 20:23 . 2007-05-31 00:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-25 20:23 . 2008-05-25 20:23 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-25 16:56 . 2008-05-25 21:11 376 --a------ C:\WINDOWS\wininit.ini 2008-05-25 15:34 . 2008-05-25 15:31 691,545 --a------ C:\WINDOWS\unins000.exe 2008-05-25 15:34 . 2008-05-25 15:34 2,548 --a------ C:\WINDOWS\unins000.dat 2008-05-25 15:29 . 2008-05-25 15:37 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-05-25 15:29 . 2008-05-25 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-25 07:29 . 2008-05-26 19:29 <DIR> d-------- C:\WINDOWS\system32\818646 2008-05-25 02:31 . 2008-05-25 02:31 <DIR> d-------- C:\Programfiler\CableRouting 2008-05-25 01:31 . 2008-05-25 01:31 29,824 --a------ C:\WINDOWS\system32\iifdCtrS.dll 2008-05-25 01:29 . 2008-05-24 17:19 225,280 --a------ C:\WINDOWS\vregfwlx.dll 2008-05-25 01:29 . 2008-05-25 16:34 160,256 --a------ C:\WINDOWS\system32\blackster.scr 2008-05-25 01:29 . 2008-05-24 17:19 139,264 --a------ C:\WINDOWS\edwf.exe 2008-05-25 01:29 . 2008-05-24 17:20 81,920 --a------ C:\WINDOWS\xmpstean.exe 2008-05-25 01:29 . 2008-05-25 01:29 29,824 --a------ C:\WINDOWS\system32\efcBtuVN.dll 2008-05-19 23:37 . 2008-05-19 23:47 <DIR> d-------- C:\u2b 2008-05-19 23:36 . 2008-05-19 23:38 <DIR> d-------- C:\Programfiler\U2Browser 2008-05-19 23:36 . 2008-05-19 23:36 285,000 --------- C:\WINDOWS\Setup1.exe 2008-05-19 23:36 . 2008-05-19 23:36 72,928 --a------ C:\WINDOWS\ST6UNST.EXE 2008-05-17 22:27 . 2008-05-26 14:45 <DIR> d-------- C:\Programfiler\mIRC 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 13:24 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2008-05-25 13:24 --------- d-----w C:\Programfiler\ConsoleClassix.com 2008-05-25 00:38 --------- d-----w C:\Programfiler\Winamp 2008-05-20 21:24 --------- d-----w C:\Documents and Settings\Ole Christian\Programdata\LimeWire 2008-05-11 21:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-12 22:39 --------- d-----w C:\Programfiler\Xfire 2008-04-08 18:36 --------- d-----w C:\Documents and Settings\Ole Christian\Programdata\Xfire 2008-04-02 14:00 --------- d-----w C:\Programfiler\Ventrilo 2008-04-02 14:00 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-02 13:29 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-03-27 10:45 --------- d-----w C:\Programfiler\LimeWire 2008-01-13 02:27 22,328 ----a-w C:\Documents and Settings\Ole Christian\Programdata\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 15:02 247296 --a------ C:\Programfiler\CableRouting\CableRouting.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}] 2008-05-25 01:29 29824 --a------ C:\WINDOWS\system32\efcBtuVN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54192079-8E8A-43D8-BCBC-3874916159AF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64C01EC8-F796-4D08-A2D7-FAD5781F8C02}] C:\WINDOWS\system32\iifecyyY.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}] 2007-11-18 01:57 130048 --a------ C:\WINDOWS\mpcodecplg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCA83A05-98EB-4BA0-8566-73F68C7817DC}] C:\WINDOWS\system32\jkkIxvTN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E70ADED0-C161-4911-83E5-A223C1DB8244}] C:\WINDOWS\system32\fccaApOH.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Programdata\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2006-06-23 15:29 2146304] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "60ad4cc6"="C:\WINDOWS\system32\mtffrylg.dll" [2008-05-25 22:22 90624] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ SMCWPCIT-G 108Mbps Wireless PCI adapter.lnk - C:\Programfiler\SMC\SMCWPCIT-G 108Mbps Wireless PCI adapter\Monitor.exe [2005-06-07 17:56:34 430080] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}"= C:\WINDOWS\system32\efcBtuVN.dll [2008-05-25 01:29 29824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBtuVN] efcBtuVN.dll 2008-05-25 01:29 29824 C:\WINDOWS\system32\efcBtuVN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syE84.sys] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\spill\\Steam\\steamapps\\scummy259\\counter-strike source\\hl2.exe"= "E:\\spill\\Steam\\steamapps\\common\\trackmania united\\TmUnited.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "E:\\spill\\Steam\\steamapps\\scummy259\\counter-strike\\hl.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Ole Christian\\Skrivebord\\utorrent(2).exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 17:51] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] S3 SMCWPCIT;SMCWPCIT-G 108Mbps Wireless PCI adapter Service;C:\WINDOWS\system32\DRIVERS\SMCWPCIT.sys [2005-04-20 11:53] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7344d5ed-0f0c-11dc-a639-806d6172696f}] \Shell\AutoRun\command - F:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-05-21 19:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-26 19:32:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\glyrfftm.ini 294 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\efcBtuVN.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe . ************************************************************************** . Completion time: 2008-05-26 19:35:28 - machine was rebooted [Ole Christian] ComboFix-quarantined-files.txt 2008-05-26 17:35:05 Pre-Run: 411,152,384 byte ledig Post-Run: 4,167,860,224 byte ledig 206 --- E O F --- 2008-05-17 01:01:29 Lenke til kommentar
YMF Skrevet 26. mai 2008 Forfatter Del Skrevet 26. mai 2008 Jeg tror viruset ble borte etter at de filene ble slettet : ) tusen takk, men finner du noe mer feil i loggen der kan du godt be meg slette de Lenke til kommentar
snippsat Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\glyrfftm.ini C:\WINDOWS\system32\mtffrylg.dll C:\WINDOWS\system32\iifdCtrS.dll C:\WINDOWS\vregfwlx.dll C:\WINDOWS\edwf.exe C:\WINDOWS\xmpstean.exe C:\WINDOWS\system32\efcBtuVN.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64C01EC8-F796-4D08-A2D7-FAD5781F8C02}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCA83A05-98EB-4BA0-8566-73F68C7817DC}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E70ADED0-C161-4911-83E5-A223C1DB8244}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinSpywareProtect (ver. 5.1)"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "60ad4cc6"=- [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syE84.sys] --- Scann denne filen her Virustotal C:\WINDOWS\Setup1.exe --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart. --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. --- Endret 26. mai 2008 av SNIPPSAT Lenke til kommentar
YMF Skrevet 27. mai 2008 Forfatter Del Skrevet 27. mai 2008 (endret) ok, gjør det nå 27 mai 14:53 - EDIT: combofixlog: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\edwf.exe C:\WINDOWS\system32\efcBtuVN.dll C:\WINDOWS\system32\glyrfftm.ini C:\WINDOWS\system32\iifdCtrS.dll C:\WINDOWS\system32\mtffrylg.dll C:\WINDOWS\vregfwlx.dll C:\WINDOWS\xmpstean.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\edwf.exe C:\WINDOWS\system32\efcBtuVN.dll C:\WINDOWS\system32\fcccbaBS.dll C:\WINDOWS\system32\glyrfftm.ini C:\WINDOWS\system32\iifdCtrS.dll C:\WINDOWS\system32\mtffrylg.dll C:\WINDOWS\system32\SBabcccf.ini C:\WINDOWS\system32\SBabcccf.ini2 C:\WINDOWS\vregfwlx.dll C:\WINDOWS\xmpstean.exe . ((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))) . 2008-05-25 21:44 . 2008-05-25 21:44 <DIR> d-------- C:\Programfiler\uTorrent 2008-05-25 21:44 . 2008-05-27 14:44 <DIR> d-------- C:\Documents and Settings\Ole Christian\Programdata\uTorrent 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-25 20:23 . 2007-05-31 00:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-25 20:23 . 2008-05-26 19:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-25 20:23 . 2007-05-31 02:33 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-25 20:23 . 2008-05-25 20:23 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-25 16:56 . 2008-05-25 21:11 376 --a------ C:\WINDOWS\wininit.ini 2008-05-25 15:34 . 2008-05-25 15:31 691,545 --a------ C:\WINDOWS\unins000.exe 2008-05-25 15:34 . 2008-05-25 15:34 2,548 --a------ C:\WINDOWS\unins000.dat 2008-05-25 15:29 . 2008-05-25 15:37 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-05-25 15:29 . 2008-05-25 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-25 07:29 . 2008-05-26 19:29 <DIR> d-------- C:\WINDOWS\system32\818646 2008-05-25 02:31 . 2008-05-25 02:31 <DIR> d-------- C:\Programfiler\CableRouting 2008-05-25 01:29 . 2008-05-25 16:34 160,256 --a------ C:\WINDOWS\system32\blackster.scr 2008-05-19 23:37 . 2008-05-19 23:47 <DIR> d-------- C:\u2b 2008-05-19 23:36 . 2008-05-19 23:38 <DIR> d-------- C:\Programfiler\U2Browser 2008-05-19 23:36 . 2008-05-19 23:36 285,000 --------- C:\WINDOWS\Setup1.exe 2008-05-19 23:36 . 2008-05-19 23:36 72,928 --a------ C:\WINDOWS\ST6UNST.EXE 2008-05-17 22:27 . 2008-05-26 14:45 <DIR> d-------- C:\Programfiler\mIRC 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 13:24 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2008-05-25 13:24 --------- d-----w C:\Programfiler\ConsoleClassix.com 2008-05-25 00:38 --------- d-----w C:\Programfiler\Winamp 2008-05-20 21:24 --------- d-----w C:\Documents and Settings\Ole Christian\Programdata\LimeWire 2008-05-11 21:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-12 22:39 --------- d-----w C:\Programfiler\Xfire 2008-04-08 18:36 --------- d-----w C:\Documents and Settings\Ole Christian\Programdata\Xfire 2008-04-02 14:00 --------- d-----w C:\Programfiler\Ventrilo 2008-04-02 14:00 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-02 13:29 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-03-27 10:45 --------- d-----w C:\Programfiler\LimeWire 2008-01-13 02:27 22,328 ----a-w C:\Documents and Settings\Ole Christian\Programdata\PnkBstrK.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-26_19.34.53.21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-26 17:31:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-27 12:46:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 17:32:43 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-05-27 12:46:55 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54192079-8E8A-43D8-BCBC-3874916159AF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64C01EC8-F796-4D08-A2D7-FAD5781F8C02}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCA83A05-98EB-4BA0-8566-73F68C7817DC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E70ADED0-C161-4911-83E5-A223C1DB8244}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Programdata\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2006-06-23 15:29 2146304] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "60ad4cc6"="C:\WINDOWS\system32\mtffrylg.dll" [ ] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ SMCWPCIT-G 108Mbps Wireless PCI adapter.lnk - C:\Programfiler\SMC\SMCWPCIT-G 108Mbps Wireless PCI adapter\Monitor.exe [2005-06-07 17:56:34 430080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBtuVN] efcBtuVN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syE84.sys] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\spill\\Steam\\steamapps\\scummy259\\counter-strike source\\hl2.exe"= "E:\\spill\\Steam\\steamapps\\common\\trackmania united\\TmUnited.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "E:\\spill\\Steam\\steamapps\\scummy259\\counter-strike\\hl.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Ole Christian\\Skrivebord\\utorrent(2).exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 17:51] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] S3 SMCWPCIT;SMCWPCIT-G 108Mbps Wireless PCI adapter Service;C:\WINDOWS\system32\DRIVERS\SMCWPCIT.sys [2005-04-20 11:53] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7344d5ed-0f0c-11dc-a639-806d6172696f}] \Shell\AutoRun\command - F:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-05-21 19:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-27 14:46:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-05-27 14:49:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-27 12:49:05 ComboFix2.txt 2008-05-26 17:35:29 Pre-Run: 5,060,124,672 byte ledig Post-Run: 5,053,763,584 byte ledig 182 --- E O F --- 2008-05-17 01:01:29 Resten kommer i EDITS. 27 mai 15:01EDIT: Virus Total loggen Antivirus Version Last Update ResultAhnLab-V3 2008.5.22.1 2008.05.27 - AntiVir 7.8.0.19 2008.05.27 - Authentium 5.1.0.4 2008.05.26 - Avast 4.8.1195.0 2008.05.27 - AVG 7.5.0.516 2008.05.26 - BitDefender 7.2 2008.05.27 - CAT-QuickHeal 9.50 2008.05.26 - ClamAV 0.92.1 2008.05.27 - DrWeb 4.44.0.09170 2008.05.27 - eSafe 7.0.15.0 2008.05.26 - eTrust-Vet 31.4.5826 2008.05.27 - Ewido 4.0 2008.05.27 - F-Prot 4.4.4.56 2008.05.26 - F-Secure 6.70.13260.0 2008.05.27 - Fortinet 3.14.0.0 2008.05.27 - GData 2.0.7306.1023 2008.05.27 - Ikarus T3.1.1.26.0 2008.05.27 - Kaspersky 7.0.0.125 2008.05.27 - McAfee 5303 2008.05.26 - Microsoft 1.3520 2008.05.27 - NOD32v2 3134 2008.05.27 - Norman 5.80.02 2008.05.26 - Panda 9.0.0.4 2008.05.27 - Prevx1 V2 2008.05.27 - Rising 20.46.12.00 2008.05.27 - Sophos 4.29.0 2008.05.27 - Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.27 - TheHacker 6.2.92.320 2008.05.26 - VBA32 3.12.6.6 2008.05.27 - VirusBuster 4.3.26:9 2008.05.27 - Webwasher-Gateway 6.6.2 2008.05.27 Win32.Malware.gen (suspicious) Additional information File size: 285000 bytes MD5...: 3f1a583c4a336c5a1f3f797033c16d3a SHA1..: f0bf2ca5fab080ab301b30c594d4fb43df0be388 SHA256: 6274f605b56a88cf2b6d5c3b58c594d7067545e23512e0c692d36090d1166fad SHA512: 12a73188b49af0eaf9ea81d0e98eab4563f511459c324a4dc12fec7e3e6380e3<br>406e45542bcdbe8f4a815640a70b52ed538e71455ffb391f1c1fb3fed2f6f3b0 PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403ea0<br>timedatestamp.....: 0x358c54e7 (Sun Jun 21 00:33:43 1998)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x3d7e0 0x3e000 6.02 bb300a203cd66e00982fd611b38c233b<br>.data 0x3f000 0x54c8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0x45000 0x679a 0x5948 3.55 702f60441f2371200769653bdd35fb46<br><br>( 1 imports ) <br>> MSVBVM60.DLL: __vbaVarTextTstLe, __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLineInputStr, __vbaGosubReturn, -, __vbaStrVarMove, __vbaLenBstr, -, -, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, -, -, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaLsetFixstr, -, __vbaVarTextTstEq, __vbaSetSystemError, __vbaRecDestruct, __vbaNameFile, __vbaHresultCheckObj, __vbaLenVar, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaBoolStr, __vbaExitProc, __vbaFileCloseAll, -, __vbaCyAdd, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, -, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaStrFixstr, __vbaBoolVar, -, __vbaForEachCollVar, __vbaStrTextCmp, -, __vbaBoolVarNull, _CIsin, -, __vbaErase, __vbaVarCmpGt, __vbaLateMemStAd, __vbaNextEachCollObj, -, -, __vbaVarZero, __vbaChkstk, __vbaGosubFree, __vbaFileClose, -, EVENT_SINK_AddRef, -, -, __vbaGenerateBoundsError, __vbaStrCmp, __vbaCyI2, -, __vbaCyI4, __vbaObjVar, __vbaNextEachCollVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, __vbaVarTextTstNe, __vbaUI1I2, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaVarTextCmpEq, __vbaVarMul, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, __vbaI2Str, __vbaVarDiv, -, -, -, __vbaFPException, __vbaInStrVar, -, -, __vbaStrVarVal, __vbaUbound, -, -, __vbaVarCat, __vbaDateVar, __vbaI2Var, -, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, -, -, __vbaInStr, __vbaNew2, -, __vbaCyMulI2, _adj_fdiv_m32i, -, _adj_fdivr_m32i, -, __vbaStrCopy, -, __vbaFreeStrList, -, __vbaDerefAry1, __vbaVarTextTstGt, _adj_fdivr_m32, __vbaPowerR8, -, _adj_fdiv_r, -, -, -, -, __vbaI4Var, __vbaAryLock, __vbaLateMemCall, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, -, __vbaFpI2, -, __vbaFpI4, __vbaVarCopy, __vbaVarLateMemCallLd, -, __vbaLateMemCallLd, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaStrVarCopy, -, -, _allmul, __vbaLenVarB, __vbaLateIdSt, -, __vbaVarTextCmpNe, _CItan, -, __vbaAryUnlock, __vbaFPInt, _CIexp, __vbaMidStmtBstr, -, __vbaFreeStr, __vbaFreeObj, -<br><br>( 0 exports ) <br> 27 mai 16:05 EDIT: HijackThis log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:04:15, on 27.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\Mixer.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\SMC\SMCWPCIT-G 108Mbps Wireless PCI adapter\Monitor.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ole Christian\Skrivebord\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SMCWPCIT-G 108Mbps Wireless PCI adapter.lnk = C:\Programfiler\SMC\SMCWPCIT-G 108Mbps Wireless PCI adapter\Monitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcBtuVN - efcBtuVN.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6853 bytes Endret 27. mai 2008 av ito Lenke til kommentar
YMF Skrevet 27. mai 2008 Forfatter Del Skrevet 27. mai 2008 slik, nå har jeg gjort alt. skal jeg gjøre noe mer med Hijackthis ? kryssa av noe og ta "Fix checked" ? PC-en min virker ganske feilfri nå : ) takk for all hjelpa Lenke til kommentar
snippsat Skrevet 27. mai 2008 Del Skrevet 27. mai 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file) O20 - Winlogon Notify: efcBtuVN - efcBtuVN.dll (file missing) Da er du ren for grums Bruk pcen litt kjører den greit må du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Foreslår gratis og bra antivirus-brannvegg. Bruker lite systemresusser. http://www.free-av.com/ http://www.tallemu.com/ Surf trygt. Endret 27. mai 2008 av SNIPPSAT Lenke til kommentar
r2d290 Skrevet 27. mai 2008 Del Skrevet 27. mai 2008 Og til slutt: endre emnetittelen din, ved å ta full redigering av førsteinlegget ditt, og skrive: [LØST] foran emnetittelen din. Dette vil hjelpe til med å holde forumet ryddig Lenke til kommentar
YMF Skrevet 27. mai 2008 Forfatter Del Skrevet 27. mai 2008 tusen takk dere kunne sikkert lagd en 1-2-3 guide med alt dette her vist det ikke finnes fra før : ) Lenke til kommentar
r2d290 Skrevet 27. mai 2008 Del Skrevet 27. mai 2008 Finnes nok det du Se sticky til norbat her Må riktig nok advare om at det er en 1-2-3-4 og ikke en 1-2-3 (men det går vel for det samme Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå