lassaron-jon Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 Jess, då var tiden kommet for å prøve å fikse mutterns bærbare.. Fult av popups, spam, vil ha meg til å laste ned alt mulig skit. Og ikkje minst Msn virus.. Ad-aware har fjernet noko, men har fortsatt problem, og siden eg er litt rusten på emnet er eg ikkje sikker på kva eg skal fjerne fra hijackthis... Har tatt ein del men trur det er nok å ta av fortsatt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:15:16, on 17.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\PowerKey.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSDCtrl.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\winudpcl.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\DOCUME~1\Acer\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\Lavasoft\Ad-Aware\Ad-Aware.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {03657894-7C44-4EF3-A162-E70D19564373} - C:\WINDOWS\system32\cbXRiFww.dll O2 - BHO: {cb5bd518-46bb-fc18-2f14-d47589754653} - {35645798-574d-41f2-81cf-bb64815db5bc} - C:\WINDOWS\system32\khjtbdvn.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B4AB9A73-D492-4127-9EDB-615D5F5445D3} - C:\WINDOWS\system32\geBqOiIa.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudpcl.exe O4 - HKLM\..\Run: [11100e4e] rundll32.exe "C:\WINDOWS\system32\fstyqlil.dll",b O4 - HKLM\..\Run: [BM12233dd2] Rundll32.exe "C:\WINDOWS\system32\pwnekdla.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O20 - Winlogon Notify: cbXRiFww - C:\WINDOWS\SYSTEM32\cbXRiFww.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7760 bytes Lenke til kommentar
snippsat Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 Hei det var en del grums ja. Du har greid og lage 3 poster vi tar denne. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
lassaron-jon Skrevet 17. juni 2008 Forfatter Del Skrevet 17. juni 2008 ComboFix 08-06-16.5 - Acer 2008-06-17 20:13:35.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.446 [GMT 2:00] Running from: C:\Documents and Settings\Acer\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM12233dd2.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\afqamggv.dll C:\WINDOWS\system32\aIiOqBeg.ini C:\WINDOWS\system32\aIiOqBeg.ini2 C:\WINDOWS\system32\auiacsks.dll C:\WINDOWS\system32\awtqnkhe.dll C:\WINDOWS\system32\awttrOIa.dll C:\WINDOWS\system32\awtturoN.dll C:\WINDOWS\system32\besiunon.dll C:\WINDOWS\system32\byXPJaaw.dll C:\WINDOWS\system32\cbXRiFww.dll C:\WINDOWS\system32\cccrhoml.dll C:\WINDOWS\system32\ddcBSMdc.dll C:\WINDOWS\system32\ddcCRIBS.dll C:\WINDOWS\system32\ddcDwwwW.dll C:\WINDOWS\system32\dyuiuonk.ini C:\WINDOWS\system32\efcARiFU.dll C:\WINDOWS\system32\escisjxx.ini C:\WINDOWS\system32\esswvgiu.ini C:\WINDOWS\system32\etrytfxl.ini C:\WINDOWS\system32\fcccaxya.dll C:\WINDOWS\system32\fqihgnmm.dll C:\WINDOWS\system32\fquuybnn.dll C:\WINDOWS\system32\geBqOiIa.dll C:\WINDOWS\system32\geBSkLCv.dll C:\WINDOWS\system32\iifdbYPG.dll C:\WINDOWS\system32\iifFyvtR.dll C:\WINDOWS\system32\iiypdlnv.dll C:\WINDOWS\system32\iwbucuob.dll C:\WINDOWS\system32\jmjjsvjf.ini C:\WINDOWS\system32\khjtbdvn.dll C:\WINDOWS\system32\kkhwandc.dll C:\WINDOWS\system32\lhxdqthe.dll C:\WINDOWS\system32\lilqytsf.ini C:\WINDOWS\system32\ljJBtTMd.dll C:\WINDOWS\system32\lypybhew.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mrqbmtew.dll C:\WINDOWS\system32\mxltxabq.ini C:\WINDOWS\system32\nangotrw.dll C:\WINDOWS\system32\nmnhlbxh.dll C:\WINDOWS\system32\nnbyuuqf.ini C:\WINDOWS\system32\nnnmnnoN.dll C:\WINDOWS\system32\pwnekdla.dll C:\WINDOWS\system32\qoMcyWmL.dll C:\WINDOWS\system32\rgucyfdw.dll C:\WINDOWS\system32\rqRHaWMc.dll C:\WINDOWS\system32\ssqQifcB.dll C:\WINDOWS\system32\tdxqqxis.dll C:\WINDOWS\system32\tefqrxip.dll C:\WINDOWS\system32\tuvUNdAQ.dll C:\WINDOWS\system32\uigvwsse.dll C:\WINDOWS\system32\urqOGYqN.dll C:\WINDOWS\system32\urqQggff.dll C:\WINDOWS\system32\wdfycugr.ini C:\WINDOWS\system32\wvUlmMeb.dll C:\WINDOWS\system32\wvUoLdcA.dll C:\WINDOWS\system32\xxjsicse.dll C:\WINDOWS\system32\xxywWpqP.dll C:\WINDOWS\system32\yandyckl.ini C:\WINDOWS\system32\yayxxUNh.dll C:\WINDOWS\system32\yayyWqPI.dll C:\WINDOWS\system32\yxakavgm.ini C:\WINDOWS\Temp\log.txt . ((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))) . 2008-06-17 17:04 . 2008-06-17 17:04 <DIR> dr-h----- C:\Documents and Settings\Kariann\Programdata\SecuROM 2008-06-17 13:12 . 2008-06-17 13:12 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-16 07:54 . 2008-06-16 07:54 268 --ah----- C:\sqmdata18.sqm 2008-06-16 07:54 . 2008-06-16 07:54 244 --ah----- C:\sqmnoopt18.sqm 2008-06-16 03:00 . 2008-06-16 03:00 172 --ah----- C:\sqmnoopt17.sqm 2008-06-16 03:00 . 2008-06-16 03:00 172 --ah----- C:\sqmdata17.sqm 2008-06-15 15:18 . 2008-06-15 15:18 268 --ah----- C:\sqmdata16.sqm 2008-06-15 15:18 . 2008-06-15 15:18 244 --ah----- C:\sqmnoopt16.sqm 2008-06-15 10:43 . 2008-06-15 10:43 268 --ah----- C:\sqmdata15.sqm 2008-06-15 10:43 . 2008-06-15 10:43 244 --ah----- C:\sqmnoopt15.sqm 2008-06-13 23:20 . 2008-06-13 23:20 268 --ah----- C:\sqmdata14.sqm 2008-06-13 23:20 . 2008-06-13 23:20 244 --ah----- C:\sqmnoopt14.sqm 2008-06-12 23:19 . 2008-06-12 23:19 172 --ah----- C:\sqmnoopt13.sqm 2008-06-12 23:19 . 2008-06-12 23:19 172 --ah----- C:\sqmdata13.sqm 2008-06-12 22:52 . 2008-06-12 22:52 268 --ah----- C:\sqmdata12.sqm 2008-06-12 22:52 . 2008-06-12 22:52 244 --ah----- C:\sqmnoopt12.sqm 2008-06-12 20:17 . 2008-06-12 20:17 <DIR> d-------- C:\Documents and Settings\Kariann\Programdata\Apple Computer 2008-06-12 20:00 . 2008-06-12 20:00 244 --ah----- C:\sqmnoopt11.sqm 2008-06-12 20:00 . 2008-06-12 20:00 232 --ah----- C:\sqmdata11.sqm 2008-06-12 19:54 . 2008-06-12 19:54 244 --ah----- C:\sqmnoopt10.sqm 2008-06-12 19:54 . 2008-06-12 19:54 232 --ah----- C:\sqmdata10.sqm 2008-06-12 17:58 . 2008-06-12 17:58 <DIR> d---s---- C:\Documents and Settings\Kariann\UserData 2008-06-12 14:05 . 2008-06-12 14:05 <DIR> d-------- C:\Documents and Settings\Kariann\Contacts 2008-06-12 10:59 . 2008-06-12 10:59 244 --ah----- C:\sqmnoopt09.sqm 2008-06-12 10:59 . 2008-06-12 10:59 232 --ah----- C:\sqmdata09.sqm 2008-06-11 22:08 . 2008-06-11 22:08 <DIR> d-------- C:\Programfiler\Lavasoft 2008-06-11 22:08 . 2008-06-11 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-06-11 22:04 . 2008-06-11 22:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-11 21:56 . 2008-06-11 21:56 <DIR> d--h----- C:\WINDOWS\PIF 2008-06-11 16:59 . 2008-06-11 16:59 41,984 -r-hs---- C:\WINDOWS\winudpcl.exe 2008-06-11 11:02 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 11:02 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-29 15:02 . 2008-05-29 15:02 268 --ah----- C:\sqmdata08.sqm 2008-05-29 15:02 . 2008-05-29 15:02 244 --ah----- C:\sqmnoopt08.sqm 2008-05-29 14:33 . 2008-05-29 14:33 268 --ah----- C:\sqmdata07.sqm 2008-05-29 14:33 . 2008-05-29 14:33 244 --ah----- C:\sqmnoopt07.sqm 2008-05-27 15:47 . 2008-05-27 15:47 <DIR> dr-h----- C:\Documents and Settings\Acer\Programdata\SecuROM 2008-05-27 15:47 . 2008-05-27 15:47 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-05-23 15:42 . 2008-05-23 15:42 <DIR> d-------- C:\Programfiler\EA GAMES 2008-05-23 15:42 . 2005-02-26 07:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-13 13:29 --------- d-----w C:\Programfiler\Norton Security Scan 2008-05-08 16:28 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-04-10 06:42 41,594 ----a-w C:\WINDOWS\images.zip 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:52 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:52 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2007-12-02 17:09 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-02 16:55 22,620,456 ----a-w C:\Programfiler\SkypeSetup.exe 2007-11-18 16:17 6,219,320 ----a-w C:\Programfiler\picasaweb-current-setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49 40960] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 17:23 15961088 C:\WINDOWS\RTHDCPL.exe] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 15:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-25 20:41 185632] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "Windows UDP Control"="winudpcl.exe" [2008-06-11 16:59 41984 C:\WINDOWS\winudpcl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 22:52:18 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\ATL.DLL -> ?:\WINDOWS\system32\ATL.DLL -> ?:\WINDOWS\system32\ATL.DLL . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\DOCUME~1\Acer\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-06-17 22:54:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-17 20:54:22 Pre-Run: 23,403,102,208 byte ledig Post-Run: 25,062,572,032 byte ledig 241 --- E O F --- 2008-06-11 10:54:22 Lenke til kommentar
lassaron-jon Skrevet 17. juni 2008 Forfatter Del Skrevet 17. juni 2008 (endret) - "internett fungerer ikkje" - Mest sansynlig la den inn virus på flashdisk, slik at når eg dobbelklikket på usbpennen på min masking, ville den starte ei skjult .exe fil [winudpcl.exe] Heldig vis tok Zonealarm den. Du kan sjå den om du søker i loggfila. - Trur det heile started med eit enkelt Msn virus (link som ser ut til å vere image, du laster ned bilde som heiter nåke sånt: pic_of_you.imageshack.us.exe) Etter eit par dager kom det fleire og fleire virus som sakte men sikkert tar knekken på maskina Endret 17. juni 2008 av lassaron-jon Lenke til kommentar
norbat Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste sammen med en ny combofix-logg (kjørt altså combofix på nytt etter MBAM) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå