kunchun Skrevet 22. september 2007 Skrevet 22. september 2007 (endret) Noen som kan finne noe som ikke helt hører hjemme i denne hijack loggen? Sitter på LAN å jeg spammer virus.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:53:43, on 22.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\programfiler\steam\steam.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Ventrilo\Ventrilo.exe C:\mIRC\mirc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Opera\Opera.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentz.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [PKR Pal] "C:\Programfiler\PKR\pkrpal.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe -- End of file - 8903 bytes Endret 22. september 2007 av jubbe
norbat Skrevet 22. september 2007 Skrevet 22. september 2007 HJT-loggen ser grei ut. Du kunne ha kjørt en sjekk med Combofix. Den kan kanskje fortelle litt mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt)
kunchun Skrevet 22. september 2007 Forfatter Skrevet 22. september 2007 ComboFix 07-09-21.2 - "Terje Juvstad" 2007-09-22 16:49:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.582 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\myglobalsearch C:\Programfiler\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Programfiler\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Programfiler\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Programfiler\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Programfiler\myglobalsearch\bar\Cache\000A1685.bin C:\Programfiler\myglobalsearch\bar\Cache\0201256A.bin C:\Programfiler\myglobalsearch\bar\Cache\03F1DA27 C:\Programfiler\myglobalsearch\bar\Cache\files.ini C:\Programfiler\myglobalsearch\bar\History\search C:\Programfiler\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))) . 2007-09-22 16:49 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-22 01:20 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-20 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-20 19:34 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 19:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-20 00:47 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Screenshot Sender 2007-08-28 21:47 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Locktime 2007-08-28 21:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Locktime 2007-08-27 22:22 <DIR> d-------- C:\Programfiler\SystemRequirementsLab 2007-08-27 22:22 <DIR> d-------- C:\DOCUME~1\TERJEJ~1\SystemRequirementsLab 2007-08-26 18:40 <DIR> d-------- C:\Pron 2007-08-26 02:37 <DIR> d-------- C:\WINDOWS\pss 2007-08-26 02:30 3,580,832 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys 2007-08-26 02:30 22,560 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys 2007-08-26 02:30 195,360 --a------ C:\WINDOWS\system32\lvci1100.dll 2007-08-26 02:30 15,558 --a------ C:\WINDOWS\system32\Repository.reg 2007-08-26 02:30 1,921,184 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys 2007-08-26 02:28 <DIR> d-------- C:\Programfiler\Fellesfiler\LogiShrd 2007-08-26 02:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\LogiShrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 16:55 --------- d-------- C:\Programfiler\Steam 2007-09-22 00:27 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\uTorrent 2007-09-21 08:59 --------- d-------- C:\Programfiler\LimeWire 2007-09-20 19:34 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-19 07:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-09-19 00:09 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Hamachi 2007-09-18 13:24 --------- d-------- C:\Programfiler\PKR 2007-09-17 20:05 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-17 20:05 --------- d-------- C:\Programfiler\Sierra Entertainment 2007-09-17 16:12 --------- d-------- C:\Programfiler\Logitech 2007-09-17 16:12 --------- d-------- C:\Programfiler\Fellesfiler\Logitech 2007-09-14 01:00 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Microgaming 2007-09-14 00:22 --------- d-------- C:\Programfiler\PokerStars 2007-09-11 18:50 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Skype 2007-08-26 07:13 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs 2007-08-26 02:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Logitech 2007-08-25 23:12 --------- d-------- C:\Programfiler\TrackMania Nations ESWC 2007-08-25 18:08 --------- d-------- C:\Programfiler\Counter-Strike 1.6 2007-08-20 11:48 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Sports Interactive 2007-08-17 17:37 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\LinkChicSeek 2007-08-17 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\size two sect bold 2007-08-17 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Readme Live Axis Tons 2007-08-17 16:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Face Loud Mp3 Readme 2007-08-17 12:17 --------- d-------- C:\Programfiler\ffdshow 2007-08-17 12:17 --------- d-------- C:\Programfiler\AC3Filter 2007-08-17 12:16 --------- d-------- C:\Programfiler\Cliprex DVD Player Professional 2007-08-16 13:34 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\dvdcss 2007-08-14 16:37 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Real 2007-08-13 12:23 48640 --a------ C:\WINDOWS\mmfs.dll 2007-08-13 01:20 --------- d-------- C:\Programfiler\SurfNolimit 2007-08-10 00:52 --------- d-------- C:\Programfiler\Real 2007-08-10 00:52 --------- d-------- C:\Programfiler\Fellesfiler\xing shared 2007-08-10 00:52 --------- d-------- C:\Programfiler\Fellesfiler\Real 2007-08-05 02:10 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Pro Cycling Manager 2007 2007-08-04 11:52 --------- d-------- C:\Programfiler\Cyanide 2007-08-03 18:05 --------- d-------- C:\DOCUME~1\TERJEJ~1\PROGRA~1\Teleca 2007-08-03 05:53 --------- d-------- C:\Programfiler\LinkChicSeek 2007-07-27 00:12 --------- d-------- C:\Programfiler\Visual Pinball 2007-07-24 12:13 --------- d-------- C:\Programfiler\Guitar Pro 5 2007-07-03 03:03 139264 --a------ C:\WINDOWS\War3Unin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LGDCore"="C:\Programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31] "Launch LCDMon"="C:\Programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-08-10 00:52] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 11:33] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53] "PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2007-09-18 13:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Steam"="c:\programfiler\steam\steam.exe" [2007-09-19 14:27] "Start WingMan Profiler"="" [] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\DOCUME~1\TERJEJ~1\START-~1\PROGRA~1\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "C:\Programfiler\Save\Save.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\autoplay.exe . Contents of the 'Scheduled Tasks' folder "2007-09-22 14:00:02 C:\WINDOWS\Tasks\AFE730E49184A720.job" - c:\docume~1\terjej~1\progra~1\linkch~1\kind exit dvd.exe "2007-09-16 19:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-22 16:55:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-22 16:56:33 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-22 16:56 . --- E O F ---
norbat Skrevet 23. september 2007 Skrevet 23. september 2007 Det ligger en Lop-infeksjon der, så du kan gjøre følgende: Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør deretter en full scan med SuperAntispyware: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post NoLop-loggen ( C:\NoLop.txt ) + SAS-loggen (preferences-statistics/logs)
kunchun Skrevet 23. september 2007 Forfatter Skrevet 23. september 2007 Det ligger en Lop-infeksjon der, så du kan gjøre følgende: Hent NoLop.exe, legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Kjør deretter en full scan med SuperAntispyware: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post NoLop-loggen ( C:\NoLop.txt ) + SAS-loggen (preferences-statistics/logs) 9554279[/snapback] Skal gjøre det nå. Har kjørt superanti spyware scan flere ganger. SÅ har fått fjerna det som spamma viruset.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå