Søg
Avatar billede thormannxd Nybegynder
30. september 2007 - 11:49 Der er 18 kommentarer

Addware/Spyware igen!

Hej Eksperten.

Jeg har prøvet det her før, men jeg vil helst have Jeres hjælp igen.
Det drejer sig om en helt masse pop-ups. Også selvom jeg ikke er på internettet. Alt muligt, som påstår, at jeg har virus, og at jeg skal downloade deres SHIT!
Jeg har gemt de programmer, i hjalp mig med sidste gang. Kan bare ikke helt huske, hvad jeg skal gøre.

Mads Thormann
Avatar billede arlet Juniormester
30. september 2007 - 11:57 #1
Hent ShootTheMessenger her: http://grc.com/files/shootthemessenger.exe

Kør programmet og "disable" Messenger servicen - genstart - og så skulle det problem være løst
Avatar billede arlet Juniormester
30. september 2007 - 11:59 #2
den fjerner de popups du nævner der..

Hvis vi skal kigge computeren igennem for snavs, så følg denne vejledning: http://www.malwarecheck.dk/forum/viewtopic.php?t=9
Avatar billede thormannxd Nybegynder
30. september 2007 - 13:31 #3
Hej igen.
Jeg synes ikke rigtigt ShootTheMessenger virker.
Her er min HiJack logfil:

Logfile of HijackThis v1.99.1
Scan saved at 13:29:30, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mads\Skrivebord\Hjælp til virus xb\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\WINDOWS\div32.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: The advpn - {E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} - C:\WINDOWS\advpn.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?9eb72dfe5e534a119c30e03d50032bfb
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?9eb72dfe5e534a119c30e03d50032bfb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: mssql - {CEA369EE-830D-421C-AA0B-B9698819056D} - C:\WINDOWS\mssql.dll
O21 - SSODL: syscore - {7EF1CB59-22D4-4A2B-9089-CCE6EA8EE4A3} - C:\WINDOWS\syscore.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programmer\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Programmer\iPod\bin\iPodService.exe (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
Avatar billede thormannxd Nybegynder
30. september 2007 - 13:33 #4
Og Rootcnk logfilen:

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
30-09-2007 13:31:35,10

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 13:31:35
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:41ad6309
"s2"=dword:fcfd5b06
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d5,b0,09,66,bb,12,58,bf,7e,f0,c4,8b,e2,9f,17,4b,db,d5,21,e0,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bb,2a,62,7a,30,83,62,c3,f7,6f,8f,be,dd,e5,61,e3,ed,..
"khjeh"=hex:62,06,ca,27,f0,ca,de,98,7a,13,91,1f,2f,88,7c,7d,28,04,49,f5,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,c0,e3,2b,01,97,ef,dc,5d,e6,e7,e6,04,cb,ad,3d,fa,d7,33,8c,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d5,b0,09,66,bb,12,58,bf,7e,f0,c4,8b,e2,9f,17,4b,db,d5,21,e0,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bb,2a,62,7a,30,83,62,c3,f7,6f,8f,be,dd,e5,61,e3,ed,..
"khjeh"=hex:62,06,ca,27,f0,ca,de,98,7a,13,91,1f,2f,88,7c,7d,28,04,49,f5,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,c0,e3,2b,01,97,ef,dc,5d,e6,e7,e6,04,cb,ad,3d,fa,d7,33,8c,86,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede arlet Juniormester
30. september 2007 - 14:23 #5
Nej, det kan jeg se at vi skal have noget andet i gang..

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede thormannxd Nybegynder
30. september 2007 - 17:25 #6
Her er så min Combofix-logfil:

ComboFix 07-09-21.2 - "Mads" 2007-09-30 17:14:44.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.211 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Mads\APPLIC~1\errorsafefreeinstall_dk[1].exe
C:\DOCUME~1\Mads\FORETR~1\Error Cleaner.url
C:\DOCUME~1\Mads\FORETR~1\Privacy Protector.url
C:\DOCUME~1\Mads\FORETR~1\Spyware&Malware Protection.url
C:\DOCUME~1\Mads\SKRIVE~1\Error Cleaner.url
C:\DOCUME~1\Mads\SKRIVE~1\Privacy Protector.url
C:\DOCUME~1\Mads\SKRIVE~1\Spyware&Malware Protection.url
C:\Programmer\VideoAccessCodec
C:\Programmer\VideoAccessCodec\install.ico
C:\Programmer\VideoAccessCodec\Uninstall.exe
C:\Programmer\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 17:12    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-29 20:04    75,776    --a------    C:\WINDOWS\advpn.dll
2007-09-29 20:04    274,432    --a------    C:\WINDOWS\syscore.dll
2007-09-29 20:04    253,952    --a------    C:\WINDOWS\div32.dll
2007-09-29 20:04    217,088    --a------    C:\WINDOWS\mssql.dll
2007-09-29 17:11    <DIR>    d--------    C:\Programmer\Incomplete
2007-09-28 13:06    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\vlc
2007-09-28 13:05    <DIR>    d--------    C:\Programmer\VLC
2007-09-22 12:59    <DIR>    d--------    C:\Programmer\Full Tilt Poker
2007-09-04 08:01    <DIR>    d--------    C:\2983086415d44a436979
2007-09-02 15:29    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\My Battle for Middle-earth Files
2007-09-02 15:08    <DIR>    d--------    C:\Programmer\The Battle for Middle-earth
2007-09-01 14:55    162,304    --a------    C:\UNWISE.EXE
2007-08-24 20:19    <DIR>    d--------    C:\Incomplete
2007-08-05 17:11    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\Ahead
2007-08-01 16:02    43,520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 17:21    ---------    d--------    C:\Programmer\Steam
2007-09-29 17:32    ---------    d--------    C:\DOCUME~1\Mads\APPLIC~1\uTorrent
2007-09-29 17:29    ---------    d--------    C:\Programmer\LimeWire
2007-09-22 13:24    ---------    d--------    C:\Programmer\PKR
2007-09-22 12:59    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-23 15:52    ---------    d--------    C:\Programmer\World of Warcraft
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5227BF-0C5B-4EA8-833C-FE09F1496F39}]
2007-09-29 15:33    253952    --a------    C:\WINDOWS\div32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Programmer\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-06-23 19:29]
Avatar billede arlet Juniormester
30. september 2007 - 17:47 #7
Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\advpn.dll
C:\WINDOWS\syscore.dll
C:\WINDOWS\div32.dll
C:\WINDOWS\mssql.dll

Folder::
C:\DOCUME~1\Mads\APPLIC~1\uTorrent
C:\Programmer\LimeWire
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind(husk at få den hele med denne gang)
Avatar billede thormannxd Nybegynder
30. september 2007 - 19:00 #8
Når du siger Notepad-vindue, mener du notesblok, ikke?
Avatar billede arlet Juniormester
30. september 2007 - 19:23 #9
ja, det er det samme
Avatar billede thormannxd Nybegynder
30. september 2007 - 19:55 #10
Endnu en logfil?

ComboFix 07-09-21.2 - "Mads" 2007-09-30 19:45:10.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.239 [GMT 2:00]
Command switches used ::  C:\Documents and Settings\Mads\Skrivebord\Hj‘lp til virus xb\CFScript.txt.txt
* Created a new restore point

FILE::
C:\WINDOWS\advpn.dll
C:\WINDOWS\syscore.dll
C:\WINDOWS\div32.dll
C:\WINDOWS\mssql.dll
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Mads\APPLIC~1\uTorrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\18 WoS Haulin.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\Call Of Duty 2.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\Constance - Katja Kean.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\dht.dat
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\dht.dat.old
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\High.School.Musical.2.(2007).FS.HR.DSR.XviD-LaR.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\KatjaKean-Escorts.avi.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\resume.dat
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\resume.dat.old
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\rss.dat
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\rss.dat.old
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\settings.dat
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\settings.dat.old
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\Star Wars Knights of the Old Republic.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\The.Number.23[2007][Unrated.Edition][DvDrip[Eng]-aXXo.torrent
C:\DOCUME~1\Mads\APPLIC~1\uTorrent\utorrent.lng
C:\Programmer\LimeWire
C:\Programmer\LimeWire\.NetworkShare\LimeWirePackedJars4.10.9.7z
C:\Programmer\LimeWire\.NetworkShare\LimeWirePackedJars4.12.4.7z
C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.10.9.exe
C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.12.4.exe
C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.12.6.exe
C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe
C:\Programmer\LimeWire\COPYING
C:\Programmer\LimeWire\data.ser
C:\Programmer\LimeWire\High School Musical2 -Bet On It.mp3
C:\Programmer\LimeWire\install.log
C:\Programmer\LimeWire\language.prop
C:\Programmer\LimeWire\lib\clink.jar
C:\Programmer\LimeWire\lib\commons-httpclient.jar
C:\Programmer\LimeWire\lib\commons-logging.jar
C:\Programmer\LimeWire\lib\commons-net.jar
C:\Programmer\LimeWire\lib\commons-pool.jar
C:\Programmer\LimeWire\lib\daap.jar
C:\Programmer\LimeWire\lib\foxtrot.jar
C:\Programmer\LimeWire\lib\hashes
C:\Programmer\LimeWire\lib\httpcore-nio.jar
C:\Programmer\LimeWire\lib\httpcore.jar
C:\Programmer\LimeWire\lib\icu4j.jar
C:\Programmer\LimeWire\lib\id3v2.jar
C:\Programmer\LimeWire\lib\jcraft.jar
C:\Programmer\LimeWire\lib\jdic.dll
C:\Programmer\LimeWire\lib\jdic.jar
C:\Programmer\LimeWire\lib\jdic_stub.jar
C:\Programmer\LimeWire\lib\jl011.jar
C:\Programmer\LimeWire\lib\jmdns.jar
C:\Programmer\LimeWire\lib\LimeWire.ico
C:\Programmer\LimeWire\lib\LimeWire.jar
C:\Programmer\LimeWire\lib\log4j.jar
C:\Programmer\LimeWire\lib\log4j.properties
C:\Programmer\LimeWire\lib\looks.jar
C:\Programmer\LimeWire\lib\MessagesBundles.jar
C:\Programmer\LimeWire\lib\mp3sp14.jar
C:\Programmer\LimeWire\lib\ProgressTabs.jar
C:\Programmer\LimeWire\lib\SystemUtilities.dll
C:\Programmer\LimeWire\lib\SystemUtilitiesA.dll
C:\Programmer\LimeWire\lib\themes.jar
C:\Programmer\LimeWire\lib\tray.dll
C:\Programmer\LimeWire\lib\tritonus.jar
C:\Programmer\LimeWire\lib\vorbis.jar
C:\Programmer\LimeWire\LimeWire On Startup.lnk
C:\Programmer\LimeWire\LimeWire.exe
C:\Programmer\LimeWire\LimeWire.ico
C:\Programmer\LimeWire\pmf.ico
C:\Programmer\LimeWire\root\magnet10\badge.img
C:\Programmer\LimeWire\root\magnet10\canHandle.img
C:\Programmer\LimeWire\root\magnet10\limewire.gif
C:\Programmer\LimeWire\root\magnet10\options.js
C:\Programmer\LimeWire\root\magnet10\silentdetect.js
C:\Programmer\LimeWire\SOURCE
C:\Programmer\LimeWire\spacer.gif
C:\Programmer\LimeWire\StubInstaller.exe
C:\Programmer\LimeWire\uninstall.exe
C:\Programmer\LimeWire\unpack.log
C:\Programmer\LimeWire\xml.war
C:\WINDOWS\advpn.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\div32.dll
C:\WINDOWS\mssql.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\syscore.dll

.
(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 17:12    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-29 17:11    <DIR>    d--------    C:\Programmer\Incomplete
2007-09-28 13:06    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\vlc
2007-09-28 13:05    <DIR>    d--------    C:\Programmer\VLC
2007-09-22 12:59    <DIR>    d--------    C:\Programmer\Full Tilt Poker
2007-09-02 15:29    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\My Battle for Middle-earth Files
2007-09-02 15:08    <DIR>    d--------    C:\Programmer\The Battle for Middle-earth
2007-09-01 14:55    162,304    --a------    C:\UNWISE.EXE
2007-08-24 20:19    <DIR>    d--------    C:\Incomplete
2007-08-05 17:11    <DIR>    d--------    C:\DOCUME~1\Mads\APPLIC~1\Ahead
2007-08-01 16:02    43,520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 19:51    ---------    d--------    C:\Programmer\Steam
2007-09-22 13:24    ---------    d--------    C:\Programmer\PKR
2007-09-22 12:59    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-23 15:52    ---------    d--------    C:\Programmer\World of Warcraft
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Programmer\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-06-23 19:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Steam"="C:\Programmer\Steam\Steam.exe" [2007-06-28 08:36]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 22:46:07]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mssql"= {CEA369EE-830D-421C-AA0B-B9698819056D} - C:\WINDOWS\mssql.dll [ ]
"syscore"= {7EF1CB59-22D4-4A2B-9089-CCE6EA8EE4A3} - C:\WINDOWS\syscore.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Programmer\F-Secure\Common\FSPM.SYS
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-30 17:25:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:50:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FSAA]
"ImagePath"="\"C:\Programmer\F-Secure\Common\FSAA.EXE\""
.
Completion time: 2007-09-30 19:53:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:52
.
    --- E O F ---
Avatar billede arlet Juniormester
30. september 2007 - 20:04 #11
Gør det samme med denne her, som du gjorde : 30/09-2007 17:47:56

File::
C:\UNWISE.EXE

Så er det nok sidste log bagefter
Avatar billede thormannxd Nybegynder
30. september 2007 - 21:04 #12
Jeg skal bruge:

-------------------------
File::
C:\WINDOWS\advpn.dll
C:\WINDOWS\syscore.dll
C:\WINDOWS\div32.dll
C:\WINDOWS\mssql.dll

Folder::
C:\DOCUME~1\Mads\APPLIC~1\uTorrent
C:\Programmer\LimeWire
-------------------------
- igen, eller?
Avatar billede thormannxd Nybegynder
30. september 2007 - 21:22 #13
Jeg forstår ikke.
Det giver da ikke mening, hvis jeg skal køre den samme fil to gange?
Skal jeg ikke bruge en ny?
Avatar billede thormannxd Nybegynder
30. september 2007 - 21:31 #14
Please hjælp mig.
Jeg skal være væk hele ugen. Vil gerne lige have det her på plads.
Det kan da ikke passe, at jeg skal køre den samme fil i Combofix to gange i træk?
Please.
Avatar billede ejvindh Ekspert
01. oktober 2007 - 13:31 #15
Det var dette, arlet mente:

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\UNWISE.EXE
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind(husk at få den hele med denne gang)

=======================================================================

Derudover bør du også køre følgende, for at få ryddet op i din registreringsdatabase:

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.
Avatar billede thormannxd Nybegynder
05. oktober 2007 - 08:59 #16
ComboFix 07-10-05.3 - Mads 2007-10-05  8:54:49.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.174 [GMT 2:00]
Running from: C:\Documents and Settings\Mads\Lokale indstillinger\Temporary Internet Files\Content.IE5\D17TM5HF\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-09-05 to 2007-10-05  )))))))))))))))))))))))))))))))
.

2007-09-30 17:12    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-29 17:11    <DIR>    d--------    C:\Programmer\Incomplete
2007-09-28 13:06    <DIR>    d--------    C:\Documents and Settings\Mads\Application Data\vlc
2007-09-28 13:05    <DIR>    d--------    C:\Programmer\VLC
2007-09-22 12:59    <DIR>    d--------    C:\Programmer\Full Tilt Poker

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 08:50    ---------    d--------    C:\Programmer\Steam
2007-09-22 13:24    ---------    d--------    C:\Programmer\PKR
2007-09-22 12:59    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-02 17:16    ---------    d--------    C:\Documents and Settings\Mads\Application Data\My Battle for Middle-earth Files
2007-09-02 15:27    ---------    d--------    C:\Programmer\The Battle for Middle-earth
2007-08-23 15:52    ---------    d--------    C:\Programmer\World of Warcraft
2007-08-12 14:19    43520    --a------    C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-05 17:11    ---------    d--------    C:\Documents and Settings\Mads\Application Data\Ahead
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((  snapshot_2007-09-30_195151.75  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          135,168 2007-09-28 07:06:08  C:\WINDOWS\catchme.exe
-c--a-w          279,552 2007-10-05 08:07:31  C:\WINDOWS\system32\swreg.exe
.
----a-w          109,056 2007-07-19 22:47:22  C:\WINDOWS\catchme.exe
-c--a-w          279,552 2007-07-22 16:39:27  C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Programmer\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-06-23 19:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Steam"="C:\Programmer\Steam\Steam.exe" [2007-10-05 08:48]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 22:46:07]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programmer\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Programmer\F-Secure\Common\FSPM.SYS
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-30 19:25:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 08:57:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FSAA]
"ImagePath"="\"C:\Programmer\F-Secure\Common\FSAA.EXE\""
.
Completion time: 2007-10-05  8:58:34
C:\ComboFix-quarantined-files.txt ... 2007-10-05 08:58
C:\ComboFix2.txt ... 2007-09-30 21:46
C:\ComboFix3.txt ... 2007-09-30 21:43
.
    --- E O F ---
Avatar billede thormannxd Nybegynder
05. oktober 2007 - 09:12 #17
Så er det vidst væk.
Tak for hjælpen til jer begge.
Avatar billede ejvindh Ekspert
05. oktober 2007 - 09:15 #18
Logfilen fra Combofix er ikke helt ren. Men hvis du har kørt Smitfraudfix efter at du kørte Combofix, så har den taget det sidste.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »