isetan Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Hei. For noen uker siden hadde jeg virus på maskinen. Det var trojaner. Problemet ble fikset med vundofix og spybot. PC-en skal være fri for virus og andre "parasitter". Men det som skjedde etter at PC-en ble "renset" var at winver.exe (vindu som forteller deg hvilket windows versjon du har) popper opp ved hver oppstart. Jeg har sjekket i msconfig, og den ligger ikke i oppstart der. Jeg har klødd meg i huet på denne og søkt på nettet, men finner ikke noen som har hatt dette problemet. Det er også rart at den ikke ligger blant oppstartsprogrammene, når den startes opp hver gang. Noen som vet hva jeg kan prøve her? Lenke til kommentar
norbat Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) (Har du hatt en vundo-infeksjon, så tar verken vundofix og spybot alle filene. Fila du refererer til kan like godt være en infisert fil som ligger på en annen plass en en slik fil normalt gjøre) Lenke til kommentar
isetan Skrevet 11. juni 2008 Forfatter Del Skrevet 11. juni 2008 ComboFix 08-06-10.3 - Nina 2008-06-11 13:11:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1480 [GMT 2:00] Running from: C:\Documents and Settings\Nina\My Documents\Downloads\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\oWyGNXbc.ini C:\WINDOWS\system32\oWyGNXbc.ini2 . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-05-30 23:34 . 2008-05-30 23:34 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-28 01:20 . 2008-05-28 01:55 <DIR> d-------- C:\Program Files\Audacity 2008-05-28 00:39 . 2008-05-28 00:39 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\dvdcss 2008-05-27 15:56 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-05-26 16:50 . 2008-05-26 17:03 <DIR> d-------- C:\VundoFix Backups 2008-05-26 15:54 . 2008-05-26 16:35 152 --a------ C:\WINDOWS\wininit.ini 2008-05-26 15:24 . 2008-05-26 15:24 <DIR> d-------- C:\Program Files\CCleaner 2008-05-25 01:55 . 2008-05-25 02:02 3,394 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-24 15:04 . 2008-05-24 15:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-24 15:04 . 2008-05-24 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-24 14:38 . 2008-05-24 14:38 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\Comodo 2008-05-24 14:38 . 2008-05-24 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-05-24 14:37 . 2008-05-24 14:37 <DIR> d-------- C:\Program Files\Comodo 2008-05-24 14:37 . 2008-05-21 21:59 211 --a------ C:\boot.ini.comodofirewall 2008-05-23 21:32 . 2008-05-23 21:32 <DIR> d-------- C:\Program Files\LucasArts 2008-05-23 21:09 . 2008-05-23 21:24 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\LimeWire 2008-05-23 14:56 . 2008-05-23 14:56 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-05-23 14:56 . 2008-05-23 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-05-23 14:55 . 2008-05-23 15:13 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-22 18:24 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-22 18:24 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-22 18:24 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-22 18:24 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-22 18:24 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-22 18:24 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-22 18:24 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-22 18:24 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-22 18:24 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-22 00:29 . 2008-05-22 00:29 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\vlc 2008-05-21 21:30 . 2008-06-10 22:06 <DIR> d-------- C:\Program Files\eMule 2008-05-21 21:27 . 2004-08-04 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 1,158,818 --a------ C:\WINDOWS\system32\korwbrkr.lex 2008-05-21 21:27 . 2004-08-04 14:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-05-21 21:27 . 2004-08-04 14:00 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll 2008-05-21 21:27 . 2004-08-04 14:00 1,486 --a------ C:\WINDOWS\system32\noise.kor 2008-05-21 21:25 . 2004-08-04 14:00 28,288 --a------ C:\WINDOWS\system32\xjis.nls 2008-05-21 21:25 . 2004-08-04 14:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2008-05-21 21:20 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-05-21 21:07 . 2008-05-21 21:09 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\Winamp 2008-05-21 20:43 . 2008-05-21 20:46 <DIR> d-------- C:\Program Files\Windows Live 2008-05-21 20:43 . 2008-05-21 20:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-21 20:43 . 2008-05-21 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-21 20:42 . 2008-05-21 20:42 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-21 20:40 . 2008-05-21 20:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-05-21 20:40 . 2008-05-21 20:40 376 --a------ C:\WINDOWS\ODBC.INI 2008-05-21 20:39 . 2008-05-21 20:40 <DIR> d-------- C:\WINDOWS\ShellNew 2008-05-21 20:34 . 2008-05-21 20:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-21 20:33 . 2008-05-21 20:34 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf 2008-05-21 20:25 . 2008-06-03 13:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-21 20:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-21 20:22 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-21 01:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-21 01:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-21 01:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-21 01:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-21 01:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-21 00:54 . 2008-05-31 00:11 <DIR> d-------- C:\Documents and Settings\Nina\Contacts 2008-05-21 00:48 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-21 00:25 . 2008-05-21 00:25 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\Logitech 2008-05-21 00:25 . 2008-05-21 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-21 00:24 . 2008-05-21 00:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-21 00:24 . 2008-05-21 00:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-05-21 00:24 . 2008-05-21 00:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-21 00:23 . 2008-05-21 00:23 <DIR> d-------- C:\Program Files\Logitech 2008-05-21 00:23 . 2008-05-21 00:23 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-05-21 00:23 . 2008-05-21 00:23 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\InstallShield 2008-05-21 00:23 . 2008-05-21 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-21 00:23 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-05-21 00:23 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-05-21 00:23 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-05-21 00:23 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-05-21 00:23 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll 2008-05-21 00:22 . 2008-05-28 17:35 <DIR> d-------- C:\Program Files\MP3Gain 2008-05-21 00:21 . 2008-05-21 00:21 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-05-21 00:21 . 2008-05-21 00:21 64,259 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-05-21 00:19 . 2008-05-21 00:19 <DIR> d-------- C:\WINDOWS\BricoPacks 2008-05-21 00:19 . 2008-05-21 00:21 6,112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-05-21 00:07 . 2008-05-21 00:07 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\Thunderbird 2008-05-21 00:07 . 2008-05-21 00:07 <DIR> d-------- C:\Documents and Settings\Nina\Application Data\Talkback 2008-05-21 00:07 . 2008-05-21 00:07 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-20 22:50 . 2008-05-20 22:50 <DIR> d-------- C:\Program Files\CONEXANT 2008-05-20 22:50 . 2005-10-18 16:53 998,656 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-05-20 22:50 . 2005-10-18 16:52 721,280 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-05-20 22:50 . 2005-10-24 10:20 218,496 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-05-20 22:50 . 2005-10-18 10:10 141,392 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty 2008-05-20 22:50 . 2005-10-25 09:09 114,688 --a------ C:\WINDOWS\system32\UCI32102.dll 2008-05-20 22:50 . 2005-10-05 15:56 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2008-05-20 22:50 . 2005-10-05 15:57 12,544 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-05-20 22:15 . 2008-05-20 22:15 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-05-20 22:15 . 2008-05-20 22:15 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-05-20 22:15 . 2008-05-20 22:15 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-05-20 22:12 . 2008-05-20 22:12 <DIR> d-------- C:\Program Files\Intel 2008-05-20 22:10 . 2008-05-20 22:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-20 22:10 . 2008-05-20 22:10 <DIR> d-------- C:\Program Files\DIFX 2008-05-20 22:09 . 2008-05-20 22:09 <DIR> d-------- C:\Program Files\Synaptics 2008-05-20 22:09 . 2006-06-16 19:17 356,352 --a------ C:\WINDOWS\EMCRI.dll 2008-05-20 22:09 . 2006-03-03 12:52 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-05-20 22:09 . 2006-03-03 12:55 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-05-20 22:09 . 2006-03-03 12:55 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-05-20 22:09 . 2006-03-03 12:55 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-05-20 22:09 . 2006-03-03 13:10 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-05-20 22:09 . 2006-03-03 13:08 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-05-20 22:06 . 2008-05-20 22:06 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-05-20 22:06 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2008-05-20 22:06 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2008-05-20 22:06 . 2006-08-02 06:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-05-20 22:05 . 2008-05-20 22:05 <DIR> d-------- C:\Program Files\Realtek 2008-05-20 22:05 . 2008-05-20 22:05 <DIR> d-------- C:\Program Files\Launch Manager 2008-05-20 22:05 . 2008-05-23 21:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 22:04 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE 2008-05-20 22:04 . 2006-06-16 19:17 74,752 --a------ C:\WINDOWS\system32\drivers\ESM7SK.sys 2008-05-20 22:04 . 2006-06-16 19:17 61,056 --a------ C:\WINDOWS\system32\drivers\EMS7SK.sys 2008-05-20 22:04 . 2005-10-31 14:17 45,312 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys 2008-05-20 22:04 . 2006-06-16 19:17 40,064 --a------ C:\WINDOWS\system32\drivers\ESD7SK.sys 2008-05-20 22:04 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2008-05-20 22:04 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2008-05-20 22:02 . 2008-05-20 22:09 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-20 22:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 11:16 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-06-11 11:11 --------- d-----w C:\Documents and Settings\Nina\Application Data\DMCache 2008-06-11 10:59 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-07 23:28 --------- d-----w C:\Documents and Settings\Nina\Application Data\Skype 2008-05-24 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-23 15:37 --------- d-----w C:\Program Files\Internet Download Manager 2008-05-23 15:37 --------- d-----w C:\Documents and Settings\Nina\Application Data\IDM 2008-05-21 19:08 --------- d-----w C:\Program Files\Winamp 2008-05-20 22:21 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-20 22:17 --------- d-----w C:\Program Files\Opera 2008-05-20 22:11 --------- d-----w C:\Program Files\Java 2008-05-20 21:59 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-20 21:58 --------- d-----w C:\Program Files\PHP Designer 2007 - Personal 2008-05-20 21:56 --------- d-----w C:\Program Files\Notebook Hardware Control 2008-05-20 21:55 --------- d-----w C:\Program Files\Lavasoft 2008-05-20 21:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-20 21:53 --------- d-----w C:\Program Files\VideoLAN 2008-05-20 21:51 --------- d-----w C:\Program Files\activePDF 2008-05-20 21:49 --------- d-----w C:\Program Files\Real 2008-05-20 21:49 --------- d-----w C:\Program Files\Common Files\xing shared 2008-05-20 21:49 --------- d-----w C:\Program Files\Common Files\Real 2008-05-20 21:45 --------- d-----w C:\Program Files\Xvid 2008-05-20 21:45 --------- d-----w C:\Program Files\Gabest 2008-05-20 21:45 --------- d-----w C:\Program Files\AC3Filter 2008-05-20 21:43 --------- d-----w C:\Program Files\NCH Swift Sound 2008-05-20 21:43 --------- d-----w C:\Documents and Settings\Nina\Application Data\NCH Swift Sound 2008-05-20 21:36 --------- d-----w C:\Program Files\Foxit Software 2008-05-20 21:35 --------- d-----w C:\Program Files\Sun 2008-05-20 21:33 --------- d-----w C:\Program Files\Common Files\Java 2008-05-20 21:19 --------- d-----w C:\Program Files\Skype 2008-05-20 21:19 --------- d-----w C:\Program Files\Common Files\Skype 2008-05-20 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-05-20 21:17 --------- d-----w C:\Program Files\Alwil Software 2008-05-20 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-05-20 20:05 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-05-20 19:53 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{241AF31B-6B25-453A-BEE4-5B6683B1D331}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600] "nwiz"="nwiz.exe" [2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "RTHDCPL"="RTHDCPL.EXE" [2007-05-29 07:32 16132608 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 10:51 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-24 14:37 1115728] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] C:\Documents and Settings\Nina\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-22 12:17:36 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "pfrnMOgAno"= C:\WINDOWS\system32\winver.exe --> er det denne som er synderen? [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nina^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Nina\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qmccoylc] C:\WINDOWS\system32\qmccoylc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwmrbxsr] C:\WINDOWS\system32\uwmrbxsr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 13:14:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\DOCUME~1\Nina\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** . Completion time: 2008-06-11 13:17:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 11:17:52 Pre-Run: 35,301,048,320 bytes free Post-Run: 35,229,663,232 bytes free 273 --- E O F --- 2008-06-03 11:32:59 Takker for hjelp! Lenke til kommentar
norbat Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Ja, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "pfrnMOgAno"=- Du trenger ikke å poste ny logg. Fortell hvordan PC-en kjører. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå