Insomniatic Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 men han sa jeg skulle lagre det som en spesiell fil sp jeg var ikke sikker Lenke til kommentar
Insomniatic Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 ComboFix 08-06-04.5 - Micke 2008-06-05 17:15:29.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.117 [GMT 2:00]Running from: C:\Documents and Settings\Micke.MICKES\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Micke.MICKES\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\nav32update.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nav32update\ . ((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))) . 2008-06-05 12:27 . 2008-06-05 12:31 <DIR> d-------- C:\fixwareout 2008-06-05 02:04 . 2008-06-05 17:13 <DIR> dr-h----- C:\Documents and Settings\Micke.MICKES\Siste 2008-06-01 21:23 . 2008-06-01 21:23 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-06-01 16:06 . 2008-06-01 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-06-01 16:06 . 2008-06-01 21:23 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-06-01 16:06 . 2006-06-01 22:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-06-01 16:06 . 2008-06-05 17:21 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-06-01 16:06 . 2008-06-01 16:06 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-01 14:53 . 2008-06-01 15:32 82 ---h----- C:\WINDOWS\popcreg.dat 2008-06-01 14:53 . 2008-06-01 15:32 23 --a------ C:\WINDOWS\popcinfot.dat 2008-06-01 14:34 . 2008-06-01 12:17 94,208 --a------ C:\WINDOWS\exdq.exe 2008-05-30 17:51 . 2008-05-30 17:51 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Publish Providers 2008-05-30 17:50 . 2008-05-30 17:50 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Sony 2008-05-30 17:41 . 2008-05-30 17:41 <DIR> d-------- C:\Programfiler\MSBuild 2008-05-30 17:36 . 2008-05-30 17:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-05-30 17:35 . 2008-05-30 17:35 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-05-30 17:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-05-30 17:28 . 2008-05-30 17:28 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Sony Setup 2008-05-30 17:24 . 2008-05-30 17:24 <DIR> d-------- C:\Programfiler\Sony Setup 2008-05-29 16:33 . 2008-05-29 16:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SwiftKit 2008-05-26 16:32 . 2008-05-26 16:32 <DIR> d-------- C:\DVDVideoSoft 2008-05-26 16:31 . 2008-05-26 16:31 <DIR> d-------- C:\Programfiler\Fellesfiler\DVDVideoSoft 2008-05-26 16:31 . 2008-05-26 16:31 <DIR> d-------- C:\Programfiler\DVDVideoSoft 2008-05-25 22:21 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-25 22:21 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-25 21:22 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-05-25 21:22 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-25 21:20 . 2004-08-04 01:03 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-05-25 21:20 . 2004-08-04 01:03 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2008-05-25 21:20 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-05-25 21:20 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys 2008-05-25 21:20 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2008-05-25 21:20 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys 2008-05-25 21:20 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2008-05-25 21:20 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys 2008-05-25 21:20 . 2004-08-04 01:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-05-25 21:20 . 2004-08-04 01:03 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2008-05-25 21:19 . 2004-08-04 00:55 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-05-25 21:19 . 2004-08-04 00:55 274,432 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-25 21:19 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2008-05-25 21:19 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys 2008-05-23 21:21 . 2008-05-23 21:21 <DIR> d-------- C:\Programfiler\Fellesfiler\eSellerate 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\SUPERAntiSpyware.com 2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com 2008-05-22 17:56 . 2008-05-23 16:58 19,772 --a------ C:\WINDOWS\system32\nav32update 2008-05-20 19:11 . 2008-03-21 19:11 32 -ra------ C:\Documents and Settings\All Users\hash.dat 2008-05-18 23:29 . 2008-05-18 23:29 <DIR> d-------- C:\Programfiler\Dopewars 2008-05-16 23:13 . 2008-06-03 14:03 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Programfiler\dopewars-1.5.12 2008-05-16 15:47 . 2008-05-16 15:47 20,992 --a------ C:\WINDOWS\bw-uninstall.exe 2008-05-11 14:06 . 2002-02-18 10:23 172,304 --a------ C:\WINDOWS\system32\jview.exe 2008-05-11 14:06 . 2002-02-18 10:23 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2008-05-11 14:06 . 2002-02-18 10:23 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2008-05-11 13:40 . 2008-05-11 20:53 <DIR> d-------- C:\rscache 2008-05-10 15:11 . 2008-05-31 15:22 <DIR> d-------- C:\Programfiler\SwiftKit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-03 12:32 94,208 ----a-w C:\WINDOWS\DUMP4cf7.tmp 2008-06-02 12:09 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\wsInspector 2008-06-01 18:08 94,208 ----a-w C:\WINDOWS\DUMP4304.tmp 2008-06-01 14:00 --------- d-----w C:\Programfiler\Cheat Engine 2008-06-01 12:54 --------- d-----w C:\Programfiler\PopCap Games 2008-05-30 14:14 --------- d-----w C:\Programfiler\Disk Cleaner 2008-05-23 13:55 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-23 06:32 --------- d--h--w C:\Programfiler\XSoftware 2008-05-22 18:37 --------- d-----w C:\Programfiler\Google 2008-05-22 17:41 --------- d-----w C:\Programfiler\Corel 2008-05-20 14:13 9,394 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-11 12:06 155,995 ----a-w C:\WINDOWS\java\Packages\YV7RN9FL.ZIP 2008-04-26 19:56 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\Azureus 2008-04-26 19:34 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\LimeWire 2008-04-26 19:26 --------- d-----w C:\Programfiler\Azureus 2008-04-23 06:13 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\mIRC 2008-04-23 06:09 --------- d-----w C:\Programfiler\mIRC 2008-04-18 16:33 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-04-18 16:30 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-15 17:39 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\tor 2008-04-06 13:22 --------- d-----w C:\Programfiler\Java 2008-04-06 13:15 --------- d-----w C:\Programfiler\Sun 2008-01-31 13:05 167 ----a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\saopts.dat 2006-04-18 12:55 834 ----a-w C:\Documents and Settings\Micke\Programdata\wklnhst.dat 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2006-06-18 19:27 80 --sh--r C:\WINDOWS\system32\744BE5167C.dll 2008-01-17 15:28 104 --sh--r C:\WINDOWS\system32\744BE5167C.sys 2008-02-03 18:30 168 --sh--r C:\WINDOWS\system32\7C16E54B74.sys 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-07-17 09:26 65,210 --sha-w C:\WINDOWS\system32\fhgniw.dat 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2006-06-15 21:03 8,384 --sha-w C:\WINDOWS\system32\srsc.dat 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot_2008-06-05_12.58.30.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-05 10:46:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-05 12:46:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 22:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe" [ ] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ServiceRam"= {58bb6bbc-b463-44fe-8a5c-1fcd0ce1c679} - C:\WINDOWS\Resources\ServiceRam.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=61.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xgN75.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mappe\\err41beta\\client.exe"= "C:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Program Files\\Mappe\\err31\\client.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 17:18] S3 C;C NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\C.sys [] S3 CSNPD51;CSNPD51 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CSNPD51.sys [] S3 dopewars-server;dopewars server;C:\Programfiler\dopewars-1.5.12\dopewars.exe [2008-05-16 15:47] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-03 00:53] S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48] S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 13:34] S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 17:22:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PsSdk30] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv" . Completion time: 2008-06-05 17:30:44 ComboFix-quarantined-files.txt 2008-06-05 15:30:39 ComboFix2.txt 2008-06-05 10:59:06 ComboFix3.txt 2008-05-23 15:14:49 Pre-Run: 18,839,826,432 byte ledig Post-Run: 18,826,661,888 byte ledig 216 --- E O F --- 2008-01-31 13:46:21 Kan fortsatt ikke oppdatere Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Sjekk at mappa: C:\WINDOWS\system32\nav32update ikke lengre ligger på PC-en (hvis, slett den). Slett også mappa C:\fixwareout Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk: C:\WINDOWS\exdq.exe Gi tilbakemelding på fila + fortell hvordan PC-en kjører Lenke til kommentar
Insomniatic Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 File: exdq.exe Status: INFECTED/MALWARE MD5: f20ebd587c92ddf891c40e9bd120797c Packers detected: - Scanner results Scan taken on 05 Jun 2008 16:37:47 (GMT) A-Squared Found nothing AntiVir Found TR/Vapsup.fzn.1 ArcaVir Found Trojan.Vapsup.Fzn Avast Found Win32:Vapsup-BO AVG Antivirus Found Downloader.Adload.LA BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found Trojan.Popuper.6130 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan.Win32.Vapsup.fzn Fortinet Found nothing Ikarus Found Trojan.Vapsup.fzn.1 Kaspersky Anti-Virus Found Trojan.Win32.Vapsup.fzn NOD32 Found Win32/Adware.Vapsup application Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found Mal/Generic-A VirusBuster Found nothing VBA32 Found nothing Den ser ren ut. Vet ikke helt hvordan den kjører nå jeg... Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Fila var ikke ren, så gjør følgende: Opprett nytt CFScript med følgende innhold: File:: C:\WINDOWS\exdq.exe C:\WINDOWS\popcreg.dat C:\WINDOWS\popcinfot.dat Lagre fila på skrivebordet og dra og slipp den over combofix-iconet. Trenger ingen ny logg fra combofix, men ønsker å se en logg fra hjt: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Insomniatic Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23, on 05.06.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mappe\Alle [NAVN] Filer!\Alle EXE Filer\Få gull på clickclickclick_original.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Micke.MICKES\Skrivebord\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/index.php?autocom=my_forum R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: 61.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: ServiceRam - {58bb6bbc-b463-44fe-8a5c-1fcd0ce1c679} - C:\WINDOWS\Resources\ServiceRam.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.12\dopewars.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O24 - Desktop Component 0: (no name) - https://www.diskusjon.no/index.php?autocom=my_forum -- End of file - 6258 bytes Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O20 - AppInit_DLLs: 61.dll Får du kjørt en full scan med en oppdatert SAS? Hvis ikke, kunne du ha forsøkt å reinstallert SAS Lenke til kommentar
Insomniatic Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Kan fortsatt ikke oppdatere. Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Last ned MAM til skrivebordet. Kjør fila og installer programmet. La programmet oppdatere seg og velg å kjør en quick scan. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Show Results-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Remove Selected -knappen for å fjerne malwaren som evt. ble funnet. Når MAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste. Lenke til kommentar
Insomniatic Skrevet 21. juli 2008 Forfatter Del Skrevet 21. juli 2008 Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.22 Database versjon: 977 Windows 5.1.2600 Service Pack 2 01:33:07 22.07.08 mbam-log-7-22-2008 (01-33-07).txt Skanntype: Rask Skann Objekter skannet: 50670 Tid tilbakelagt: 7 minute(s), 30 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 12 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb09718.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb09718.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb09718.tbsb09718 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\tbsb09718.tbsb09718.3 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a8171905-f9f0-48b6-8cd3-42266e45a5c6} (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{310cb22f-0665-4f83-80da-14828c1029f0} (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9c9a0365-a9de-4935-a216-3c21fe3c13c7} (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ddd6e092-9e74-445b-972a-4d0c219d75e0} (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediarovercodec (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\atfxqogp.bsrf (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\MediaRoverCodec (Trojan.Fakealert) -> Quarantined and deleted successfully. Filer infisert: C:\Programfiler\MediaRoverCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\MediaRoverCodec\MediaRoverCodec.ocx (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Programfiler\MediaRoverCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Sen logg, men har ikke fått lastet ned programmet før nå... Lenke til kommentar
Insomniatic Skrevet 21. juli 2008 Forfatter Del Skrevet 21. juli 2008 Og hvordan kjører pc'n? Det er veldig mye lagg hele tiden. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå