StaBBer Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Søstra mi klarte å få MSN viruset på maskinen sin, og jeg trenger hjelp fra dere til å hjelpe henne med å rydde opp. Jeg har kjørt: - AVG Full Scan, som oppdaget og fjernet et virus - CCleaner - Spybot SaD Likevel oppfører maskinen seg "rart" enda. Her er derfor noen logger: Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:02:16, on 20.01.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\conime.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Users\kristina\Desktop\Virus\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bind Show] "C:\ProgramData\ooze date date.n7h6ey" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-efc82c3f59c89eac.spaces.live.co...nPUpldnb-no.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10467 bytes ComboFix ComboFix 08-01-20.1 - kristina 2008-01-20 22:04:09.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1013 [GMT 1:00] Running from: C:\Users\kristina\Desktop\Virus\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 22:03 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-20 21:26 . 2008-01-20 22:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-01-20 21:24 . 2008-01-20 21:24 <DIR> d-------- C:\Program Files\CCleaner 2008-01-20 01:32 . 2008-01-20 01:32 311 --a------ C:\Datamaskin - Snarvei (3).lnk 2008-01-10 13:17 . 2008-01-10 13:17 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-10 13:17 . 2008-01-10 13:17 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-10 13:17 . 2008-01-10 13:17 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-10 13:17 . 2008-01-10 13:17 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-10 13:17 . 2008-01-10 13:17 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-10 03:01 . 2008-01-10 03:01 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-10 03:01 . 2008-01-10 03:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-10 03:01 . 2008-01-10 03:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-10 03:01 . 2008-01-10 03:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-10 03:01 . 2008-01-10 03:01 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-04 14:30 . 2008-01-19 16:55 54,156 --ah----- C:\Windows\QTFont.qfn 2008-01-04 14:30 . 2008-01-04 14:30 1,409 --a------ C:\Windows\QTFont.for 2007-12-29 22:08 . 2007-12-29 22:08 <DIR> d-------- C:\Users\kristina\AppData\Roaming\Creative 2007-12-29 21:53 . 2003-06-12 23:25 7,062 --a------ C:\Windows\System32\audiopid.vxd 2007-12-29 21:52 . 2006-10-06 07:17 53,248 --------- C:\Windows\Ctregrun.exe 2007-12-29 21:51 . 2007-12-29 21:55 <DIR> d-------- C:\ProgramData\Creative 2007-12-29 21:50 . 2007-12-29 21:51 <DIR> d--h----- C:\Program Files\Creative Installation Information 2007-12-29 21:50 . 2007-12-29 21:52 <DIR> d-------- C:\Program Files\Creative 2007-12-29 21:50 . 2007-12-29 21:50 <DIR> d-------- C:\Program Files\Common Files\Creative . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 17:05 --------- d-----w C:\Users\kristina\AppData\Roaming\AVG7 2008-01-20 16:53 --------- d-----w C:\Program Files\MSN Messenger 2008-01-20 00:03 --------- d-----w C:\Program Files\HOTALBUMMyBOX 2008-01-16 19:59 --------- d-----w C:\Users\kristina\AppData\Roaming\LimeWire 2008-01-10 16:07 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-10 16:07 --------- d-----w C:\Program Files\Windows Mail 2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2007-12-31 21:28 --------- d-----w C:\ProgramData\Roxio 2007-12-29 20:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-15 23:23 --------- d-----w C:\Program Files\Java 2007-12-14 09:19 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-14 09:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-14 09:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-14 09:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-14 09:16 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-14 09:16 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-14 09:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-14 09:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-14 09:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-14 09:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-14 09:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-14 09:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-14 09:14 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-14 09:14 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-07 13:41 --------- d-----w C:\Users\kristina\AppData\Roaming\Apple Computer 2007-12-07 13:40 --------- d-----w C:\Program Files\QuickTime 2007-12-07 13:38 --------- d-----w C:\ProgramData\Apple Computer 2007-12-07 13:25 --------- d-----w C:\Program Files\Disc2Phone 2007-11-30 08:43 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-18 10:24 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-15 14:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-15 14:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-15 14:20 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-15 14:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-15 14:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-15 14:20 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-15 14:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-15 14:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-15 14:20 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-15 14:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-15 14:19 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2007-11-15 14:19 8,704 ----a-w C:\Windows\System32\hccoin.dll 2007-08-31 20:09 174 --sha-w C:\Program Files\desktop.ini 2007-08-07 18:11 0 ----a-w C:\Users\kristina\AppData\Roaming\wklnhst.dat 2007-08-07 14:55 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-08-07 14:55 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-08-07 14:55 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 17:02 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 04:36 827392] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 00:38 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 00:38 81920] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 18:46 579072] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] "Bind Show"="C:\ProgramData\ooze date date.n7h6ey" [2007-09-04 18:14 348176] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] "MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 10:45 787096] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-07 14:39 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 20:15 219136] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ MediaChecker.lnk - C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 10:48:22 913560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-08-12 18:04 9216 C:\Windows\System32\avgwlntf.dll R0 PzWDM;PzWDM;C:\Windows\system32\Drivers\PzWDM.sys [2007-09-04 18:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-20 20:40:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 22:06:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 22:07:22 . 2008-01-17 20:19:00 --- E O F --- Finner dere noe mistenkelig? På forhånd takk. Lenke til kommentar
Programvare Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 (endret) Du kan hvert fall trykke fix på følgende: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [bind Show] "C:\ProgramData\ooze date date.n7h6ey" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe Last ned og kjør porgrammet Ccleaner. Post deretter en ny logg og vent på at noen som er litt mer dedikert enn meg til å kikke på loggene. Endret 20. januar 2008 av Vintermåne Lenke til kommentar
StaBBer Skrevet 20. januar 2008 Forfatter Rapporter Del Skrevet 20. januar 2008 CCleaner kjørte jeg før jeg la inn denne tråden og laget loggene. De to første du nevner, SweetIM er greit å fjerne. Hva gjør jeg for fikse de to sistnevnte? HJT og CF er vel bare loggprogram? Lenke til kommentar
Programvare Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Du kjører hijackthis og trykker Do A System Scan And Save A Logfile. Da får du opp en notepad-fil med + programmet. Da kan du markere de forskjellige på venstre side i programmet og deretter trykke fix checked Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå