Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
trojan... hvad gør den?? Af Monsterbruger W-you | 14-01-2008 15:15 | 3515 visninger | 18 svar, hop til seneste
jeg har været så heldig at få denne her Trojan-Downloader.WMA.Wimad.l er der en som ved hvad den gør?
på forhånd tak --
you hit me, we make a hit on you
Det er et fint lille program der downloader en trojaner hest til din computer. -- Gæstebruger, opret dit eget login og få din egen signatur. Er du interesseret i at få den fjernet??
Så følg nedestående vejledning:
Kør Ccleaner(1) SAS(2) Hijackthis(5) Combofix(6)
i nævnte rækkefølge herfra www.arlet.dk[...]
Jeg skal se logs fra punkt 2, 5 og 6 -- Med venlig hilsen Arlet
www.arlet.dk[...] vil gerne ha fjernet dem, kaspersky siger den er væk, men smider lige en hj.this log oki
Logfile of HijackThis v1.99.1
Scan saved at 15:48:11, on 14-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\PeerGuardian2\pg2.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
D:\Bla Programmer\bla. prog\hjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O8 - Extra context menu item: Add to Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com[...]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- you hit me, we make a hit on you
For det første skal du hele turen igennem, for vi kan ikke se nok med kun en hijackthis og når du kører hijackthis, så skal det være fra mit link, for din er alt for gammel.. -- Med venlig hilsen Arlet
www.arlet.dk[...] #0 Vis jeg nu var dig ville jeg lytte til Arlet. Han ved hvad han snakker om. -- Her har i indtil vidre den latterligste sælger jeg har set på hol: http://hol.dk[...] oki jeg prøver lige igen ... -- you hit me, we make a hit on you
men hvad skal jeg bruge inde på det link du sender ==? er ikke så god til det der med de programmer -- you hit me, we make a hit on you
så har jeg været hele runmlen igennem her er de 3 logs så.. håber de er rene ;O)
1
Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2008/01/07 17:03:01
Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2008/01/07 17:03:01, Variants: 1123929
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: PALLE-\Palle
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" -> ""
Scan started: 14/01/2008 17:47:20
Scanning running processes and process memory...
Number of processes/threads found: 1650
Number of processes/threads scanned: 1649
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 29s
Scanning file system...
Scanning: C:\*.*
C:\Programmer\DAEMON Tools\SetupDTSB.exe (Infected with W32/SaveNow.XO)
Deleted file
Scanning: D:\*.*
D:\Bla Programmer\dvdomlaver\dvdfabplatinum3113beta.rar/CMT (Error whilst scanning file: I/O Error)
Scanning: c:\System Volume Information\*.*
Running post-scan cleanup routine:
Number of files found: 57163
Number of archives unpacked: 492
Number of files scanned: 57130
Number of files not scanned: 33
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 1
Number of infections removed: 1
Total scanning time: 11m 24s
2
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
14-01-2008 17:46:52,14
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2008-01-14 17:46:54
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:95d0c791
"s2"=dword:14ab98c7
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,99,9d,2b,ea,a1,9f,ab,71,fc,7d,24,ca,4a,d2,f2,a2,08,1f,f7,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,46,3f,f5,5d,0f,26,93,c3,f2,98,e1,4f,16,fc,60,11,28,..
"khjeh"=hex:1f,1d,3d,0f,5a,ef,cd,1d,51,3c,82,f2,de,85,48,e5,33,b5,c5,c9,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d1,ed,d6,01,b8,2e,6f,ec,71,57,db,34,74,7c,b4,41,41,4b,97,85,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,99,9d,2b,ea,a1,9f,ab,71,fc,7d,24,ca,4a,d2,f2,a2,08,1f,f7,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,46,3f,f5,5d,0f,26,93,c3,f2,98,e1,4f,16,fc,60,11,28,..
"khjeh"=hex:1f,1d,3d,0f,5a,ef,cd,1d,51,3c,82,f2,de,85,48,e5,33,b5,c5,c9,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d1,ed,d6,01,b8,2e,6f,ec,71,57,db,34,74,7c,b4,41,41,4b,97,85,52,..
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:38, on 14-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\HJTrenamed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com[...]
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4130 bytes
JA DET ER LIDT MEGET MEN HÅBER DE ER RENE ??? -- Gæstebruger, opret dit eget login og få din egen signatur. Du skal køre punkt 6 inde fra det link jeg gav dig.. -- Med venlig hilsen Arlet
www.arlet.dk[...] hej igen sorry havde lige glemt den der combofix, men her er log fra den..
ComboFix 08-01-15.1 - Palle 2008-01-14 21:59:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.701 [GMT 1:00]
Running from: C:\Documents and Settings\Palle\Skrivebord\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-14 21:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 20:51 . 2008-01-14 20:51 d-------- C:\Programmer\Rockstar Games
2008-01-14 20:29 . 2003-10-02 00:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-01-14 20:29 . 2002-11-01 00:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-01-14 20:29 . 2003-10-02 00:00 91,923 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-01-14 20:29 . 2003-10-02 00:00 76,956 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-01-14 20:29 . 2002-11-01 00:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-01-14 20:29 . 2003-10-02 00:00 39,121 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-01-14 20:29 . 2003-10-02 00:01 27,965 --a------ C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-01-14 20:29 . 2003-10-02 00:00 15,822 --a------ C:\WINDOWS\system32\EPPICLocal_JP.cfg
2008-01-14 20:29 . 2008-01-14 20:29 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-01-14 20:29 . 2003-10-02 00:00 14,482 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-01-14 20:28 . 2008-01-14 20:42 d-------- C:\Programmer\HOTALBUMMyBOX
2008-01-14 17:47 . 2007-07-06 18:39 401,720 --a------ C:\Programmer\HJTrenamed.exe
2008-01-14 17:31 . 2008-01-14 17:31 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 17:30 . 2008-01-14 18:30 d-------- C:\Programmer\SUPERAntiSpyware
2008-01-14 17:30 . 2008-01-14 18:30 d-------- C:\Documents and Settings\Palle\Application Data\SUPERAntiSpyware.com
2008-01-14 17:29 . 2008-01-14 17:38 d-------- C:\Programmer\Yahoo!
2008-01-14 16:34 . 2008-01-14 16:34 d-------- C:\Programmer\DVD Shrink
2008-01-14 16:34 . 2008-01-14 16:40 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-14 14:27 . 2008-01-14 14:28 d-------- C:\unisecur
2008-01-12 18:06 . 2008-01-14 15:11 d-------- C:\Documents and Settings\Palle\Incomplete
2008-01-12 18:05 . 2008-01-12 18:05 d-------- C:\Programmer\LimeWire
2008-01-12 18:05 . 2008-01-14 10:51 d-------- C:\Documents and Settings\Palle\Application Data\LimeWire
2008-01-12 17:00 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-12 16:43 . 2008-01-12 16:43 d-------- C:\Programmer\K-Lite Codec Pack
2008-01-08 14:53 . 2008-01-08 14:53 d-------- C:\Programmer\Vaugouin
2008-01-06 17:00 . 2008-01-13 14:26 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-06 16:59 . 2008-01-06 16:59 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-06 16:57 . 2008-01-12 17:02 d-------- C:\WINDOWS\nview
2008-01-06 16:57 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-06 16:57 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-06 16:57 . 2008-01-13 14:27 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-06 16:57 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-06 16:49 . 2008-01-06 16:49 d-------- C:\Programmer\SystemRequirementsLab
2008-01-06 16:49 . 2008-01-06 16:49 d-------- C:\Documents and Settings\Palle\Application Data\SystemRequirementsLab
2008-01-05 14:08 . 2008-01-05 14:08 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-05 13:58 . 2008-01-05 13:58 d--h----- C:\WINDOWS\PIF
2008-01-04 16:30 . 2008-01-04 16:30 d-------- C:\Documents and Settings\Palle\Application Data\Media Player Classic
2008-01-03 21:13 . 2008-01-03 21:13 d-------- C:\Programmer\Valve
2008-01-03 21:03 . 2008-01-03 21:03 1,146 --a------ C:\WINDOWS\mozver.dat
2008-01-03 20:31 . 2008-01-03 20:34 d-------- C:\Documents and Settings\Palle\Application Data\Winamp
2008-01-03 20:11 . 2008-01-14 14:54 d-------- C:\Programmer\PeerGuardian2
2008-01-03 20:05 . 2008-01-03 20:05 d-------- C:\Programmer\uTorrent
2008-01-03 20:05 . 2008-01-14 15:52 d-------- C:\Documents and Settings\Palle\Application Data\uTorrent
2008-01-03 17:03 . 2008-01-03 17:03 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-03 16:33 . 2003-08-10 01:32 14,336 --a------ C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-01-03 16:30 . 2004-08-26 17:53 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-03 16:30 . 2004-08-26 17:53 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-03 16:30 . 2001-10-04 16:35 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-03 16:30 . 2001-10-04 16:35 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-03 16:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-03 16:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-03 16:29 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-03 16:29 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-03 12:18 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 21:01 5,472,800 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-15 21:01 220,448 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-15 21:00 83,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-15 21:00 26,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 19:29 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-14 19:28 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-01-14 17:23 4,131 ----a-w C:\Programmer\hijackthis.log
2008-01-14 16:49 --------- d-----w C:\Programmer\DAEMON Tools
2008-01-14 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-13 16:19 17,387 ----a-w C:\Programmer\LittleAngel.JPG
2008-01-13 16:17 35,600 ----a-w C:\Programmer\LittleAngel.gif
2008-01-08 16:36 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-08 16:36 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-03 19:32 --------- d-----w C:\Programmer\Winamp
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-01-06 17:23 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 16:53 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^DUSuperControler.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\DUSuperControler.lnk
backup=C:\WINDOWS\pss\DUSuperControler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Palle^Menuen Start^Programmer^Start^CD-MENU.LNK]
path=C:\Documents and Settings\Palle\Menuen Start\Programmer\Start\CD-MENU.LNK
backup=C:\WINDOWS\pss\CD-MENU.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-26 16:53 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2006-11-12 11:48 157592 C:\Programmer\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
C:\Programmer\HOTALBUMMyBOX\MBBalloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmer\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programmer\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2006-01-31 13:20 180224 C:\Programmer\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-06-03 02:52 36975 C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 C:\Programmer\Winamp\winampa.exe
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-01-14 20:29]
R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 21:09]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2008-01-15 22:02:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 22:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 21:03:27
.
2008-01-10 06:45:24 --- E O F --- -- you hit me, we make a hit on you
så er det gjort .. hvad gør jeg så nu ?? -- you hit me, we make a hit on you
og tak for hjælpen ;O) -- you hit me, we make a hit on you
Jamen får du stadig den meddelse om at du har en trojaner?? -- Med venlig hilsen Arlet
www.arlet.dk[...] hej igen ja, har hentet avg's nye gratis edetion, den siger jeg har 2 trojans, men at den fjerner dem... kan jeg tro på det ?? -- you hit me, we make a hit on you
Hmmm. Hvis du har Kaspersky internet Security ver.7.0.0.125 findes i øjeblikket kun på engelsk, men DK ver kommer snart.
Vil den aut. blive fjernet vel at mærke hvis du har instillet KIS ordentlig- så tro ikke Avg,fsecure eller bitdefender er bedre (de kan ikke engang fjerne BO2K ! - OG installer ikke andre AV prg. oven i KIS !!! det er den klare opskrift på total MAYHEM-
Gå til forum.kaspersky.com , her sidder de "rigtige experter", og du vil få hjælp med det samme.
Ingen af de ovennævnte andre AV prg`s har en bedre detection rate end KIS !
HVIS du har KIS er det kun et spørgsmål om du har indstillet KIS korrekt- (kis >settings>config maneger>reset..hvis du skulle være kommet til at give den nævnte trojan tilladelse- ELLER i settings>scan my computer> costomize>general>scan all files tick OG Heuristic analyzer>enable extended rootkit scan og scan level detail> husk slå application integrity control og registry gurd til i proactive defence-
KASPERSKY NO1 -- Hmmm. Hvis du har Kaspersky internet Security ver.7.0.0.125 findes i øjeblikket kun på engelsk, men DK ver kommer snart.
Vil den aut. blive fjernet vel at mærke hvis du har instillet KIS ordentlig- så tro ikke Avg,fsecure eller bitdefender er bedre (de kan ikke engang fjerne BO2K ! - OG installer ikke andre AV prg. oven i KIS !!! det er den klare opskrift på total MAYHEM-
Gå til forum.kaspersky.com , her sidder de "rigtige experter", og du vil få hjælp med det samme.
Ingen af de ovennævnte andre AV prg`s har en bedre detection rate end KIS !
HVIS du har KIS er det kun et spørgsmål om du har indstillet KIS korrekt- (kis >settings>config maneger>reset..hvis du skulle være kommet til at give den nævnte trojan tilladelse- ELLER i settings>scan my computer> costomize>general>scan all files tick OG Heuristic analyzer>enable extended rootkit scan og scan level detail> OG kør DEREFTER scan my computer husk slå application integrity control og registry gurd til i proactive defence-
KASPERSKY NO1 --
Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.
Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.
Opret bruger | Login
|
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Hvilken udbyder har du til internet? 254 personer har stemt - Mit energiselskab (Ewii f.eks) 12%
|