grane11 Skrevet 28. august 2008 Del Skrevet 28. august 2008 Hei her er en combofix rapport? Håper noen kan ta en kikk på den. Etter å ha kjørt combofix får jeg også denne mld når jeg skal åpne symantec antivirus: An error occured while loading savrt32.dll. ComboFix 08-08-27.05 - HC 2008-08-28 8:04:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1025 [GMT 2:00] Running from: C:\Documents and Settings\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Secure Solutions C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827180900062.log C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\4S66C8M4\bin.clearspring.com C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\4S66C8M4\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Guest\Cookies\[email protected][1].txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\kmweudtn.dll C:\WINDOWS\system32\mmjshx.dll C:\WINDOWS\system32\smoxnkwj.ini C:\WINDOWS\system32\VuxIRqru.ini C:\WINDOWS\system32\VuxIRqru.ini2 . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-28 08:01 . 2008-08-28 08:02 2,835,705 -ra------ C:\Documents and Settings\ComboFix.exe 2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe 2008-08-27 21:49 . 2008-08-27 22:42 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-27 21:38 . 2008-08-27 21:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG 2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-27 21:38 . 2008-08-27 21:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 21:38 . 2008-08-27 21:38 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-27 21:38 . 2008-08-27 21:38 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe 2008-08-27 19:42 . 2008-08-27 19:42 111,108 --a------ C:\WINDOWS\system32\msxml71.dll 2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm 2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm 2008-08-27 18:18 . 2008-08-27 18:18 103,552 --a------ C:\WINDOWS\system32\jwknxoms.dll 2008-08-27 18:08 . 2008-08-27 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent 2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent 2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007 2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe 2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007 2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp 2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe 2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite 2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm 2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm 2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon 2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools 2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe 2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm 2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm 2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm 2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe 2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe 2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe 2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe 2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe 2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent 2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm 2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm 2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent 2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero 2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent 2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins 2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line 2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire 2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf 2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe 2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe 2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe 2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe 2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] "DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552] "PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728] "SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 21:38 1177368] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968] "AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY] 2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mmjshx.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13] R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17] R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-07-08 23:06] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-09-23 16:48] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 21:38] R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-27 21:38] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 21:38] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 21:38] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13] R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 22:38] R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15] R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-22 06:58] S2 TACXDEV;Tacx I-magic Trainer USB Driver (I-magic.sys);C:\WINDOWS\system32\Drivers\I-magic.sys [2004-09-29 11:45] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14] S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22] S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22] S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22] S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22] S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22] S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22] S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22] S3 OemF0211;OemF0211;C:\WINDOWS\system32\DRIVERS\OemF0211.sys [2007-04-10 13:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-08-27 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - BHO-{635637DF-B84C-4861-8870-002F0B6FB55A} - C:\WINDOWS\system32\urqRIxuV.dll BHO-{bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file) HKCU-Run-A00F115A62.exe - C:\DOCUME~1\HC\LOCALS~1\Temp\_A00F115A62.exe HKLM-Run-Microsoft WinUpdate - C:\WINDOWS\system32\Setup_ver1.1431.0.exe HKLM-Run-inrhce1wj0ec61 - C:\Documents and Settings\HC\Local Settings\Temp\.ttF.tmp.exe HKLM-Run-lphca1wj0ec61 - C:\WINDOWS\system32\lphca1wj0ec61.exe ShellExecuteHooks-{FEEAD861-8455-42F3-8A7E-B7756084BB36} - C:\WINDOWS\system32\iifddeCs.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.startsiden.no/ O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 08:12:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-08-28 8:18:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-28 06:18:03 Pre-Run: 2,966,671,360 bytes free Post-Run: 2,967,904,256 byte ledig 295 --- E O F --- 2008-08-27 01:01:26 Lenke til kommentar
r2d290 Skrevet 28. august 2008 Del Skrevet 28. august 2008 (endret) Hallo Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Deretter en ny logg fra Combofix, og så HijackThis: Gjør følgende: Last ned 'HijackThis'. Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile. Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda. Post alle tre loggene (MBAM, Combofix og HijackThis, så fortsetter vi med opprensingen etter det edit: ser at du har installert SAS... Hvis du har kjørt det i det siste, poster du loggen til SAS (start programmet: preferences->statestics/logs) Endret 28. august 2008 av r2d290 Lenke til kommentar
grane11 Skrevet 28. august 2008 Forfatter Del Skrevet 28. august 2008 Takk for hjelp så langt, skal gjøre dette:) Men skal inn på statoilhydro sin arbridstaker side ved og bruke koder osv og da bruker den en citrix "ting" for og komme inn på denne. Men får denne beskjeden: You do NOT have the Citrix ICA Client (ActiveX) for 32-bit Windows installed on your system. The Citrix Java Client will be used to launch your applications if you do not install a Citrix ICA Client on your system. Og på den symantec virusprogrammet var det og en ting med 32 som ikke fungerte, vil dette fungere etter og ha gjort det dere sier? eller må jeg gjøre noe annet? Lenke til kommentar
r2d290 Skrevet 28. august 2008 Del Skrevet 28. august 2008 Slutta det å fungere før eller etter du kjørte Combofix? Vi får starte med å gjøre maskinen din ren for malware, så får vi eventuelt se hva vi får gjort etterpå med det andre problemet. Mulig du må kontakte IT-ansvarlig for å få det installert på nytt. Vet ikke helt... Lenke til kommentar
grane11 Skrevet 28. august 2008 Forfatter Del Skrevet 28. august 2008 Malwarebytes' Anti-Malware 1.25 Database versjon: 1090 Windows 5.1.2600 Service Pack 2 13:58:14 28.08.2008 mbam-log-08-28-2008 (13-58-14).txt Skanntype: Rask Skann Objekter skannet: 51256 Tid tilbakelagt: 4 minute(s), 44 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f115a62.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhce1wj0ec61 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphca1wj0ec61 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\jwknxoms.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully. ComboFix 08-08-27.05 - HC 2008-08-28 14:02:09.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1381 [GMT 2:00] Running from: C:\Documents and Settings\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe 2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix 2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT 2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe 2008-08-28 08:01 . 2008-08-28 08:02 2,835,705 -ra------ C:\Documents and Settings\ComboFix.exe 2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe 2008-08-27 21:49 . 2008-08-27 22:42 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-27 21:38 . 2008-08-27 21:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG 2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-27 21:38 . 2008-08-27 21:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 21:38 . 2008-08-27 21:38 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-27 21:38 . 2008-08-27 21:38 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe 2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm 2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm 2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent 2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent 2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007 2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe 2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007 2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp 2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe 2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite 2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm 2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm 2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon 2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools 2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe 2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm 2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm 2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm 2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe 2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe 2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe 2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe 2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe 2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent 2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm 2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm 2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent 2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero 2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent 2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins 2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line 2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire 2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf 2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe 2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe 2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe 2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe 2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-28_ 8.17.40.53 ))))))))))))))))))))))))))))))))))))))))) . - 2007-04-17 06:41:01 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe + 2008-08-28 06:20:58 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe - 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-28 06:20:58 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-28 06:20:58 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2007-03-03 20:40:48 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll + 2005-04-04 00:25:56 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] "DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552] "PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728] "SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 21:38 1177368] "AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY] 2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mmjshx.dllavgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13] R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17] R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-07-08 23:06] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-09-23 16:48] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 21:38] R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-27 21:38] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 21:38] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 21:38] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13] R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 22:38] R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15] R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-22 06:58] S2 TACXDEV;Tacx I-magic Trainer USB Driver (I-magic.sys);C:\WINDOWS\system32\Drivers\I-magic.sys [2004-09-29 11:45] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14] S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22] S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22] S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22] S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22] S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22] S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22] S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22] S3 OemF0211;OemF0211;C:\WINDOWS\system32\DRIVERS\OemF0211.sys [2007-04-10 13:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-08-28 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - BHO-{635637DF-B84C-4861-8870-002F0B6FB55A} - (no file) BHO-{bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.startsiden.no/ O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 14:04:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll . Completion time: 2008-08-28 14:06:41 ComboFix-quarantined-files.txt 2008-08-28 12:06:31 ComboFix2.txt 2008-08-28 06:18:10 Pre-Run: 2,934,964,224 bytes free Post-Run: 2,944,004,096 byte ledig 263 --- E O F --- 2008-08-27 01:01:26 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:13:53, on 28.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {635637DF-B84C-4861-8870-002F0B6FB55A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file) O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 14000 bytes Ja når det gjelder cintrix så virka det som den ordna seg etter combofix, men symantec kommer jeg ikke inn på Lenke til kommentar
r2d290 Skrevet 28. august 2008 Del Skrevet 28. august 2008 Problemet med symantec tar vi hvertfall når vi er ferdig med opprensingen... Lenke til kommentar
r2d290 Skrevet 28. august 2008 Del Skrevet 28. august 2008 (endret) PS: dersom dette er en firmaPC, bør du få godkjennelse av IT-ansvarlig før du fortsetter... Du har tre antivirusprogram (eller hvertfall rester av det): avira, avg, norton Å ha mer enn ett antivirusprogram vil skape uønskede konflikter. Bestem deg for et av de, og avinstaller de andre. Fortell meg hvilket du bestemmer deg for. Er du usikker på hvilket du skal velge, anbefaler jeg AviraAntivir. Jeg ser disse to linjene i loggen din. Jeg skal ikke være den som snakker etisk eller uetisk om piratkopiering, men vær litt kritisk til keygens. De har en tendens til å dra med seg diverse uønskede filer. Mens vi holder på med opprensingen, ønsker jeg at du kvitter deg med Keygenen (dersom du har lastet den ned). 2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent 2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent Du har AskToolbar installert på maskinen din. Dette er en toolbar som som oftest ikke er ønsket. Hvis du ønsker å kvitte deg med den, kan du gjøre det via legg til/fjern programmer. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene (hvis du finner de): O2 - BHO: (no name) - {635637DF-B84C-4861-8870-002F0B6FB55A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file) O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post, sammen med ny Combofix-logg edit: fortell også hvordan maskinen fungerer nå... Endret 28. august 2008 av r2d290 Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 (endret) ComboFix 08-08-28.06 - HC 2008-08-29 17:49:23.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT 2:00] Running from: C:\Documents and Settings\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2008-08-29 14:42 . 2008-08-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-28 18:13 . 2008-08-29 17:46 <DIR> d-------- C:\hjt 2008-08-28 18:13 . 2008-08-28 18:13 812,344 --a------ C:\HJT.exe 2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe 2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix 2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT 2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe 2008-08-28 08:01 . 2008-08-29 17:48 2,840,086 -ra------ C:\Documents and Settings\ComboFix.exe 2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG 2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR 2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe 2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm 2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm 2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent 2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent 2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007 2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe 2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007 2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp 2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe 2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite 2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm 2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm 2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon 2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools 2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe 2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm 2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm 2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm 2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe 2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe 2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe 2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe 2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe 2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent 2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm 2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero 2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 16:31 --------- d-----w C:\Program Files\Java 2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent 2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins 2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line 2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire 2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf 2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe 2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe 2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe 2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe 2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-28_ 8.17.40.53 ))))))))))))))))))))))))))))))))))))))))) . - 2007-04-17 06:41:01 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe + 2008-08-29 15:49:05 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe - 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-29 15:49:05 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-29 15:49:05 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-03-03 20:40:48 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll + 2005-04-04 00:25:56 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] "DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552] "PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728] "SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240] "AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY] 2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mmjshx.dllavgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13] R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17] R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14] S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22] S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22] S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22] S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22] S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22] S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22] S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-08-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.startsiden.no/ O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 18:02:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... ŠHýƒÀøöÁV„V [-1869574000] 0x7C910895 ŠHýƒÀøöÁV„V [-1869574000] 0x87845550 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll . Completion time: 2008-08-29 18:24:58 ComboFix-quarantined-files.txt 2008-08-29 16:23:04 ComboFix2.txt 2008-08-29 13:52:27 ComboFix3.txt 2008-08-28 12:06:45 ComboFix4.txt 2008-08-28 06:18:10 Pre-Run: 2,785,656,832 bytes free Post-Run: 2,782,703,616 byte ledig 249 --- E O F --- 2008-08-27 01:01:26 Fikk slettet avg, men avira fant jeg ikke, slettet også to keygenen, den ask baren fant jeg ikke i kontrollpanelet. Ellers fungerer ikke java, fikk det til i går. Men ville ikke idag og det var før det siste jeg har gjort. ordna også de 5 røde punktene du nevnte. Maskina går fint og virker for meg virus fri. Men de to punktene java og symantec fungerer ennå ikke, og java skulle jeg ihvertfall hatt igang. Endret 29. august 2008 av grane11 Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 (endret) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! hva betyr dette? Endret 29. august 2008 av grane11 Lenke til kommentar
snippsat Skrevet 29. august 2008 Del Skrevet 29. august 2008 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Kommer i alle logger,de er veldig få som har RECOVERY CONSOLE innstalert. Denne betyr at du får et valg om og starte RECOVERY CONSOLE når du booter pcen. Loggen ser fin ut. Post en ny hijackthis logg. Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 (endret) Ja den loggen der var helt ny så har ikke skjedd noe etter det tror jeg. Når det gjelder java , får jeg opp et lite vindu det står java(™) Plug-in Fatal Error The Java runtime environment cannot be loaded. har nå prøvd og slette og legge inn på nytt, så nå står det:several java virtuell machines running in the same process caused an error Endret 29. august 2008 av grane11 Lenke til kommentar
r2d290 Skrevet 29. august 2008 Del Skrevet 29. august 2008 1. Etter at jeg (og snippsat) ba deg om å poste HijackThis og Combofix-logg, har du bare postet combofix-logg (som du har postet i post #8.) Legg da også ut en HijackThis-logg 2. Har du restartet maskinen etter at du prøvde å avinstallere java? Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 ok det var en glipp, her kommer hijack loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:47:03, on 29.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13107 bytes ja har restarta og, er ikke noen verdens mester på pc. Og utrolig irriterende. Lenke til kommentar
r2d290 Skrevet 29. august 2008 Del Skrevet 29. august 2008 Hmm, du fikset de linjene jeg ba deg om i post #7? Ser ikke ut til at de har blitt fikset... Gå gjennom den posten, og fiks de linjene jeg har skrevet i rødt, i innlegg #7 Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 ja får prøve igjen, men gjorde det sånn du forklarte men gjør det igjen nå og legger ut en ny logg Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:39, on 29.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\hjt\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13436 bytes Lenke til kommentar
r2d290 Skrevet 29. august 2008 Del Skrevet 29. august 2008 De er der fortsatt Da ber jeg en av de andre supporterne om hjelp Lenke til kommentar
grane11 Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 (endret) hehe flott, til informasjon funker java i oprah men ikke explorer og får opp en mld etter og ha prøvd og bruke java i explorer instruksjonen i "0x00000000" refererte til adresse "0x00000000". Minnet kunne ikke våre "read" klikk ok for og avslutte programmet Endret 30. august 2008 av grane11 Lenke til kommentar
norbat Skrevet 30. august 2008 Del Skrevet 30. august 2008 Punkt 1: Slå av Teatimer (spybot) Punkt 2: Se om du får avinstallerte Ask Toolbar fra legg til/fjern programmer Punkt 3: Lukk alle nettlesere Punkt 4: Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll Punkt 5: Hent ny combofix som du kjører, og hjt på nytt, og post begge loggene Lenke til kommentar
grane11 Skrevet 30. august 2008 Forfatter Del Skrevet 30. august 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:02:03, on 31.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\hjt\HijackThis.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13130 bytes ComboFix 08-08-28.06 - HC 2008-08-30 21:02:35.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1463 [GMT 2:00] Running from: C:\Documents and Settings\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-29 22:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-29 22:54 . 2008-08-29 22:55 <DIR> d-------- C:\Program Files\Java 2008-08-29 22:54 . 2008-08-29 22:54 <DIR> d-------- C:\Program Files\Common Files\Java 2008-08-29 19:52 . 2008-08-29 19:52 382,352 --a------ C:\Documents and Settings\jre-6u7-windows-i586-p-iftw.exe 2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN70.tmp 2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN6F.tmp 2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN6E.tmp 2008-08-29 19:02 . 2008-08-29 19:02 268 --ah----- C:\sqmdata17.sqm 2008-08-29 19:02 . 2008-08-29 19:02 244 --ah----- C:\sqmnoopt17.sqm 2008-08-29 14:42 . 2008-08-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-28 18:13 . 2008-08-30 20:03 <DIR> d-------- C:\hjt 2008-08-28 18:13 . 2008-08-28 18:13 812,344 --a------ C:\HJT.exe 2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe 2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix 2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT 2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe 2008-08-28 08:01 . 2008-08-29 17:48 2,840,086 -ra------ C:\Documents and Settings\ComboFix.exe 2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe 2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG 2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR 2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe 2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm 2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm 2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent 2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent 2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007 2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe 2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works 2008-08-26 18:46 . 2008-08-29 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007 2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp 2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe 2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite 2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm 2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm 2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon 2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools 2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe 2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm 2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm 2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm 2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm 2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com 2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe 2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe 2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe 2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe 2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe 2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent 2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm 2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star 2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero 2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar 2008-07-18 08:44 . 2008-07-18 08:44 268 --ah----- C:\sqmdata10.sqm 2008-07-18 08:44 . 2008-07-18 08:44 244 --ah----- C:\sqmnoopt10.sqm 2008-07-17 20:07 . 2008-02-06 04:21 4,658,456 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys 2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Program Files\Logitech 2008-07-17 20:04 . 2008-07-17 20:07 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 21:09 --------- d-----w C:\Program Files\Google 2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent 2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins 2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line 2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf 2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe 2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe 2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe 2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe 2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] "DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-29 23:02 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552] "PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728] "SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY] 2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-30 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.startsiden.no/ O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 21:07:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll . Completion time: 2008-08-30 21:34:08 ComboFix-quarantined-files.txt 2008-08-30 19:31:12 ComboFix2.txt 2008-08-30 18:17:44 ComboFix3.txt 2008-08-29 16:25:21 ComboFix4.txt 2008-08-29 13:52:27 ComboFix5.txt 2008-08-30 19:02:25 Pre-Run: 1,744,748,544 bytes free Post-Run: 1,727,901,696 byte ledig 232 --- E O F --- 2008-08-29 20:59:26 Prøvde og fjerneask toolbar,men finner den ikke i legg til fjern i kontrollpanel. Haka også av ved de du sa på hjt:) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå