dxl200 Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 (endret) Trenger hjelp til å fikse dette.. Har kjørt ccleaner, super anti spyware og hijackthis.. og combofix... Her er loggen for Hijack this.. Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:12, on 2008-05-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Programfiler\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\HIMO\Skrivebord\New Folder\SUPERAntiSpyware.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programfiler\Symantec\LiveUpdate\AUPDATE.EXE C:\Documents and Settings\HIMO\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: {1ca98fe9-4156-014a-4a04-3b9f9d24f1b0} - {0b1f42d9-f9b3-40a4-a410-65149ef89ac1} - C:\WINDOWS\system32\fyaovdpv.dll (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [LManager] C:\Programfiler\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\HIMO\Skrivebord\New Folder\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: DirectEdit - https://www.itslearning.com/file/DirectEdit.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTSUEng.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\HIMO\Skrivebord\New Folder\SASWINLO.dll O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - (no file) O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7937 bytes > Klikk for å se/fjerne innholdet nedenfor Jeg er forholdsvis noob, så all hjelp ønskes... Takk for hjelp!! Endret 1. juni 2008 av toilljing Lenke til kommentar
norbat Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 Kunne du ha postet combofix-loggen og sas-loggen (preferences->statistics/logs) også? Lenke til kommentar
dxl200 Skrevet 31. mai 2008 Forfatter Del Skrevet 31. mai 2008 (endret) SAS logg: Klikk for å se/fjerne innholdet nedenfor <SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/31/2008 at 01:27 PM Application Version : 4.1.1046 Core Rules Database Version : 3472 Trace Rules Database Version: 1463 Scan type : Complete Scan Total Scan Time : 00:14:48 Memory items scanned : 444 Memory threats detected : 3 Registry items scanned : 4509 Registry threats detected : 17 File items scanned : 12091 File threats detected : 16 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\RQRIICSK.DLL C:\WINDOWS\SYSTEM32\RQRIICSK.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6965EEE6-96FB-4D8D-9726-995716E41F25} HKCR\CLSID\{6965EEE6-96FB-4D8D-9726-995716E41F25} HKCR\CLSID\{6965EEE6-96FB-4D8D-9726-995716E41F25}\InprocServer32 HKCR\CLSID\{6965EEE6-96FB-4D8D-9726-995716E41F25}\InprocServer32#ThreadingModel Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqRiICSK Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\OPNMNLCC.DLL C:\WINDOWS\SYSTEM32\OPNMNLCC.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\FYAOVDPV.DLL C:\WINDOWS\SYSTEM32\FYAOVDPV.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898} HKCR\CLSID\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898} HKCR\CLSID\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}\InprocServer32 HKCR\CLSID\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3095D50F-F1BA-4BBC-A54D-819EEB7E0898} HKCR\CLSID\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898} Trojan.Media-Codec C:\Documents and Settings\HIMO\Favoritter\Online Security Test.url Trojan.Media-Codec/V4 HKCR\videoPl.chl HKCR\videoPl.chl\CLSID Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-823518204-1284227242-682003330-1004\Software\Microsoft\rdfa Adware.Tracking Cookie C:\Documents and Settings\HIMO\Cookies\himo@clickbank[2].txt C:\Documents and Settings\HIMO\Cookies\[email protected][2].txt C:\Documents and Settings\HIMO\Cookies\[email protected][2].txt Adware.Vundo-Variant/I C:\SYSTEM VOLUME INFORMATION\_RESTORE{31A34E69-5A4E-47A6-925F-2930089EEB74}\RP143\A0063657.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{31A34E69-5A4E-47A6-925F-2930089EEB74}\RP143\A0063931.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{31A34E69-5A4E-47A6-925F-2930089EEB74}\RP143\A0064949.DLL C:\WINDOWS\SYSTEM32\ABQQQETW.DLL C:\WINDOWS\SYSTEM32\EBCYNAPI.DLL C:\WINDOWS\SYSTEM32\LOLVYSTS.DLL C:\WINDOWS\SYSTEM32\LTQQBHTD.DLL C:\WINDOWS\SYSTEM32\RDFPAOIV.DLL C:\WINDOWS\SYSTEM32\UKRFJQAI.DLL> Klikk for å se/fjerne innholdet nedenfor Endret 1. juni 2008 av toilljing Lenke til kommentar
norbat Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 -og combofix-loggen Hvis du ikke finner den, kan du søke etter combofix.txt Lenke til kommentar
dxl200 Skrevet 31. mai 2008 Forfatter Del Skrevet 31. mai 2008 (endret) Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-05-29.1 - HIMO 2008-05-31 21:12:18.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.509 [GMT 2:00] Running from: C:\Documents and Settings\HIMO\Skrivebord\Ny mappe\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BMf32a9046.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\akveefhr.dll C:\WINDOWS\system32\bvmjaaox.ini C:\WINDOWS\system32\CcLnmnpo.ini C:\WINDOWS\system32\CcLnmnpo.ini2 C:\WINDOWS\system32\dbsjsuxq.ini C:\WINDOWS\system32\dcknljdr.dll C:\WINDOWS\system32\drdacjsn.ini C:\WINDOWS\system32\fwpdasqj.ini C:\WINDOWS\system32\fxqkfsku.ini C:\WINDOWS\system32\hsgnicfi.ini C:\WINDOWS\system32\hugpidvk.dll C:\WINDOWS\system32\iaqjfrku.ini C:\WINDOWS\system32\idhgkaxk.dll C:\WINDOWS\system32\jqsadpwf.dll C:\WINDOWS\system32\kpxbhgwv.dll C:\WINDOWS\system32\kwwulqxp.dll C:\WINDOWS\system32\mbsksdro.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnllisac.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msurybry.dll C:\WINDOWS\system32\mxqnuwfr.dll C:\WINDOWS\system32\oknawqak.ini C:\WINDOWS\system32\omdhcxkp.dll C:\WINDOWS\system32\opnmnLcC.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\prqctxbx.dll C:\WINDOWS\system32\stsyvlol.ini C:\WINDOWS\system32\tlwtdgqv.dll C:\WINDOWS\system32\uepkerrq.dll C:\WINDOWS\system32\uvsmrwem.dll C:\WINDOWS\system32\uyxaypcs.dll C:\WINDOWS\system32\vqmeubng.dll C:\WINDOWS\system32\vscjcfwc.ini C:\WINDOWS\system32\xcdxntye.ini C:\WINDOWS\system32\yrbyrusm.ini . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))) . 2008-05-31 21:01 . 2008-05-31 21:01 <DIR> d-------- C:\WINDOWS\LastGood 2008-05-31 13:13 . 2008-05-31 13:13 <DIR> dr-h----- C:\Documents and Settings\HIMO\Siste 2008-05-31 13:10 . 2008-05-31 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-31 13:09 . 2008-05-31 13:09 <DIR> d-------- C:\Documents and Settings\HIMO\Programdata\SUPERAntiSpyware.com 2008-05-31 13:08 . 2008-05-31 13:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-29 22:16 . 2008-05-29 22:16 1,605,861 ---hs---- C:\WINDOWS\system32\drdacjsn.tmp 2008-05-28 16:35 . 2008-05-28 16:35 1,582,206 ---hs---- C:\WINDOWS\system32\hsgnicfi.tmp 2008-05-26 18:41 . 2008-05-26 18:41 <DIR> d-------- C:\Programfiler\iPod 2008-05-26 18:41 . 2008-05-31 21:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-26 18:41 . 2008-05-26 18:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-26 18:03 . 2008-05-26 18:03 1,417,984 ---hs---- C:\WINDOWS\system32\dbsjsuxq.tmp 2008-05-25 17:18 . 2008-05-25 17:18 <DIR> d-------- C:\WINDOWS\system32\vntiho05 2008-05-25 17:18 . 2008-05-25 17:18 <DIR> d-------- C:\Temp\vtmp2 2008-05-25 17:18 . 2008-05-25 17:18 <DIR> d-------- C:\Temp 2008-05-17 16:08 . 2008-05-17 16:08 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-05-17 16:08 . 2008-05-17 16:08 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-05-17 03:02 . 2008-05-17 03:02 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-16 20:39 . 2008-05-16 20:39 122 --a------ C:\WINDOWS\kaillera.ini 2008-05-16 18:53 . 2008-05-16 18:53 59 --a------ C:\WINDOWS\ANS2000.INI 2008-05-16 18:53 . 2008-05-16 18:53 20 --ah----- C:\WINDOWS\akebook.ini 2008-05-16 18:53 . 2008-05-16 18:53 4 --ah----- C:\WINDOWS\a3kebook.ini 2008-04-24 16:39 . 2008-04-24 16:39 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 12:47 . 2008-04-06 12:47 <DIR> d--hs---- C:\Documents and Settings\HIMO\Phone Browser 2008-04-05 11:41 . 2008-04-05 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2008-04-05 11:40 . 2008-04-05 11:40 <DIR> d-------- C:\Programfiler\DIFX 2008-04-05 11:40 . 2008-04-20 17:22 <DIR> d-------- C:\Documents and Settings\HIMO\Programdata\Nokia 2008-04-05 11:39 . 2008-04-05 11:39 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-04-05 11:39 . 2008-04-05 11:39 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-04-05 11:39 . 2008-04-05 11:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-04-05 11:39 . 2008-04-05 11:41 <DIR> d-------- C:\Documents and Settings\HIMO\Programdata\PC Suite 2008-04-05 11:39 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-05 11:39 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-05 11:39 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-05 11:39 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-05 11:39 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-05 11:38 . 2008-04-05 11:39 <DIR> d-------- C:\Programfiler\Nokia 2008-04-05 11:35 . 2008-04-05 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 19:09 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-31 19:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-05-30 14:47 --------- d-----w C:\Documents and Settings\HIMO\Programdata\LimeWire 2008-05-29 20:31 --------- d-----w C:\Programfiler\Windows Live 2008-05-29 20:26 --------- d-----w C:\Programfiler\Creative 2008-05-26 14:20 --------- d-----w C:\Programfiler\Google 2008-05-26 13:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\WinZip 2008-05-16 17:04 --------- d-----w C:\Programfiler\Norton Security Scan 2008-04-25 16:11 --------- d-----w C:\Programfiler\LimeWire 2008-04-20 15:36 17,544 ----a-w C:\Documents and Settings\HIMO\Programdata\GDIPFONTCACHEV1.DAT 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-07 13:03 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-03-07 13:03 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ------- Sigcheck ------- 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2007-12-23 21:26 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-22 00:13 360064 9edf76f99ec5d1dcc7b55fa1c49f872b C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-22 00:13 360064 9edf76f99ec5d1dcc7b55fa1c49f872b C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-31_14.06.54.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 12:04:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-31 19:00:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b1f42d9-f9b3-40a4-a410-65149ef89ac1}] C:\WINDOWS\system32\fyaovdpv.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Documents and Settings\HIMO\Skrivebord\New Folder\SUPERAntiSpyware.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2005-02-25 14:35 49152 C:\WINDOWS\system32\SiSPower.dll] "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 14:13 32768] "LManager"="C:\Programfiler\Launch Manager\QtZgAcer.EXE" [2005-02-23 06:04 315392] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 14:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 14:16 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 13:13 77824 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 05:50 88363 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 09:44 98394] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 09:43 688218] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-12-17 10:57:20 331776] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Documents and Settings\HIMO\Skrivebord\New Folder\SASSEH.DLL [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Documents and Settings\HIMO\Skrivebord\New Folder\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] C:\Programfiler\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-12 00:12 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 13:10 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu] C:\Programfiler\Creative\MediaSource5\MtdAcqu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 10:12 695808 C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "Apple Mobile Device"=2 (0x2) "TapiSrv"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21670:TCP"= 21670:TCP:BitComet 21670 TCP "21670:UDP"= 21670:UDP:BitComet 21670 UDP "20778:TCP"= 20778:TCP:BitComet 20778 TCP "20778:UDP"= 20778:UDP:BitComet 20778 UDP "60000:TCP"= 60000:TCP:BitComet 60000 TCP "60000:UDP"= 60000:UDP:BitComet 60000 UDP "45460:TCP"= 45460:TCP:BitComet 45460 TCP(ED2K) "45460:UDP"= 45460:UDP:BitComet 45460 UDP(ED2K) "45678:TCP"= 45678:TCP:BitComet 45678 TCP "45678:UDP"= 45678:UDP:BitComet 45678 UDP "45679:TCP"= 45679:TCP:BitComet 45679 TCP(ED2K) "45679:UDP"= 45679:UDP:BitComet 45679 UDP(ED2K) R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 14:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5703f1c6-b95a-11dc-92cf-00163632a67f}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-26 18:29:57 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - HIMO.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 21:13:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-31 21:14:29 ComboFix-quarantined-files.txt 2008-05-31 19:14:26 Pre-Run: 21,900,587,008 byte ledig Post-Run: 21,895,532,544 byte ledig 246 --- E O F --- 2008-05-31 12:41:18> Klikk for å se/fjerne innholdet nedenfor Endret 1. juni 2008 av toilljing Lenke til kommentar
norbat Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\drdacjsn.tmp C:\WINDOWS\system32\hsgnicfi.tmp C:\WINDOWS\system32\dbsjsuxq.tmp C:\WINDOWS\SwSys2.bmp C:\WINDOWS\SwSys1.bmp C:\WINDOWS\system32\fyaovdpv.dll Folder:: C:\WINDOWS\system32\vntiho05 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b1f42d9-f9b3-40a4-a410-65149ef89ac1}] Trenger ikke noen ny logg. Fortell hvordan PC-en kjører. Endret 31. mai 2008 av norbat Lenke til kommentar
dxl200 Skrevet 31. mai 2008 Forfatter Del Skrevet 31. mai 2008 Etter det jeg har sett så langt, så har det blitt mye bedre... Maskinen er raskere, og pop up-ene har sluttet å komme... Det jeg nå er usikker på er hva jeg skal gjøre med viruskontroller osv, for å forhindre nye problemer.. Har Norton antivirus.. Bruker derfor det, men bør jeg da slette ccleaner, combofix, hijackthis og SAS? Og hva bør jeg alternativt bruke av antivirus, antispyware og branmur? Tusen hjertelig takk for hjelpen Norbat! Lenke til kommentar
norbat Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 Norton antivirus kan du beholde. Du kan også beholde SAS, og kjøre en scan i ny og ne. CCleaner er et helt kurrant renseprogram som fjerner temporære filer etc. Du kan evt. bruke windows sitt eget oppryddingsprogram (tilbehør->systemverktøy->diskopprydding), men ccleaner er bedre. Om PC-en kjører ok, kan du fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjørt). Hijackthis kan du også fjerne - fra legg til/fjern programmer. Slett evt. programmappe/fila fra skrivebordet. Surf trygt. Lenke til kommentar
dxl200 Skrevet 1. juni 2008 Forfatter Del Skrevet 1. juni 2008 Nok en gang tusen takk norbat... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå