davidkrist Skrevet 20. august 2008 Del Skrevet 20. august 2008 Kan noen sjekke denne loggen? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:11:22, on 20.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32st.exe C:\Programfiler\Sikkerhetspakken\Common\FSMA32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Sikkerhetspakken\Common\FSMB32.EXE C:\Programfiler\Sikkerhetspakken\Common\FCH32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fssm32.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsqh.exe C:\Programfiler\Sikkerhetspakken\Common\FAMEH32.EXE C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsaua.exe C:\Programfiler\Sikkerhetspakken\FSPC\fspc.exe C:\Programfiler\Sikkerhetspakken\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsus.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Sikkerhetspakken\FSGUI\fsguidll.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsav32.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\dd\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\Sikkerhetspakken\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188551723156 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 30d6a207382 - C:\WINDOWS\system32\__c00C2D84.dat O20 - Winlogon Notify: __c00E7D1D - C:\WINDOWS\system32\__c00E7D1D.dat (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9205 bytes Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O20 - Winlogon Notify: 30d6a207382 - C:\WINDOWS\system32\__c00C2D84.dat O20 - Winlogon Notify: __c00E7D1D - C:\WINDOWS\system32\__c00E7D1D.dat (file missing) --- Start->kjør->cmd Skriv inn fet tekst sc stop NipSvc sc delete NipSvc --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 20. august 2008 av SNIPPSAT Lenke til kommentar
davidkrist Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 ComboFix 08-08-19.03 - Solhaug 2008-08-20 21:31:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1420 [GMT 2:00] Running from: C:\dd\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\__c00C2D84.dat C:\WINDOWS\system32\~.exe C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))) . 2008-08-20 21:02 . 2008-08-20 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-20 21:01 . 2008-08-20 21:02 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-20 20:31 . 2008-08-20 20:31 <DIR> d-------- C:\WINDOWS\system32\no 2008-08-20 20:31 . 2008-08-20 20:31 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-20 20:31 . 2008-08-20 20:31 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-20 20:29 . 2008-08-20 20:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-20 20:23 . 2008-08-20 20:23 <DIR> d-------- C:\WINDOWS\EHome 2008-08-20 20:13 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-20 18:04 . 2008-08-20 18:04 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere 2008-08-20 18:00 . 2006-11-21 14:47 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-08-20 18:00 . 2006-11-21 14:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-08-20 18:00 . 2006-11-21 14:47 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-08-20 18:00 . 2006-11-21 13:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-08-20 18:00 . 2008-08-20 18:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-08-20 18:00 . 2006-11-21 13:54 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-08-20 18:00 . 2006-11-21 13:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-08-20 18:00 . 2006-11-21 14:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-08-20 18:00 . 2006-11-21 13:54 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-08-20 18:00 . 2006-11-21 14:47 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-08-20 18:00 . 2008-08-20 18:04 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-14 15:13 . 2008-08-14 15:13 <DIR> d-------- C:\Programfiler\Lavasoft 2008-08-14 15:13 . 2008-08-14 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-14 14:38 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 19:02 --------- d-----w C:\Programfiler\Yahoo! 2008-08-20 16:04 --------- d-----w C:\Programfiler\EA SPORTS 2008-08-20 09:28 --------- d-----w C:\Programfiler\PokerStars 2008-08-19 11:41 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-08-14 13:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-15 20:37 --------- d-----w C:\Programfiler\Java 2008-07-15 20:34 --------- d-----w C:\Programfiler\iTunes 2008-07-15 20:34 --------- d-----w C:\Programfiler\iPod 2008-07-15 20:33 --------- d-----w C:\Programfiler\QuickTime 2008-07-15 20:23 --------- d-----w C:\Programfiler\Apple Software Update 2008-07-08 15:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-06-27 15:17 --------- d-----w C:\Programfiler\Player Genie 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2007-04-17 13:37 80 --sh--r C:\WINDOWS\system32\93BF61A587.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-20 16:30 4670704] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "F-Secure Manager"="C:\Programfiler\Sikkerhetspakken\Common\FSM32.EXE" [2007-11-01 13:42 182936] "F-Secure TNB"="C:\Programfiler\Sikkerhetspakken\FSGUI\TNBUtil.exe" [2007-11-01 13:42 739936] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "C:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "C:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "C:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "C:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "C:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "C:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 15:30] R1 F-Secure HIPS;F-Secure HIPS;C:\Programfiler\Sikkerhetspakken\HIPS\fshs.sys [2008-02-14 05:55] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2007-11-01 13:42] R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12] S3 cel90xbe;cel90xbe;C:\DOCUME~1\Solhaug\LOKALE~1\Temp\cel90xbe.sys [] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 13:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2007-11-01 13:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - Notify-30d6a207382 - C:\WINDOWS\system32\__c00C2D84.dat Notify-__c00E7D1D - C:\WINDOWS\system32\__c00E7D1D.dat . ------- Supplementary Scan ------- . O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 21:36:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32st.exe C:\Programfiler\Sikkerhetspakken\Common\FSMA32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Sikkerhetspakken\Common\FSMB32.EXE C:\Programfiler\Sikkerhetspakken\Common\FCH32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fssm32.exe C:\Programfiler\Sikkerhetspakken\Common\FAMEH32.EXE C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsaua.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsqh.exe C:\Programfiler\Sikkerhetspakken\FSPC\fspc.exe C:\Programfiler\Sikkerhetspakken\FWES\program\fsdfwd.exe C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsus.exe C:\PROGRA~1\SIKKER~1\Common\FSM32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsav32.exe C:\PROGRA~1\SIKKER~1\FSGUI\fsguidll.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe C:\Programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-08-20 21:41:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-20 19:41:04 Pre-Run: 355,271,163,904 byte ledig Post-Run: 355,834,859,520 byte ledig 173 --- E O F --- 2008-08-20 18:41:32 Hmm er usikker på om jeg fikk fet skrift i kjørvinduet... Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 (endret) Last ned Avenger Kopiere fet tekst,start avenger lim tekst inn i "input script here" Trykk på execute knappen. Files to delete: C:\WINDOWS\system32\93BF61A587.dll C:\Documents and Settings\Solhaug\Lokale innstillinger\Temp\cel90xbe.sys --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Restart. --- Lag en ny hijackthis logg. Endret 20. august 2008 av SNIPPSAT Lenke til kommentar
davidkrist Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 skal vi se.. Malwarebytes' Anti-Malware 1.25 Database versjon: 1073 Windows 5.1.2600 Service Pack 3 22:56:11 20.08.2008 mbam-log-08-20-2008 (22-56-01).txt Skanntype: Rask Skann Objekter skannet: 44606 Tid tilbakelagt: 2 minute(s), 20 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\cleanup.bat (Trojan.Agent) -> No action taken.(Fjernet denne i ettertid) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:01:15, on 20.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32st.exe C:\Programfiler\Sikkerhetspakken\Common\FSMA32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Sikkerhetspakken\Common\FSMB32.EXE C:\Programfiler\Sikkerhetspakken\Common\FCH32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fssm32.exe C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsqh.exe C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsaua.exe C:\Programfiler\Sikkerhetspakken\Common\FAMEH32.EXE C:\Programfiler\Sikkerhetspakken\FSPC\fspc.exe C:\Programfiler\Sikkerhetspakken\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Sikkerhetspakken\Common\FSM32.EXE C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsav32.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Sikkerhetspakken\FSGUI\fsguidll.exe C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsus.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\dd\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\Sikkerhetspakken\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\Sikkerhetspakken\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programfiler\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188551723156 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\Sikkerhetspakken\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8627 bytes Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 Da ser det bra ut Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
davidkrist Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 (endret) Takk for hjelp:) Fra i dag av er det slutt på å surfe på adm bruker. Endret 20. august 2008 av davidkrist Lenke til kommentar
Marvil Skrevet 21. august 2008 Del Skrevet 21. august 2008 Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vennligst forsøk å ha dette i tankene neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler. Husk at en god emnetittel skal beskrive eller oppsummere hvilket problem du har - ikke at du har et problem. En god emnetittel skal heller ikke kun bestå av et produktnavn. Bruk -knappen i første post for å endre emnetittelen. (Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men gjerne dette innlegget når tittelen er endret, så vil det bli fjernet..) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå