Tdnoz Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) Pcen er begynt å bli treig, Explorer krasjer hele tiden samt IE.. FÅr opp noen "spyware" bilder på forumet også.. Har sletta menge filer men problemet kommer opp støtt å stadig Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:30, on 26.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\D-50\D-50\Bin\D-50.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe D:\spill\Valve\Steam\Steam.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Opera\opera.exe C:\Windows\explorer.exe C:\Users\Tnoz\AppData\Local\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DesktopEarth AutoStart.lnk = ? O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7733 bytes Endret 26. juni 2008 av Tdnoz Lenke til kommentar
r2d290 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) HijackThis kan bare ta backup når den er plassert i en egen mappe. Det ser ut til at du har plassert HijackThis i C:\Users\Tnoz\AppData\Local\Opera\Opera\profile\cache4\temporary_download\HiJack This.exe og det er ikke en egen mappe. Siden backup er veldig viktig, bør du pakke ut/installere HijackThis på nytt, til sin egen permanente mappe (f.eks C:\HJT) Du kommer ikke til å få hjelp før du har gjort dette. Si ifra når du har gjort det. Du kan gjerne poste en ny HijackThis-logg når du har gjort det, så ser vi at det er gjort Endret 26. juni 2008 av r2d290 Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 (endret) Nå begynner jeg å se rødt...... Pcn klikker internasjonalt snart, krasjer i ett kjør, opera og IE er verst selv om jeg bare har oppe Opera. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:38:32, on 26.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\D-50\D-50\Bin\D-50.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe D:\spill\Valve\Steam\Steam.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Opera\opera.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\highjack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DesktopEarth AutoStart.lnk = ? O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7766 bytes Ligger i egen mappe nå Endret 26. juni 2008 av Tdnoz Lenke til kommentar
r2d290 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing) O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1 O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Bruk windows utforsker (høyreklikk på start-menyen, og velg "Utforsk Se om du finner følgende filer. Hvis du gjør det, sletter du dem. Hvis ikke, sier du hvilke filer du ikke finner. C:\Windows\system32\tuvULEvW.dll "C:\Windows\system32\kditerfi.dll", C:\Windows\system32\hfenvcvg.dll Deretter restarter du maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\Program Files\D-50\D-50\Bin\D-50.EXE Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. edit: forandret fargen fra rødt til blått. Syntes det var ille at du skulle se enda mer rødt enn du alerede gjorde Endret 26. juni 2008 av r2d290 Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 Den første fila var ikke der de to andre fikk jeg ikke lov å sletta. Er admin. men ikke pålogget som administrator vist det har noe å se.. D-50 tingen er ikke noe å være redd for, det er internettet mitt, akka ice sitt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:11:09, on 26.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\D-50\D-50\Bin\D-50.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\ESET\nod32kui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\spill\Valve\Steam\Steam.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchFilterHost.exe C:\highjack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {32E333FA-051A-463F-B4EE-8C5BD8957690} - C:\Windows\system32\ddCssPGy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7297 bytes Lenke til kommentar
r2d290 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Last ned Combofix, og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 operan min klikker hele tiden.... og det kommer opp at Internett explorer har krasjet, selv om jeg ikke bruker det eller kjører det... ComboFix 08-06-20.4 - Tnoz 2008-06-26 22:48:19.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1106 [GMT 2:00] Running from: C:\Users\Tnoz\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Tnoz\AppData\Roaming\inst.exe C:\Windows\system32\aomkmlbr.ini C:\Windows\system32\ddCssPGy.dll C:\Windows\system32\gvcvnefh.ini C:\Windows\system32\mbhqdagk.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\ppmkkxsc.ini C:\Windows\system32\qiiwnfyt.ini C:\Windows\system32\twyxhwth.ini C:\Windows\system32\vgbfuioj.ini C:\Windows\System32\wvybJkkj.ini C:\Windows\System32\wvybJkkj.ini2 C:\Windows\System32\yGPssCdd.ini C:\Windows\System32\yGPssCdd.ini2 . ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 22:46 . 2008-06-26 22:47 <DIR> d-------- C:\327882R2FWJFW 2008-06-26 22:43 . 2008-06-26 22:46 <DIR> d-------- C:\cf 2008-06-26 21:33 . 2008-06-26 22:10 <DIR> d-------- C:\highjack 2008-06-26 20:45 . 2008-06-26 20:45 106,496 --a------ C:\Windows\System32\ssdnikpj.dll 2008-06-26 19:11 . 2008-06-26 19:11 80,896 --a------ C:\Windows\System32\hfenvcvg.dll 2008-06-26 19:08 . 2008-06-26 19:08 91,648 --a------ C:\Windows\System32\kditerfi.dll 2008-06-25 17:25 . 2008-06-25 17:25 106,496 --a------ C:\Windows\System32\ttrhcear.dll 2008-06-25 17:22 . 2008-06-25 17:22 91,136 --a------ C:\Windows\System32\ehudhfeg.dll 2008-06-24 19:28 . 2008-06-24 19:28 99,840 --a------ C:\Windows\System32\xauxijbt.dll 2008-06-24 19:25 . 2008-06-24 19:25 91,136 --a------ C:\Windows\System32\faisdcec.dll 2008-06-23 18:40 . 2008-06-23 18:40 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\vlc 2008-06-21 13:53 . 2008-06-21 13:52 512,096 --a------ C:\Windows\System32\drivers\amon.sys 2008-06-21 13:53 . 2008-06-21 13:52 298,104 --a------ C:\Windows\System32\imon.dll 2008-06-21 13:53 . 2008-06-21 13:52 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys 2008-06-21 12:23 . 2008-06-21 12:23 30,760 --a------ C:\Windows\System32\kzmwvayu.exe 2008-06-21 02:19 . 2008-06-21 02:13 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-06-21 02:13 . 2008-06-21 12:23 <DIR> d-------- C:\Users\Tnoz\.housecall6.6 2008-06-21 02:03 . 2008-06-21 02:03 30,760 --a------ C:\Windows\System32\mlzaqqrt.exe 2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Grisoft 2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\All Users\Grisoft 2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\ProgramData\Grisoft 2008-06-19 14:37 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys 2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\Users\All Users\WindowsSearch 2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\ProgramData\WindowsSearch 2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-06-16 18:47 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-16 18:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-12 23:06 . 2008-06-26 12:34 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Hamachi 2008-06-12 23:06 . 2008-06-12 23:06 <DIR> d-------- C:\Program Files\Hamachi 2008-06-12 23:06 . 2008-06-12 23:06 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys 2008-06-12 22:52 . 2008-06-12 22:52 <DIR> d-------- C:\Program Files\Pioneer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 20:07 --------- d-----w C:\Users\Tnoz\AppData\Roaming\OpenOffice.org2 2008-06-26 20:05 --------- d-----w C:\Users\Tnoz\AppData\Roaming\uTorrent 2008-06-26 16:50 27,744 ----a-w C:\Users\Tnoz\AppData\Roaming\nvModes.dat 2008-06-26 16:28 --------- d-----w C:\Program Files\Opera 2008-06-25 18:21 --------- d-----w C:\Users\Tnoz\AppData\Roaming\dvdcss 2008-06-23 16:18 --------- d-----w C:\Users\Tnoz\AppData\Roaming\LimeWire 2008-06-21 12:49 --------- d-----w C:\Program Files\ESET 2008-06-21 00:09 --------- d-----w C:\Program Files\Java 2008-06-17 00:09 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-16 16:58 --------- d-----w C:\Program Files\Windows Mail 2008-05-26 14:14 --------- d-----w C:\Users\Tnoz\AppData\Roaming\Vso 2008-05-12 11:27 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 14:14 --------- d-----w C:\ProgramData\Valve 2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll 2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS 2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-08 18:50 151,552 ----a-w C:\Windows\System32\nvRegDev.dll 2008-03-22 11:28 174 --sha-w C:\Program Files\desktop.ini 2008-02-18 20:04 47,360 ----a-w C:\Users\Tnoz\AppData\Roaming\pcouffin.sys 2007-12-25 16:34 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-25 16:34 32 ----a-w C:\ProgramData\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "Steam"="d:\spill\valve\steam\steam.exe" [2008-04-05 13:09 1271032] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2006-09-10 18:03 4702208 C:\Windows\RtHDVCpl.exe] "PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 19:51 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872] "IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 18:49 33048] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 12:35 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "D-50.exe"="C:\Program Files\D-50\D-50\Bin\D-50.EXE" [2007-10-16 19:15 2504504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-11 18:37 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-11 18:20 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-11 18:36 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 13:52 949376] "BM758eacab"="C:\Windows\system32\kditerfi.dll" [2008-06-26 19:08 91648] C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [6/12/2008 11:06:23 PM 624416] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/22/2007 1:49:54 PM 113664] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2700020247-2067570767-2843345076-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{63DA0E8D-B508-48B0-B396-9150C97FA0E0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B0E76302-5781-4FA3-9E29-688827E38957}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{3FCEC18E-64A4-4B34-A528-13BE1370DD9C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{ED4B46CD-89E5-4560-AB4A-1D3778B4A647}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3918AC62-BBB6-46FA-9706-2F26211CD423}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C8D2000F-9F55-4859-A97A-F16EDA13B512}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= UDP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile "UDP Query User{78AD69AA-2373-463F-9C64-A36764215D15}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= TCP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile "{D1E18330-0A59-4B61-A65A-4BF8F353D6BD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{0755EE26-04B0-483B-8088-5A92093EEED4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{778B99FC-C22A-4FEB-A90F-2E229326457E}"= UDP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{70C7FA35-35C9-44A6-98DB-65CCA511CF21}"= TCP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "TCP Query User{3671507A-F171-4867-9736-0AE93653B380}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= UDP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3 "UDP Query User{BB43C42A-9C5F-48CE-9236-C7707D7B46E6}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= TCP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3 "TCP Query User{3B866BFE-78B3-4336-AB9B-999BF504AD6A}C:\\program files\\look@lan\\lookatlan.exe"= UDP:C:\program files\look@lan\lookatlan.exe:Look@LAN "UDP Query User{1D47A0B7-9A47-4F4D-9A93-C7AD5CCC44F7}C:\\program files\\look@lan\\lookatlan.exe"= TCP:C:\program files\look@lan\lookatlan.exe:Look@LAN "{CAC7E71F-3EFE-4D78-B299-A4684D58ADF8}"= UDP:D:\spill\Valve\Steam\Steam.exe:Steam "{8881A146-0127-4FCC-8E9D-D1E30B6ECAA0}"= TCP:D:\spill\Valve\Steam\Steam.exe:Steam "TCP Query User{EE0113A4-D1F3-4AA9-BE4A-A0D3CD379025}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{03724D3A-E2F1-4242-A271-C5BDAFF6575B}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{96EBBC08-3F99-49E2-9DE9-63D26E6B451A}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= UDP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2 "UDP Query User{12A53F5C-0405-4F55-A0A3-93B28DCCA9C9}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= TCP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2 "TCP Query User{5EA4B419-631B-4ABE-B053-E05DD9E9248B}D:\\spill\\rfactor\\rfactor.exe"= UDP:D:\spill\rfactor\rfactor.exe:rFactor "UDP Query User{BE451D43-15E1-4F96-A2FA-5255BBA657D3}D:\\spill\\rfactor\\rfactor.exe"= TCP:D:\spill\rfactor\rfactor.exe:rFactor "{7EB9C21F-DA4E-4894-837F-C6BE91BD5CBB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{BC5E8699-A4BE-41C5-9C12-56EE08CFBE48}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{88E12EEB-F874-4A16-9C3D-3B0C598A01FA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{89872A9F-4673-45D5-A01D-42F903EE4C44}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{8DA5BDD0-F08D-4241-949B-5B20B879DADA}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{7F6A70FD-62E2-499F-A970-D40802EE38EA}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0C8CD7D2-A0FA-417E-9AB3-05C49A0DB69A}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{0B0A0A6B-A0B6-448F-BFB7-276656F6A18B}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{1E7A9A76-6306-4C43-9F7F-052BA6416F4C}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{72334FD5-FA89-4D4C-9832-4DC0670EF513}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{783A1590-AB9A-4E55-B556-69179D6CFF08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{291271F8-CC99-497F-9E43-385D0CD359DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{5CC1C7BC-F9AB-4E1A-B4AE-89423AC90455}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 02:11] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20] R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25] R3 cmusbser;%CMUSBSER%;C:\Windows\system32\DRIVERS\cmusbser.sys [2006-12-13 18:31] R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-16 19:03] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 08:51] S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 04:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 15:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 15:20] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-15 01:07] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05115684-da78-11dc-bf65-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878a3a19-c016-11dc-9881-001b244c05aa}] \shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b423acb3-de51-11dc-99ad-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e381-c425-11dc-9f7d-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e391-c425-11dc-9f7d-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 22:54:18 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\kditerfi.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\conime.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\ESET\nod32krn.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.bin C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-06-26 22:58:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-26 20:58:16 Pre-Run: 7,153,836,032 bytes free Post-Run: 7,291,355,136 bytes free 231 --- E O F --- 2008-06-16 16:52:08 Lenke til kommentar
r2d290 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Tror kanskje noen av de andre bør overta nå... blei litt for avansert for meg Lenke til kommentar
WD40 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Jeg foreslår en formatering. Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Punkt 2: Kjør Combofix på nytt. Punkt 3: Post den ny combofix-loggen + loggen fra MBAM Edit: Formatering burde ikke være nødvendig i dette tilfellet. Rens opp litt med å kjøre MBAM. Resten tar vi vha. Combofix. Endret 26. juni 2008 av norbat Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 er det so bad? håpte på å ikke måtte formatere... prøver nå Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Nei, det er ikke så bad. Du har en helt vanlig infeksjon Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 ok, men plagsom er det.. straks ferdig.... nå husker jeg en av filene som kom opp i virus programmet mitt hele tia... vundo Lenke til kommentar
snippsat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) Jeg foreslår en formatering. Du er nok ny i delen av forumet,vi ber aldrig noen om og formatere. Alle typer infeksjoner fixer vi greit Vi order også andre systemproblemer,noen sjeldene ganger er ikke problemet løslig da er det som relgel bruker som gir opp ikke vi. Endret 26. juni 2008 av SNIPPSAT Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 (endret) Ja, Vundo har en tendens til å dra med seg en hel bråte med filer. Endret 26. juni 2008 av norbat Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 MBAM Malwarebytes' Anti-Malware 1.18 Database versjon: 894 23:45:03 26.06.2008 mbam-log-6-26-2008 (23-45-03).txt Skann type: Rask Skann Objekter skannet: 34999 Tid tilbakelagt: 3 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 4 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM758eacab (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\kzmwvayu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\mlzaqqrt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\kditerfi.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Combo ComboFix 08-06-20.4 - Tnoz 2008-06-26 23:52:07.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1155 [GMT 2:00] Running from: C:\Users\Tnoz\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 23:51 . 2008-06-26 23:51 <DIR> d-------- C:\327882R2FWJFW 2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Malwarebytes 2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-26 23:38 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-06-26 23:38 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-06-26 21:33 . 2008-06-26 22:10 <DIR> d-------- C:\highjack 2008-06-26 20:45 . 2008-06-26 20:45 106,496 --a------ C:\Windows\System32\ssdnikpj.dll 2008-06-26 19:11 . 2008-06-26 19:11 80,896 --a------ C:\Windows\System32\hfenvcvg.dll 2008-06-25 17:25 . 2008-06-25 17:25 106,496 --a------ C:\Windows\System32\ttrhcear.dll 2008-06-25 17:22 . 2008-06-25 17:22 91,136 --a------ C:\Windows\System32\ehudhfeg.dll 2008-06-24 19:28 . 2008-06-24 19:28 99,840 --a------ C:\Windows\System32\xauxijbt.dll 2008-06-24 19:25 . 2008-06-24 19:25 91,136 --a------ C:\Windows\System32\faisdcec.dll 2008-06-23 18:40 . 2008-06-23 18:40 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\vlc 2008-06-21 13:53 . 2008-06-21 13:52 512,096 --a------ C:\Windows\System32\drivers\amon.sys 2008-06-21 13:53 . 2008-06-21 13:52 298,104 --a------ C:\Windows\System32\imon.dll 2008-06-21 13:53 . 2008-06-21 13:52 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys 2008-06-21 02:19 . 2008-06-21 02:13 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-06-21 02:13 . 2008-06-21 12:23 <DIR> d-------- C:\Users\Tnoz\.housecall6.6 2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\All Users\Grisoft 2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\ProgramData\Grisoft 2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\Users\All Users\WindowsSearch 2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\ProgramData\WindowsSearch 2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-06-16 18:47 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-16 18:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-12 23:06 . 2008-06-26 12:34 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Hamachi 2008-06-12 23:06 . 2008-06-12 23:06 <DIR> d-------- C:\Program Files\Hamachi 2008-06-12 23:06 . 2008-06-12 23:06 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys 2008-06-12 22:52 . 2008-06-12 22:52 <DIR> d-------- C:\Program Files\Pioneer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 21:49 --------- d-----w C:\Users\Tnoz\AppData\Roaming\OpenOffice.org2 2008-06-26 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-26 20:05 --------- d-----w C:\Users\Tnoz\AppData\Roaming\uTorrent 2008-06-26 16:50 27,744 ----a-w C:\Users\Tnoz\AppData\Roaming\nvModes.dat 2008-06-26 16:28 --------- d-----w C:\Program Files\Opera 2008-06-25 18:21 --------- d-----w C:\Users\Tnoz\AppData\Roaming\dvdcss 2008-06-23 16:18 --------- d-----w C:\Users\Tnoz\AppData\Roaming\LimeWire 2008-06-21 12:49 --------- d-----w C:\Program Files\ESET 2008-06-21 00:09 --------- d-----w C:\Program Files\Java 2008-06-17 00:09 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-16 16:58 --------- d-----w C:\Program Files\Windows Mail 2008-05-26 14:14 --------- d-----w C:\Users\Tnoz\AppData\Roaming\Vso 2008-05-12 11:27 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 14:14 --------- d-----w C:\ProgramData\Valve 2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll 2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS 2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-08 18:50 151,552 ----a-w C:\Windows\System32\nvRegDev.dll 2008-03-22 11:28 174 --sha-w C:\Program Files\desktop.ini 2008-02-18 20:04 47,360 ----a-w C:\Users\Tnoz\AppData\Roaming\pcouffin.sys 2007-12-25 16:34 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-25 16:34 32 ----a-w C:\ProgramData\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-26_22.57.49.62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-26 20:53:43 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-26 21:47:04 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-26 21:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-26 21:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-26 20:53:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-26 21:48:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-26 21:48:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-26 20:53:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-26 21:48:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-06-26 20:07:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-26 21:00:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-26 20:07:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-26 21:00:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-26 20:07:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-26 21:00:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-26 20:14:00 101,250 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-26 21:53:57 98,916 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-26 20:14:00 587,178 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-26 21:53:57 584,844 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-26 20:09:30 6,452 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2700020247-2067570767-2843345076-1000_UserData.bin + 2008-06-26 21:49:03 6,714 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2700020247-2067570767-2843345076-1000_UserData.bin - 2008-06-26 20:09:29 76,314 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-26 21:49:03 76,978 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-26 20:09:17 36,064 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-26 21:48:56 36,176 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "Steam"="d:\spill\valve\steam\steam.exe" [2008-04-05 13:09 1271032] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2006-09-10 18:03 4702208 C:\Windows\RtHDVCpl.exe] "PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 19:51 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872] "IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 18:49 33048] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 12:35 102400] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "D-50.exe"="C:\Program Files\D-50\D-50\Bin\D-50.EXE" [2007-10-16 19:15 2504504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-11 18:37 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-11 18:20 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-11 18:36 81920] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 13:52 949376] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Tnoz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk] path=C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk backup=C:\Windows\pss\hamachi.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Tnoz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2007-12-19 22:13 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] --a------ 2007-09-25 15:03 93208 C:\Program Files\Logitech\Gaming Software\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2700020247-2067570767-2843345076-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{63DA0E8D-B508-48B0-B396-9150C97FA0E0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B0E76302-5781-4FA3-9E29-688827E38957}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{3FCEC18E-64A4-4B34-A528-13BE1370DD9C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{ED4B46CD-89E5-4560-AB4A-1D3778B4A647}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3918AC62-BBB6-46FA-9706-2F26211CD423}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C8D2000F-9F55-4859-A97A-F16EDA13B512}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= UDP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile "UDP Query User{78AD69AA-2373-463F-9C64-A36764215D15}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= TCP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile "{D1E18330-0A59-4B61-A65A-4BF8F353D6BD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{0755EE26-04B0-483B-8088-5A92093EEED4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{778B99FC-C22A-4FEB-A90F-2E229326457E}"= UDP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{70C7FA35-35C9-44A6-98DB-65CCA511CF21}"= TCP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "TCP Query User{3671507A-F171-4867-9736-0AE93653B380}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= UDP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3 "UDP Query User{BB43C42A-9C5F-48CE-9236-C7707D7B46E6}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= TCP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3 "TCP Query User{3B866BFE-78B3-4336-AB9B-999BF504AD6A}C:\\program files\\look@lan\\lookatlan.exe"= UDP:C:\program files\look@lan\lookatlan.exe:Look@LAN "UDP Query User{1D47A0B7-9A47-4F4D-9A93-C7AD5CCC44F7}C:\\program files\\look@lan\\lookatlan.exe"= TCP:C:\program files\look@lan\lookatlan.exe:Look@LAN "{CAC7E71F-3EFE-4D78-B299-A4684D58ADF8}"= UDP:D:\spill\Valve\Steam\Steam.exe:Steam "{8881A146-0127-4FCC-8E9D-D1E30B6ECAA0}"= TCP:D:\spill\Valve\Steam\Steam.exe:Steam "TCP Query User{EE0113A4-D1F3-4AA9-BE4A-A0D3CD379025}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{03724D3A-E2F1-4242-A271-C5BDAFF6575B}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{96EBBC08-3F99-49E2-9DE9-63D26E6B451A}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= UDP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2 "UDP Query User{12A53F5C-0405-4F55-A0A3-93B28DCCA9C9}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= TCP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2 "TCP Query User{5EA4B419-631B-4ABE-B053-E05DD9E9248B}D:\\spill\\rfactor\\rfactor.exe"= UDP:D:\spill\rfactor\rfactor.exe:rFactor "UDP Query User{BE451D43-15E1-4F96-A2FA-5255BBA657D3}D:\\spill\\rfactor\\rfactor.exe"= TCP:D:\spill\rfactor\rfactor.exe:rFactor "{7EB9C21F-DA4E-4894-837F-C6BE91BD5CBB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{BC5E8699-A4BE-41C5-9C12-56EE08CFBE48}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{88E12EEB-F874-4A16-9C3D-3B0C598A01FA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{89872A9F-4673-45D5-A01D-42F903EE4C44}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{8DA5BDD0-F08D-4241-949B-5B20B879DADA}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{7F6A70FD-62E2-499F-A970-D40802EE38EA}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0C8CD7D2-A0FA-417E-9AB3-05C49A0DB69A}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{0B0A0A6B-A0B6-448F-BFB7-276656F6A18B}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{1E7A9A76-6306-4C43-9F7F-052BA6416F4C}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{72334FD5-FA89-4D4C-9832-4DC0670EF513}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{783A1590-AB9A-4E55-B556-69179D6CFF08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{291271F8-CC99-497F-9E43-385D0CD359DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{5CC1C7BC-F9AB-4E1A-B4AE-89423AC90455}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{BFBF1D0B-1E85-4CE6-BBF9-5E1B677CD39C}D:\\spill\\lfs\\digitalspeedo\\digitalspeedo.exe"= UDP:D:\spill\lfs\digitalspeedo\digitalspeedo.exe:DigitalGauges "UDP Query User{7DBC9269-95E9-401C-8DCF-A78F0C6C027F}D:\\spill\\lfs\\digitalspeedo\\digitalspeedo.exe"= TCP:D:\spill\lfs\digitalspeedo\digitalspeedo.exe:DigitalGauges "TCP Query User{E274CE1C-4C09-4D33-8C88-C503520DD6C6}D:\\spill\\lfs\\lfs.exe"= UDP:D:\spill\lfs\lfs.exe:LFS "UDP Query User{FAF88CC0-3281-4914-8E50-A2CD3515B4A4}D:\\spill\\lfs\\lfs.exe"= TCP:D:\spill\lfs\lfs.exe:LFS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 02:11] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20] R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25] R3 cmusbser;%CMUSBSER%;C:\Windows\system32\DRIVERS\cmusbser.sys [2006-12-13 18:31] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 08:51] S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 04:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 15:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 15:20] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-15 01:07] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-16 19:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05115684-da78-11dc-bf65-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878a3a19-c016-11dc-9881-001b244c05aa}] \shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b423acb3-de51-11dc-99ad-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e381-c425-11dc-9f7d-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e391-c425-11dc-9f7d-001b244c05aa}] \shell\AutoRun\command - G:\Launcher.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 23:54:37 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-26 23:55:24 ComboFix-quarantined-files.txt 2008-06-26 21:55:17 ComboFix2.txt 2008-06-26 20:58:31 Pre-Run: 6,602,297,344 bytes free Post-Run: 6,568,443,904 bytes free 230 --- E O F --- 2008-06-16 16:52:08 Lenke til kommentar
norbat Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Bruk utforsker til å finne og slett følgende filer: C:\Windows\System32\ssdnikpj.dll C:\Windows\System32\hfenvcvg.dll C:\Windows\System32\ttrhcear.dll C:\Windows\System32\ehudhfeg.dll C:\Windows\System32\xauxijbt.dll C:\Windows\System32\faisdcec.dll (Tips: Ordne filene etter dato. Da vil du mest sannsynlig finne dem samlet) Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'. Dette vil rense ut temporære filer etc. Fortell hvordan det går med 'problemet' ditt. Lenke til kommentar
Tdnoz Skrevet 26. juni 2008 Forfatter Del Skrevet 26. juni 2008 ser ut til å funke det... skal komme tilbake vist det dukker opp igjen.... takker for hjelpen Lenke til kommentar
r2d290 Skrevet 26. juni 2008 Del Skrevet 26. juni 2008 Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. The C:\Deckard mappe, hvis den eksisterer The C:_OtMoveIt mappe, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. MBAM kan du gjerne beholde, og scanne maskinen av og til Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå