[RB211]

Hei folkens .. jeg bare åpnet en e-post og kom hit med en Antivirus XP 2008 viruset. Cant kvitt den. Hjelp stor pris ..

[evilfantasy]

Start HER

Post loggene når fullført.

[RB211]

Sorry kompis jeg ikke forstår .. Hva skal jeg gjøre med det?

[Hybr! D]

Ta deg tid til å lese den og deretter kjøre programvaren og etter loggfilene så kan vi se hva som skjer med din PC.

[RB211]

Heres loggene:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 05:20
Application Version: 4.15.1000
Core Rules Database Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Minne eks skannet: 268
Minne trusler oppdages: 1
Registerelementene skannet: 407
Registerverdi trusler oppdages: 26
Fil eks skannet: 6977
Fil trusler oppdages: 175
Rogue.AntiVirus XP 2008
C: \ Programfiler \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Programfiler \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008 \ Hvordan Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ system32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ system32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ annonsering [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. co [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dag [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ a [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ statcounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tripod [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ styrke [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ femten [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ windowsmedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ statcounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ kontoer [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ annonsering [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Klassifikasjon
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St art
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se curity
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se curity # Security
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals Bluescreen skjermbeskytter
C: \ WINDOWS \ system32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ system32 \ CBEVTSVC.EXE
C: \ WINDOWS \ Prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Origin
C: \ WINDOWS \ system32 \ PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1.19
Database versjon: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objekter skannet: 113635
Tid brukt: 42 minutt (er), 4 sekund (er)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(Ingen skadelige eks oppdaget)
Memory Modules Infected:
(Ingen skadelige eks oppdaget)
Registernøkler Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> karantene og slettet.
Registry Values Infected:
(Ingen skadelige eks oppdaget)
Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> karantene og slettet.
Folders Infected:
(Ingen skadelige eks oppdaget)
Files Infected:
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000029.exe (Trojan.Downloader) -> karantene og slettet.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000047.dll (Rogue.AntivirusXP2008) -> karantene og slettet.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> karantene og slettet.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> karantene og slettet.

JavaRa 1.08 Fjerning Log.Report følger etter linje .------------------------------------ The JavaRa fjerningsprosessen ble startet på Lør Jul 05 19:49:54 2008
Funnet og fjernet: C: \ Programfiler \ Java \ jre1.6.0_05Found og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4Found og fjernet: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_02Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_04Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_06Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_09Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_10Found og fjernet: Software \ Javasofts \ Java2D \ 1.5.0_11Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_02Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_04Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_06Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_09Found og fjernet: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Ferdig rapportering.


Takk fyrene

[evilfantasy]

Trenger Hijackthis log nå.

[RB211]

Oops beklager. Her er det:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 20:24:21, on 05/07/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ system32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ progra ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Programfiler \ QuickTime \ qttask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ United varsler \ UnitedAlerts.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programfiler \ ICQToolbar \ toolbaru.dll (fil mangler)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programfiler \ ICQToolbar \ toolbaru.dll (fil mangler)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Programfiler \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ progra ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Programfiler \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update delay 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Programfiler \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [United varsler] C: \ Programfiler \ United varsler \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Programfiler \ WinZip \ WZQKPICK.EXE
O8 - Extra sammenheng menyelement: & Google Search - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenheng menyelement: & ICQ Toolbar Search - res: / / C: \ Programfiler \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra sammenheng menyelement: & MSN Search - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll / search.htm
O8 - Extra sammenheng menyelement: Bakoverkoblinger - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenheng menyelement: Hurtigbufret side - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Åpne i ny background tab - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenheng menyelement: Åpne i ny forgrunnen tab - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenheng menyelement: Lignende sider - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenheng menyelement: Oversett til engelsk - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra knappen: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasse) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasse) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10438 bytes

[evilfantasy]

Fortsatt en del arbeid å gjøre.

Laste ned SDFix.exe og lagre det til skrivebordet ditt.

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(Stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix)

Nå deretter starte datamaskinen på nytt i Sikkermodus ved å gjøre følgende:

• Start maskinen på nytt
• Etter å ha hørt maskinen piper én gang under oppstart, men før Windows vises, trykker du F8 kontinuerlig;
• I stedet for Windows lasting som normalt, Avansert alternativmenyen skal vises;
• Velg det første alternativet, å kjøre Windows i sikkermodus, og trykk deretter på Angi.
• Velg din vanlige konto.
• Åpne de utpakkede SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.
• Type Y å starte Cleanup prosessen.
• Det vil fjerne enhver Trojan Service og registeroppføringene den finner deretter be deg om å trykke en tast for å starte på nytt.
• Trykk på en tast og det vil starte PC.
• Når PC-en starter Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
• Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt
  (Report.txt vil også bli kopiert til utklippstavlen).
• Endelig kopier og lim innholdet av resultatene fil Report.txt med en ny HijackThis log i neste svaret.

Hvis SDFix vil ikke publiseres eller du får feil, følg linken for å få instruksjoner om å kjøre SDFix. Slik bruker SDFix

----------

Neste innlegg legge
SDFix logg
EN NY Hijackthis logg

[RB211]

OK Neste logs

SDFix: Versjon 1.201
Kjør av Danny på 05/07/2008 til 21:08
Microsoft Windows XP [Versjon 5.1.2600]
Running Fra: C: \ Songs \ SDFix
Checking Services :

Gjenopprette Standard Security Verdier
Gjenopprette Default Hosts File
Start

Checking Files :
No Trojan Files Found



Fjerne Temp Files
ADS Check :


Final Check :
CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
skanning skjulte prosesser ...
skanning skjulte tjenester & Systemstrukturen ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
scanning hidden registeroppføringene ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
skanning skjulte filer ...
skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - RPC Server "
"C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe" = "C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Lokale Scanner "
"C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe" = "C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - Realtime monitor "
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Program Files \ \ United varsler \ \ UnitedAlerts.exe" = "C: \ \ Program Files \ \ United varsler \ \ UnitedAlerts.exe"
"C: \ \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed Installer"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ United varsler \ \ UnitedAlerts.exe" = "C: \ \ Program Files \ \ United varsler \ \ UnitedAlerts.exe"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
Resterende Filer :

Filer med skjulte attributter :
Onsdag 26 januar 2005 4.704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Onsdag 13 juli 2005 4.348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Lørdag 5 juli 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Mandag 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Lokale innstillinger \ Temp \ Mar15.tmp"
Mandag 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Lokale innstillinger \ Temp \ Mar9.tmp"
Mandag 13 juni 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Lokale innstillinger \ Temp \ MarA.tmp"
Lørdag 5 juli 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Onsdag 13 juli 2005 4.348 ... H. --- "C: \ Documents and Settings \ Danny \ Mine dokumenter \ Min musikk \ License Backup \ drmv1key.bak"
Onsdag 25 januar 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Mine dokumenter \ Min musikk \ License Backup \ drmv1lic.bak"
Onsdag 13 juli 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Mine dokumenter \ Min musikk \ License Backup \ drmv2key.bak"
Ferdig!


og


Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 21:33:52, on 05/07/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Programfiler \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ system32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ progra ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Programfiler \ QuickTime \ qttask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ United varsler \ UnitedAlerts.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Programfiler \ WinZip \ WZQKPICK.EXE
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programfiler \ ICQToolbar \ toolbaru.dll (fil mangler)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Programfiler \ ICQToolbar \ toolbaru.dll (fil mangler)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Programfiler \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ progra ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Programfiler \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update delay 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Programfiler \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [United varsler] C: \ Programfiler \ United varsler \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programfiler \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Programfiler \ WinZip \ WZQKPICK.EXE
O8 - Extra sammenheng menyelement: & Google Search - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenheng menyelement: & ICQ Toolbar Search - res: / / C: \ Programfiler \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra sammenheng menyelement: & MSN Search - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll / search.htm
O8 - Extra sammenheng menyelement: Bakoverkoblinger - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenheng menyelement: Hurtigbufret side - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra sammenheng menyelement: Åpne i ny background tab - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenheng menyelement: Åpne i ny forgrunnen tab - res: / / C: \ Programfiler \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra sammenheng menyelement: Lignende sider - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenheng menyelement: Oversett til engelsk - res: / / C: \ Programfiler \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra knappen: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasse) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasse) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Programfiler \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10422 bytes

[evilfantasy]

Jeg trenger å få litt mer informasjon om et par filer. Innlegg linkene her til resultater når fullført.

Scan Mistenkelige fil (er)

Besøk Virustotal
(Hvis flere filer må skannes de må lages separat og logger postet for hver)

• Kopier filbanen i nedenfor Code boksen:

Code:

C: \ Programfiler \ rhcpv6j0erel \ rhcpv6j0erel.exe

• Ved opplasting området, klikk en gang inne i vinduet ved siden av Browse.
• Trykk Ctrl + V på tastaturet (begge samtidig) for å lime inn filbanen i vinduet.
• Neste Klikk Send fil
  • Filen vil muligens bli inngått en kø som normalt tar mindre enn et minutt å fjerne.
• Dette vil utføre en skanning på tvers av flere ulike virussøk motorer.
• Viktig: Vent til alle de skanning motorer å fullføre.
• Kopier og lim linken til resultatene i de neste svar.

Nå gjøre det samme med denne filen.

Code:

C: \ Programfiler \ United varsler \ UnitedAlerts.exe