NERV Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 (endret) Hei, har fått en trojan. Nod32 meldte fra om Privacyset.b Trojan. Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:08:43, on 07.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Apoint\Apntex.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\system32\winsecurityxp\mswinup.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [bMf3c480e7] Rundll32.exe "C:\WINDOWS\system32\fekfmesf.dll",s O4 - HKLM\..\Run: [f0f7b37b] rundll32.exe "C:\WINDOWS\system32\olsaranx.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [VoipDiscount] "C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O20 - Winlogon Notify: ssqrppq - ssqrppq.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9035 bytes Combofixlog: ComboFix 08-06-06.6 - Petter 2008-06-07 8:46:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.172 [GMT 2:00] Running from: C:\Documents and Settings\Petter\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMf3c480e7.xml C:\WINDOWS\Downloaded Program Files\setup.dll C:\WINDOWS\pskt.ini C:\WINDOWS\system32\jnyeqgoj.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\xnaraslo.ini . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Programfiler\Lavasoft 2008-06-06 23:47 . 2008-06-06 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-06 22:39 . 2008-06-06 23:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-06 22:38 . 2008-06-06 22:38 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-06-01 15:27 . 2008-06-01 15:27 <DIR> d-------- C:\Programfiler\Lab Loveholic 2008-05-30 23:16 . 2008-05-30 23:14 691,545 --a------ C:\WINDOWS\unins000.exe 2008-05-30 23:16 . 2008-05-30 23:16 2,544 --a------ C:\WINDOWS\unins000.dat 2008-05-25 16:52 . 2008-05-18 02:31 265,216 --a------ C:\WINDOWS\system32\MSCOMCTL.oca 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 06:55 246,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-07 06:55 22,622,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-04 13:15 --------- d-----w C:\Documents and Settings\Petter\Programdata\Azureus 2008-06-04 09:20 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-05-31 05:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-31 05:18 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-05-30 18:54 2,025,984 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-05-03 04:32 12,952,025 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 16:51 --------- d-----w C:\Programfiler\Foxit Software 2008-04-25 19:25 --------- d-----w C:\Programfiler\doubleTwist 2008-04-24 04:00 --------- d-----w C:\Programfiler\Azureus 2008-04-21 12:38 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-04-21 12:38 --------- d-----w C:\Documents and Settings\Petter\Programdata\NCH Swift Sound 2008-04-21 12:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-04-17 17:29 --------- d-----w C:\Programfiler\Google 2008-04-17 09:12 --------- d-----w C:\Programfiler\Transcribe! 2008-04-17 09:00 --------- d-----w C:\Programfiler\Transcriber 2008-04-17 08:57 --------- d-----w C:\Programfiler\Legal Easy 2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-09-28 19:33 46,344 ----a-w C:\Documents and Settings\Petter\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F0EE8E2-1472-4EF7-AD5E-485D9F17C94A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-30 07:59 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "VoipDiscount"="C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 17:33 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00 344064] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2006-09-05 22:50 917504] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "MSWindowsUpdate"="C:\WINDOWS\system32\winsecurityxp\mswinup.exe" [ ] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016] "BMf3c480e7"="C:\WINDOWS\system32\fekfmesf.dll" [ ] "f0f7b37b"="C:\WINDOWS\system32\olsaranx.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrppq] ssqrppq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 11:09 63712 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 13:00 49152 C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%SystemDir%\\winsecurityxp\\mswinup.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 07:38] S3 naecd;naecd;C:\DOCUME~1\Petter\LOKALE~1\Temp\naecd.sys [] . Contents of the 'Scheduled Tasks' folder "2008-05-31 19:59:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 08:58:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Programfiler\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\ZCfgSvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Dell\NicConfigSvc\NicConfigSvc.exe C:\Programfiler\ESET\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Apoint\ApntEx.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-06-07 9:05:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-07 07:04:36 Pre-Run: 18,120,204,288 byte ledig Post-Run: 18,283,347,968 byte ledig 182 --- E O F --- 2008-05-27 19:27:43 Endret 8. juni 2008 av NERV Lenke til kommentar
snippsat Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 (endret) Tar med xDB26.tmp,tvDebug.zip Dette er logg filer fra zonealarm,viss du av en eller annen grunn skal ha dem fjerner du dem fra scripet og tar med registry delen. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\Internet Logs\xDB26.tmp C:\WINDOWS\Internet Logs\tvDebug.zip Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSWindowsUpdate"=- "BMf3c480e7"=- "f0f7b37b"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrppq] --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart --- Lag en ny hijackthis logg og post den. Endret 7. juni 2008 av SNIPPSAT Lenke til kommentar
NERV Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 ComboFix 08-06-06.6 - Morten 2008-06-07 15:30:16.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.81 [GMT 2:00] Running from: C:\Documents and Settings\Morten\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Morten\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-07 09:08 . 2008-06-07 09:08 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Programfiler\Lavasoft 2008-06-06 23:47 . 2008-06-06 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\SUPERAntiSpyware.com 2008-06-06 22:40 . 2008-06-06 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-06 22:39 . 2008-06-06 23:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-06 22:38 . 2008-06-07 15:28 <DIR> dr-h----- C:\Documents and Settings\Morten\Siste 2008-06-01 15:27 . 2008-06-01 15:27 <DIR> d-------- C:\Programfiler\Lab Loveholic 2008-05-30 23:16 . 2008-05-30 23:14 691,545 --a------ C:\WINDOWS\unins000.exe 2008-05-30 23:16 . 2008-05-30 23:16 2,544 --a------ C:\WINDOWS\unins000.dat 2008-05-25 16:52 . 2008-05-18 02:31 265,216 --a------ C:\WINDOWS\system32\MSCOMCTL.oca 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 06:55 246,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-07 06:55 22,622,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-04 13:15 --------- d-----w C:\Documents and Settings\Morten\Programdata\Azureus 2008-06-04 09:20 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-05-31 05:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-31 05:18 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-05-30 18:54 2,025,984 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-05-03 04:32 12,952,025 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 16:51 --------- d-----w C:\Programfiler\Foxit Software 2008-04-25 19:25 --------- d-----w C:\Programfiler\doubleTwist 2008-04-24 04:00 --------- d-----w C:\Programfiler\Azureus 2008-04-21 12:38 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-04-21 12:38 --------- d-----w C:\Documents and Settings\Morten\Programdata\NCH Swift Sound 2008-04-21 12:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-04-17 17:29 --------- d-----w C:\Programfiler\Google 2008-04-17 09:12 --------- d-----w C:\Programfiler\Transcribe! 2008-04-17 09:00 --------- d-----w C:\Programfiler\Transcriber 2008-04-17 08:57 --------- d-----w C:\Programfiler\Legal Easy 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-09-28 19:33 46,344 ----a-w C:\Documents and Settings\Morten\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-06-07_ 9.03.41.01 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-07 05:38:22 64,534 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-07 07:01:58 64,534 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-07 05:38:22 73,324 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-06-07 07:01:58 73,324 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-06-07 05:38:22 408,004 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-07 07:01:58 408,004 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-07 05:38:22 411,946 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-06-07 07:01:58 411,946 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-30 07:59 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "VoipDiscount"="C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 17:33 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00 344064] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2006-09-05 22:50 917504] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 11:09 63712 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 13:00 49152 C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%SystemDir%\\winsecurityxp\\mswinup.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 07:38] S3 naecd;naecd;C:\DOCUME~1\Morten\LOKALE~1\Temp\naecd.sys [] . Contents of the 'Scheduled Tasks' folder "2008-05-31 19:59:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 15:38:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-07 15:42:15 ComboFix-quarantined-files.txt 2008-06-07 13:41:56 ComboFix2.txt 2008-06-07 07:05:04 Pre-Run: 18,223,702,016 byte ledig Post-Run: 18,204,569,600 byte ledig 161 --- E O F --- 2008-05-27 19:27:43 Lenke til kommentar
NERV Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/07/2008 at 04:55 PM Application Version : 4.15.1000 Core Rules Database Version : 3476 Trace Rules Database Version: 1467 Scan type : Complete Scan Total Scan Time : 01:08:57 Memory items scanned : 422 Memory threats detected : 0 Registry items scanned : 5905 Registry threats detected : 0 File items scanned : 16366 File threats detected : 0 Adware.Tracking Cookie .adtech.de [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .haynet.adbureau.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] uk.sitestat.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] uk.sitestat.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] zbox.zanox.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] ad.zanox.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .burstnet.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\petter\Programdata\Mozilla\Firefox\Profiles\nq972n3i.default\cookies.txt ] Lenke til kommentar
NERV Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:07:06, on 07.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Apoint\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [VoipDiscount] "C:\Programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O20 - Winlogon Notify: ssqrppq - C:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8697 bytes Lenke til kommentar
snippsat Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 (endret) Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked. O20 - Winlogon Notify: ssqrppq - C:\WINDOWS\ --- Ny runde med CCleaner. --- Scan nå med nod32 og se om det er greit. Finner den noe må du ta med logg eller plassering. Endret 7. juni 2008 av SNIPPSAT Lenke til kommentar
NERV Skrevet 8. juni 2008 Forfatter Del Skrevet 8. juni 2008 Gjorde som du sa og fjernet ssqrppq. Så kjørte jeg ccleaner. Deretter kjørte jeg nod32. Den fant et virus som var en zip fil, jeg tror faktisk det var oppdatering til zonealarm. Den klarte ikke å slette den så jeg slettet den manuelt. Tror alt skal være ok da. Hjertlig takk for veiledning, hvis du mener at jeg er ren nå så setter jeg Løst på tittelen. Lenke til kommentar
snippsat Skrevet 8. juni 2008 Del Skrevet 8. juni 2008 Da er det bra Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
r2d290 Skrevet 8. juni 2008 Del Skrevet 8. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
NERV Skrevet 8. juni 2008 Forfatter Del Skrevet 8. juni 2008 Da er det bra Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Done og Takk igjen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå