Clarice Skrevet 21. januar 2008 Skrevet 21. januar 2008 (endret) er blitt drit irritert over et virus\trojan horse, eller ka søren d er. fikk det igår 21.01.07 da eg va innom ei sida der man finner cd-keys osv. va utrolig dumt av meg å "download" sånn .rar fil som hadde 3 filer inni seg i form av cmos icon eller ka det hette. etter det så har det så popper det mange nettsider som først og frems er anti-virus\malware\spyware sider. står at PC-en er i fare for virus infeksjon osv. har prøvd avg og ad-aware, og norton, men forsatt ikke helt fiksa problemet. har sånt rare ikon i "system trey" hver gang jeg starter PC-en. bare se bilde som er vedlagt. Endret 21. januar 2008 av Clarice
snippsat Skrevet 21. januar 2008 Skrevet 21. januar 2008 Ja du får poste en hjt-logg. http://www.trendsecure.com/portal/en-US/to...ckthis/download avg og ad-aware, og norton Ja hadde du regnet med at dem skulle ta alt.
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 (endret) her er loggen fra "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:47, on 22.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe C:\Programfiler\Azureus\Azureus.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnl.exe O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\RunOnce: [FWCfg_Launch] C:\Programfiler\Fellesfiler\Symantec Shared\Firewall\FWCfg.exe /i /s "C:\Programfiler\Fellesfiler\Symantec Shared\Firewall\AppendRules.xml" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gjest') O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gjest') O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Gjest') O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background (User 'Gjest') O4 - HKUS\S-1-5-21-1417001333-162531612-682003330-501\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmnnl.dll,c (User 'Gjest') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6096 bytes Pleide desutten å få feil angående windows\system32\pmnnl.exe da utbruddet kom, men d har fiksa seg. sto at den ikje kunne bli "loaded" tror eg. Endret 22. januar 2008 av Clarice
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 http://housecall65.trendmicro.com/ har vært inne på denne sida der man tar web-basert anti-virus scanning, og d funka bra.. men det programmet også ikke klarer å slette denne "Adware_Virtumundo" som det oppdager.står: "Adware_Virtumundo: This adware arrives on a system as a dropped file of other program, or as a file downloaded from internet. Upon execution, it drop its DLL component the windows system folder" har det noe med den pmnnl fila som nevnt overfør?
snippsat Skrevet 22. januar 2008 Skrevet 22. januar 2008 (endret) har det noe med den pmnnl fila som nevnt overfør? Ja den er ikke god,så vi prøver combofix. Last ned Combofix ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Så poster du en ny hjt-logg og. Endret 22. januar 2008 av SNIPPSAT
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 her er det: Combofix: ComboFix 08-01-21.4 - Admin 2008-01-22 12:55:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.3119 [GMT 1:00] Running from: C:\Documents and Settings\Admin\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Helper C:\Programfiler\Helper\superfindout.dll C:\WINDOWS\aconti.log C:\WINDOWS\acontidialer.txt C:\WINDOWS\system32\7_exception.nls C:\WINDOWS\system32\adult.txt C:\WINDOWS\system32\byxyvts.dll C:\WINDOWS\system32\finance.txt C:\WINDOWS\system32\lnnmp.ini C:\WINDOWS\system32\lnnmp.ini2 C:\WINDOWS\system32\lt.res C:\WINDOWS\system32\other.txt C:\WINDOWS\system32\pharma.txt C:\WINDOWS\system32\pmnnl.dll C:\WINDOWS\system32\sft.res C:\WINDOWS\system32\winmxw32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\runtime ((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))) . 2008-01-22 12:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-22 12:30 . 2008-01-22 12:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-22 12:30 . 2008-01-22 12:30 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-22 11:26 . 2008-01-22 11:26 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-21 22:35 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE 2008-01-21 22:35 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL 2008-01-21 22:35 . 2004-08-04 00:03 24,064 --a------ C:\WINDOWS\system32\wsock32.dlb 2008-01-21 22:17 . 2008-01-21 22:41 <DIR> d-------- C:\Programfiler\Norton 360 2008-01-21 22:17 . 2008-01-21 22:38 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-21 22:17 . 2008-01-21 22:38 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-21 22:17 . 2008-01-21 22:38 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-21 22:17 . 2008-01-21 22:38 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-21 22:16 . 2008-01-21 22:38 <DIR> d-------- C:\Programfiler\Symantec 2008-01-21 22:16 . 2008-01-22 12:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-21 16:06 . 2008-01-21 16:06 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-21 14:15 . 2008-01-21 14:15 103,936 --a------ C:\WINDOWS\system32\drvmod.dll 2008-01-21 14:15 . 2008-01-21 14:15 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga 2008-01-21 14:15 . 2008-01-21 14:15 25,600 --a------ C:\WINDOWS\system32\socksys.dll 2008-01-21 11:55 . 2008-01-21 11:55 <DIR> d-------- C:\Programfiler\Microsoft Games 2008-01-21 11:26 . 2008-01-21 16:05 <DIR> d-------- C:\Programfiler\DAEMON Tools Pro 2008-01-21 10:34 . 2008-01-21 10:34 <DIR> d-------- C:\Programfiler\Alcohol Soft 2008-01-20 23:10 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-01-19 18:29 . 2008-01-19 18:36 <DIR> d-------- C:\Programfiler\WinLauncherXP 2008-01-19 15:03 . 2008-01-19 15:03 268 --ah----- C:\sqmdata01.sqm 2008-01-19 15:03 . 2008-01-19 15:03 244 --ah----- C:\sqmnoopt01.sqm 2008-01-19 14:40 . 2008-01-19 14:40 268 --ah----- C:\sqmdata00.sqm 2008-01-19 14:40 . 2008-01-19 14:40 244 --ah----- C:\sqmnoopt00.sqm 2008-01-19 13:20 . 2008-01-19 13:20 <DIR> d-------- C:\Programfiler\Acclaim Entertainment 2008-01-19 03:21 . 2008-01-21 10:08 <DIR> d-------- C:\Programfiler\CAPCOM 2008-01-19 03:11 . 2008-01-19 03:11 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-01-18 23:20 . 2008-01-19 01:22 <DIR> d-------- C:\Programfiler\Project64 1.6 2008-01-18 16:33 . 2008-01-18 16:33 <DIR> d-------- C:\Programfiler\Hitman series 2008-01-18 15:57 . 2008-01-18 15:59 <DIR> d-------- C:\Programfiler\NVIDIA nTune Performance Application 2008-01-08 21:26 . 2008-01-08 21:26 <DIR> d-------- C:\Programfiler\LimeWire 2007-12-29 00:19 . 2008-01-20 00:39 <DIR> d-------- C:\Programfiler\Yahoo! 2007-12-28 14:40 . 2008-01-13 16:29 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2007-12-24 19:28 . 2008-01-21 10:04 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-24 17:42 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe 2007-12-24 17:42 . 2005-11-02 16:20 49,883 --------- C:\WINDOWS\UNNMP.cfg 2007-12-24 17:40 . 2007-12-24 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2007-12-24 17:39 . 2005-09-07 18:08 3,006,464 --------- C:\WINDOWS\UNNeroVision.exe 2007-12-24 17:39 . 2005-11-02 16:20 224,756 --------- C:\WINDOWS\UNNeroVision.cfg 2007-12-24 17:38 . 2007-12-24 17:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2007-12-24 17:38 . 2007-12-24 17:42 <DIR> d-------- C:\Programfiler\Ahead 2007-12-24 17:38 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-12-24 17:38 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-12-24 17:38 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-12-24 17:38 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-12-24 17:38 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-12-24 17:38 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-12-24 17:38 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-12-24 15:13 . 2007-12-24 15:22 <DIR> d-------- C:\Programfiler\THQ 2007-12-22 23:28 . 2007-12-22 23:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2007-12-22 23:03 . 2007-12-22 23:03 <DIR> d-------- C:\UT2004Demo 2007-12-22 22:19 . 2007-12-22 22:19 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-22 21:55 . 2007-12-22 22:13 <DIR> d-------- C:\Programfiler\Driver 2007-12-22 21:53 . 2008-01-18 15:46 <DIR> d-------- C:\Programfiler\Team17 2007-12-22 21:52 . 2007-12-22 21:52 <DIR> d-------- C:\Programfiler\AC3Filter 2007-12-22 21:09 . 2007-12-25 19:54 <DIR> d-------- C:\Programfiler\Return to Castle Wolfenstein 2007-12-22 21:07 . 2007-12-22 21:16 810 --a------ C:\WINDOWS\Rtcw.INI 2007-12-22 20:18 . 2007-12-22 20:46 <DIR> d-------- C:\Programfiler\Mafia 2007-12-22 20:18 . 2003-04-09 10:28 233,472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe 2007-12-22 19:15 . 2002-12-18 16:23 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx 2007-12-22 19:15 . 2002-12-18 16:23 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX 2007-12-22 19:15 . 2002-12-18 16:23 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2007-12-22 19:15 . 2002-12-18 16:23 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2007-12-22 19:15 . 2002-12-18 16:23 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2007-12-22 19:15 . 2002-12-18 16:23 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2007-12-22 19:15 . 2002-12-18 16:23 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca 2007-12-22 19:15 . 2002-12-19 05:20 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2007-12-22 19:15 . 2002-12-18 16:23 24,576 --------- C:\WINDOWS\system32\msxml3a.dll 2007-12-22 18:22 . 2007-12-22 18:22 <DIR> d-------- C:\WINDOWS\Sun 2007-12-22 18:22 . 2007-12-22 18:22 <DIR> d-------- C:\Programfiler\Java 2007-12-22 18:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-22 18:21 . 2007-12-22 18:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2007-12-22 16:56 . 2007-12-27 13:41 <DIR> d-------- C:\Programfiler\Azureus 2007-12-22 16:46 . 2008-01-21 00:21 <DIR> d-------- C:\Programfiler\Eidos 2007-12-22 16:46 . 2008-01-21 10:33 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-22 13:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-22 13:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-22 13:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-22 02:19 . 2007-12-22 19:26 <DIR> d-------- C:\Programfiler\Ubisoft 2007-12-22 01:27 . 2008-01-22 12:01 <DIR> d-------- C:\Programfiler\Rockstar Games 2007-12-22 01:20 . 2007-12-23 00:43 1,285 --a------ C:\WINDOWS\mozver.dat 2007-12-22 01:14 . 2007-12-22 01:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-22 00:54 . 2007-12-22 00:54 <DIR> d-------- C:\Programfiler\MSXML 4.0 2007-12-22 00:29 . 2007-12-22 00:29 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-12-22 00:16 . 2007-12-22 00:16 <DIR> d-------- C:\Programfiler\id Software 2007-12-22 00:14 . 2007-12-22 00:14 <DIR> d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-22 11:01 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-21 13:25 --------- d-----w C:\Programfiler\EA GAMES 2008-01-21 10:48 --------- d-----w C:\Programfiler\DeusEx 2008-01-21 00:16 --------- d-----w C:\Programfiler\Sierra 2008-01-19 01:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-21 20:34 --------- d-----w C:\Programfiler\Logitech 2007-12-21 20:34 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-12-21 20:27 --------- d-----w C:\Programfiler\GameSpy Arcade 2007-12-21 19:59 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-12-21 19:45 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-12-21 19:22 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-12-21 19:22 --------- d-----w C:\Programfiler\Windows Live 2007-12-21 19:11 98,304 ----a-w C:\WINDOWS\system32\qttask.exe 2007-12-21 19:10 --------- d-----w C:\Programfiler\ACE Mega CoDecS Pack 2007-12-21 19:05 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-12-21 19:05 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-12-21 18:55 --------- d-----w C:\Programfiler\Creative 2007-12-21 18:43 --------- d-----w C:\Programfiler\Geforce 7900 GT 2007-12-21 18:33 --------- d-----w C:\Programfiler\GIGABYTE 2007-12-21 18:24 --------- d-----w C:\Programfiler\AMD 2007-12-21 18:21 --------- d--h--w C:\Programfiler\Uninstall Information 2007-12-21 18:16 --------- d-----w C:\Programfiler\microsoft frontpage 2007-12-21 18:14 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-12-21 18:13 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-12-21 18:13 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll . <pre> ----a-w 579,072 2008-01-21 15:08:48 C:\Programfiler\Grisoft\AVG7\avgcc .exe ----a-w 15,360 2008-01-21 15:06:00 C:\WINDOWS\system32\ctfmon .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" [ ] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "CTHelper"="CTHELPER.EXE" [2005-10-29 12:31 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-10-29 12:31 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ] "MSDrive"="C:\WINDOWS\system32\drvmod.dll" [2008-01-21 14:15 103936] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Trb11.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-02-25 17:15 454656 C:\Programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-02-25 17:06 212992 C:\Programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-21 20:11 98304 C:\WINDOWS\system32\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-10-29 12:16] S3 asbp2poa;asbp2poa;C:\DOCUME~1\Admin\LOKALE~1\Temp\asbp2poa.sys [] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 05:09] *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-22 12:59:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\drvmod.dll . Completion time: 2008-01-22 13:01:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-22 12:01:19 . 2008-01-16 06:10:36 --- E O F --- Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:46, on 22.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA nTune Performance Application\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 5516 bytes
snippsat Skrevet 22. januar 2008 Skrevet 22. januar 2008 (endret) Ja nå begynner det og hjelpe. Start hjt merk disse filene så fixed. O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) Restart. Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen] Så du ikke blir infisert ved systemgjenoppretting. Da sier vi det er greit. Husk det er en egen forum for dette. https://www.diskusjon.no/index.php?showforum=131 Endret 22. januar 2008 av SNIPPSAT
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 takk for hjelpen. nå får eg ikje noe feil meldinger når eg logger meg inn på brukeren min (PMNNL error). men det iconet i system trey er forsatt der
snippsat Skrevet 22. januar 2008 Skrevet 22. januar 2008 (endret) Ok vi prøver litt til. Kjør denne. CCleaner Start hjt merk disse filene så fixed. O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup Ny runde med combofix. Så logg fra combofix og hjt. Endret 22. januar 2008 av SNIPPSAT
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 skal eg restarte etter eg har gjort dette "Start hjt merk disse filene så fixed. O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmod.dll,startup" også "Ny runde med combofix. Så logg fra combofix og hjt." ?
snippsat Skrevet 22. januar 2008 Skrevet 22. januar 2008 (endret) Ja og ccleaner som jeg la til nå. Og denne glemte jeg. Superantispyware Gjerne logg fra den og. Endret 22. januar 2008 av SNIPPSAT
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 installere noe..det er snart ferdig så skal jeg gjøre det du har sagt punkt for punkt.
Clarice Skrevet 22. januar 2008 Forfatter Skrevet 22. januar 2008 (endret) hjertelig takk for all hjelpa:) nå er det rare ikonet borte. superantispyware gjorde jobben sin. problemet er fiksa takket være deg takke! Endret 22. januar 2008 av Clarice
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå