Tistlo Skrevet 10. august 2008 Del Skrevet 10. august 2008 Hei! Eg får altså opp tusenvis av sånne ads by adzelgalore, CID +++ EG HAR LYST Å FÅ SLUTT PÅ DET!! Pcen krasjer heila tida Har lest nokon andre tråder, så: Her er loggen frå HJT: Logfile of HijackThis v1.99.1 Scan saved at 00:28:57, on 11.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe C:\WINDOWS\zHotkey.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Steam\Steam.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and settings\RUNAR\Mine dokumenter\Nedlasta Programmer\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Keyboard Status] C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and settings\All Users\Programdata\grey ante kind mess\Delete flaw.exe O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{da7e2970-2118-0932-8efd-ca793bbc012c}.dll" DllInit O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www1.medion.com/no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098955946984 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe Loggen frå SAS skal eg og leggja ut Håper virkelig att nokon kan hjelpa meg Lenke til kommentar
galskab Skrevet 10. august 2008 Del Skrevet 10. august 2008 O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and settings\All Users\Programdata\grey ante kind mess\Delete flaw.exe "Kind mess surf" ? Google grey ante kind mess Lenke til kommentar
snippsat Skrevet 11. august 2008 Del Skrevet 11. august 2008 Du har noe grums,kjør denne og post loggen. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Tistlo Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and settings\All Users\Programdata\grey ante kind mess\Delete flaw.exe "Kind mess surf" ? Google grey ante kind mess Eg fjerna den kind mess surf, og etter det kom det ingen pop ups Men det er sikkert meira drit på dataen, så eg ska prøve den der combofix, og ;=) Lenke til kommentar
Tistlo Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Her er loggen frå combofix: ComboFix 08-08-10.02 - RUNAR 2008-08-11 13:10:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.494 [GMT 2:00] Running from: C:\Documents and settings\RUNAR\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\cpmsky-uninst.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\myss_sb_uninstall.exe C:\WINDOWS\system32\ninjaext.dll C:\WINDOWS\system32\nsa3C.dll C:\WINDOWS\system32\nse7F.dll C:\WINDOWS\system32\nsh8F.dll C:\WINDOWS\system32\nsk31.dll C:\WINDOWS\system32\nsk3B.dll C:\WINDOWS\system32\nsk83.dll C:\WINDOWS\system32\nsoC4.dll C:\WINDOWS\system32\nsv5F.dll C:\WINDOWS\system32\nsx33.dll C:\WINDOWS\system32\nsx3C.dll E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Documents and settings\RUNAR\Programdata\SUPERAntiSpyware.com 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Programfiler\Security Task Manager 2008-08-10 17:37 . 2008-08-10 17:38 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SecTaskMan 2008-08-08 01:18 . 2008-08-08 01:18 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP 2008-07-15 17:17 . 2008-07-15 17:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-15 17:17 . 2008-07-15 17:17 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 11:14 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-11 11:00 --------- d-----w C:\Programfiler\Steam 2008-08-10 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-05 11:36 --------- d-----w C:\Documents and settings\All Users\Programdata\Symantec 2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-22 18:04 --------- d-----w C:\Programfiler\LimeWire 2008-07-18 18:24 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-18 18:24 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-18 18:24 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-07-12 15:45 23 ----a-w C:\Documents and settings\RUNAR\jagex_runescape_preferences.dat 2008-07-09 23:48 --------- d-----w C:\Programfiler\Norton 360 2008-07-08 20:37 --------- d-----w C:\Documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-08 20:11 --------- d-----w C:\Documents and settings\RUNAR\Programdata\Symantec 2008-07-08 20:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-08 20:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-08 20:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-08 20:09 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-08 20:09 --------- d-----w C:\Programfiler\Symantec 2008-07-08 20:08 --------- d-----w C:\Programfiler\Windows Sidebar 2008-07-07 19:47 --------- d-----w C:\Documents and settings\All Users\Programdata\Lavasoft 2008-07-07 19:45 --------- d-----w C:\Programfiler\Lavasoft 2008-07-07 19:12 --------- d-----w C:\Programfiler\Eusing Free Registry Cleaner 2008-07-05 22:41 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-07-05 22:33 --------- d-----w C:\Programfiler\Apple Software Update 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-20 20:58 95,833 ----a-w C:\WINDOWS\system32\{e619385d-7265-5a4c-973c-6561606a18ec}.dll-uninst.exe 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-26 16:58 5,761 ----a-w C:\Programfiler\install.log 2006-12-03 20:15 43,394,698 ----a-w C:\Programfiler\nis2006.exe 2004-08-03 23:03 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008] "Steam"="c:\programfiler\steam\steam.exe" [2008-05-09 14:02 1271032] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Keyboard Status"="C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048] "osCheck"="C:\Programfiler\Norton 360\osCheck.exe" [2008-02-26 16:50 988512] "CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] HP Image Zone Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-05-26 16:56:03 438272] Microsoft Hurtigs›k.lnk - C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE [1997-12-10 01:00:00 111376] Office Oppstart.lnk - C:\Programfiler\Microsoft Office\Office\OSA.EXE [1997-12-10 01:00:00 51984] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Programfiler\\NetMeeting\\Conf.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe [2008-02-18 13:37] R2 LogWatch;Event Log Watch;C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29] R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 17:16] R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-03-29 11:35] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2008-02-21 16:02] S3 CA_LIC_CLNT;CA License Client;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27] S3 CA_LIC_SRVR;CA License Server;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 13:14:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-11 13:16:40 ComboFix-quarantined-files.txt 2008-08-11 11:16:14 Pre-Run: 12,367,200,256 byte ledig Post-Run: 12,564,258,816 byte ledig 186 --- E O F --- 2008-07-10 01:02:13 Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 Hallo Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\WINDOWS\system32\{e619385d-7265-5a4c-973c-6561606a18ec}.dll-uninst.exe C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe Folder:: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\ Lagre det som CFScript Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med en ny HijackThis-logg Lenke til kommentar
Tistlo Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Her er loggen frå combofix: ComboFix 08-08-10.02 - RUNAR 2008-08-11 21:51:31.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.499 [GMT 2:00] Running from: C:\Documents and settings\RUNAR\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and settings\RUNAR\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe C:\WINDOWS\system32\{e619385d-7265-5a4c-973c-6561606a18ec}.dll-uninst.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\ C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\$BackupData$ C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\asferror.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\custsat.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\eula.txt C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\migrate.exe C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\mpvis.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\unregmp2.exe C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmerror.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmp.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmpasf.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmpband.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmpdxm.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmplayer.adm C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmplayer.exe C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmploc.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\\System\wmpshell.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe C:\WINDOWS\system32\{e619385d-7265-5a4c-973c-6561606a18ec}.dll-uninst.exe . ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-11 13:51 . 2008-08-11 21:50 <DIR> dr-h----- C:\Documents and settings\RUNAR\Siste 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Documents and settings\RUNAR\Programdata\SUPERAntiSpyware.com 2008-08-11 00:18 . 2008-08-11 00:18 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Programfiler\Security Task Manager 2008-08-10 17:37 . 2008-08-10 17:38 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SecTaskMan 2008-08-08 01:18 . 2008-08-08 01:18 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP 2008-07-15 17:17 . 2008-07-15 17:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-15 17:17 . 2008-07-15 17:17 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 17:11 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-11 17:08 --------- d-----w C:\Programfiler\Steam 2008-08-11 17:07 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-08-11 17:07 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-08-11 17:07 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-08-11 11:46 --------- d-----w C:\Programfiler\3DO 2008-08-11 11:44 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-11 11:40 --------- d-----w C:\Programfiler\EA SPORTS 2008-08-10 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-05 11:36 --------- d-----w C:\Documents and settings\All Users\Programdata\Symantec 2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-22 18:04 --------- d-----w C:\Programfiler\LimeWire 2008-07-12 15:45 23 ----a-w C:\Documents and settings\RUNAR\jagex_runescape_preferences.dat 2008-07-09 23:48 --------- d-----w C:\Programfiler\Norton 360 2008-07-08 20:37 --------- d-----w C:\Documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-08 20:11 --------- d-----w C:\Documents and settings\RUNAR\Programdata\Symantec 2008-07-08 20:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-08 20:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-08 20:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-08 20:09 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-08 20:09 --------- d-----w C:\Programfiler\Symantec 2008-07-08 20:08 --------- d-----w C:\Programfiler\Windows Sidebar 2008-07-07 19:47 --------- d-----w C:\Documents and settings\All Users\Programdata\Lavasoft 2008-07-07 19:45 --------- d-----w C:\Programfiler\Lavasoft 2008-07-07 19:12 --------- d-----w C:\Programfiler\Eusing Free Registry Cleaner 2008-07-05 22:41 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-07-05 22:33 --------- d-----w C:\Programfiler\Apple Software Update 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-26 16:58 5,761 ----a-w C:\Programfiler\install.log 2006-12-03 20:15 43,394,698 ----a-w C:\Programfiler\nis2006.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 10:34 576352 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008] "Steam"="c:\programfiler\steam\steam.exe" [2008-05-09 14:02 1271032] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Keyboard Status"="C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048] "osCheck"="C:\Programfiler\Norton 360\osCheck.exe" [2008-02-26 16:50 988512] "CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] HP Image Zone Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-05-26 16:56:03 438272] Microsoft Hurtigs›k.lnk - C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE [1997-12-10 01:00:00 111376] Office Oppstart.lnk - C:\Programfiler\Microsoft Office\Office\OSA.EXE [1997-12-10 01:00:00 51984] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Programfiler\\NetMeeting\\Conf.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 17:16] R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-03-29 11:35] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 21:54:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-11 21:55:46 ComboFix-quarantined-files.txt 2008-08-11 19:55:31 Pre-Run: 23,919,112,192 byte ledig Post-Run: 23,910,830,080 byte ledig 175 --- E O F --- 2008-07-10 01:02:13 Og her er loggen frå HJT: Logfile of HijackThis v1.99.1 Scan saved at 22:04:42, on 11.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe C:\WINDOWS\zHotkey.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\Shared Files\CamTray.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe C:\Documents and settings\RUNAR\Mine dokumenter\Nedlasta Programmer\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Keyboard Status] C:\Programfiler\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www1.medion.com/no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098955946984 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 (endret) Jeg ser fortsatt ikke at du har lagt ut noen SAS-logg? Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: @echo off sc stop Symantec Event Manager sc delete Symantec Event Manager sc stop Symantec Settings Manager sc delete Symantec Settings Manager sc stop Symantec Lic NetConnect service sc delete Symantec Lic NetConnect service sc stop LiveUpdate Notice sc delete LiveUpdate Notice sc stop PSEXESVC sc delete PSEXESVC exit Trykk på "Fil" og deretter "Lagre som" I "Lagre i:" velger du Skrivebord I "Filnavn" skriver du FixService.bat I "Filtype" velger du Alle filer Trykk på Lagre og deretter avslutt Notisblokk. Nå går du til ditt Skrivebord, og dobbelklikker på FixService.bat Det vil åpnes et svart vindu, og avsluttes like etter. Dette er meningen, og viser bare at fila du lagde, fungerer. Post deretter en ny HijackThis-logg så vi ser at scriptet fungerte. Fortell også hvordan maskinen fungerer nå. Fortsat pop-ups? Endret 11. august 2008 av r2d290 Lenke til kommentar
Tistlo Skrevet 12. august 2008 Forfatter Del Skrevet 12. august 2008 Takk for svar!! Skal gjere det du sa!! Maskina har vorta mykje bedre, og det er ikkje lenger popups på ho Men det er jo godt å få vekk all driten når eg fyrst er igang Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå