LockBreaker Skrevet 18. juni 2008 Del Skrevet 18. juni 2008 (endret) Hei. Jeg lurer på om det er noen som finner noe unormalt med denne loggen. PC-en har vært litt treg i det siste. Og SAS har funnet en del Tracking Cookies og fjernet dem. Derfor tenkte jeg det var lurt å la noen som har peiling ta en titt, så ikke jeg sletter i hytt og pine. Loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:32:04, on 18.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\WINDOWS\TEMP\YGF402.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Opera\opera.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205596073077 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9852 bytes Mvh LockBreaker Endret 20. juni 2008 av LockBreaker Lenke til kommentar
r2d290 Skrevet 18. juni 2008 Del Skrevet 18. juni 2008 (endret) Jeg ser ikke noe galt med HijackThis-loggen din. Hjalp det å slette cookies? Lenge siden du har diskfragmentert? edit: ble maskinen plutselig treg, eller gradvis? Endret 18. juni 2008 av r2d290 Lenke til kommentar
LockBreaker Skrevet 18. juni 2008 Forfatter Del Skrevet 18. juni 2008 Det hjalp bittelitt når jeg slettet cookies. Men ikke det var ikke veldig merkbart. Kun litt. Lenge siden jeg diskfragmenterte. Ja, jeg vil si det. Har ikke gjort det siden sist jeg formaterte. Forbindes det noen som helst risiko med diskfragmentering? Sist gang jeg gjorde det, byttet noen filer plassering og jeg klarte ikke å finne dem igjen. Bør vel diskfragmentere da eller? Lenke til kommentar
r2d290 Skrevet 18. juni 2008 Del Skrevet 18. juni 2008 (endret) Venter du litt, skal jeg finne et program for diskfragmentering som vist nok skal være bedre enn det til windows. Har hørt om et par tilfeller der det skjærer seg å diskfragmentere, men har aldri selv opplevd noen problemer med det. Av SNIPPSAT (med litt modifikasjoner): Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Gå til "hovedsiden" av Ccleaner, og trykk scan. gjør dette mange ganger, til den ikke finner fler temp-files. Kjør register-renser ogsvar ja til og reparere, og til å ta backup av registeret. Defragmering kan være greit og gjøre nå. Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag Kontroll over alt som starter opp og kjører på pcen. AutoRuns + Process Explorer Start->kjør Skriv: msconfig Under fanen [oppstart[/b] velger du å fjerne alt du vet hva er, men som du ikke behøver i oppstarten. Her har du litt og pussle med. Endret 18. juni 2008 av r2d290 Lenke til kommentar
LockBreaker Skrevet 18. juni 2008 Forfatter Del Skrevet 18. juni 2008 (endret) Går greit å bare bruke det som er i Windows også? Takk for hjelpen forresten. Endret 18. juni 2008 av LockBreaker Lenke til kommentar
r2d290 Skrevet 18. juni 2008 Del Skrevet 18. juni 2008 Sikkert bedre enn ingenting Lenke til kommentar
LockBreaker Skrevet 19. juni 2008 Forfatter Del Skrevet 19. juni 2008 (endret) SAS fant 5 stk trojanere her nå + 2 stk tracking cookies. Har ikke peiling på hvor de kan ha kommet fra. Surfer med SiteAdwisor, så er ikke innom annet en sider med "grønn hake" på. Laster opp ny logg. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:15, on 19.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\TEMP\OV67E3.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205596073077 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9632 bytes SAS ba meg om å restarte for å gjøre ferdig prosessen med å sette dem i karantene. Gjorde som jeg fikk beskjed om og kjører nå nytt søk etter flere potensielt skadelige filer. Endret 19. juni 2008 av LockBreaker Lenke til kommentar
johome Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 Her er to gode programmer for diskfragmentering : Auslogis Disk Defrag Iobit Disk Defrag Lenke til kommentar
r2d290 Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 Jeg ser fortsatt ikke noe galt med loggen din. Kunne du poste loggen som SAS lagde? Start programmet. Velg: Preferences->statistics/logs Du kan kanskje kjøre Combofix, så får vi se om noen kan se på den. Last ned Combofix, og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
LockBreaker Skrevet 19. juni 2008 Forfatter Del Skrevet 19. juni 2008 (endret) ComboFix 08-06-16.5 - John Ola 2008-06-19 21:28:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1425 [GMT 2:00] Running from: C:\Documents and Settings\John Ola\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))) . 2008-06-17 20:07 . 2008-06-17 20:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-17 19:46 . 2008-06-17 19:46 715 --a------ C:\WINDOWS\ManagerPLUS.INI 2008-06-16 22:06 . 2008-06-16 22:06 <DIR> d-------- C:\Documents and Settings\John Ola\Application Data\Apple Computer 2008-06-16 22:06 . 2008-06-16 22:06 <DIR> d-------- C:\DOCUME~1\JOHNOL~1\APPLIC~1\Apple Computer 2008-06-16 22:05 . 2008-06-16 22:06 <DIR> d-------- C:\Program Files\iTunes 2008-06-16 22:05 . 2008-06-16 22:05 <DIR> d-------- C:\Program Files\iPod 2008-06-16 22:05 . 2008-06-16 22:05 <DIR> d-------- C:\Program Files\Bonjour 2008-06-16 22:04 . 2008-06-16 22:05 <DIR> d-------- C:\Program Files\QuickTime 2008-06-16 22:04 . 2008-06-16 22:04 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-16 22:04 . 2008-06-16 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2008-06-16 22:03 . 2008-06-16 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-06-16 22:03 . 2008-06-16 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2008-06-14 10:14 . 2008-06-14 10:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-06-14 10:13 . 2008-06-14 10:14 <DIR> d-------- C:\temp\ext18866 2008-06-14 10:13 . 2008-06-14 10:13 <DIR> d-------- C:\temp 2008-06-11 13:45 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 13:42 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-02 18:38 . 2008-06-02 18:38 563 --a------ C:\hpfr5550.xml 2008-06-02 18:28 . 2004-10-08 03:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-06-02 18:27 . 2008-06-02 18:27 <DIR> d-------- C:\Documents and Settings\John Ola\Application Data\Share-to-Web-opplastingsmappe 2008-06-02 18:27 . 2008-06-02 18:27 <DIR> d-------- C:\DOCUME~1\JOHNOL~1\APPLIC~1\Share-to-Web-opplastingsmappe 2008-06-02 18:26 . 2008-06-02 18:28 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-06-02 18:25 . 2008-06-02 18:25 <DIR> d-------- C:\Program Files\HP Photosmart 11 2008-06-02 18:25 . 2008-06-02 18:25 34 --a------ C:\WINDOWS\hpfsched.ini 2008-06-02 18:24 . 2002-11-22 21:49 356,352 --------- C:\WINDOWS\system32\hphc3204.dll 2008-06-02 18:24 . 2002-11-22 21:49 50,896 -ra------ C:\WINDOWS\system32\drivers\hphid411.sys 2008-06-02 18:24 . 2002-11-22 21:49 50,276 -ra------ C:\WINDOWS\system32\drivers\hphs2k11.sys 2008-06-02 18:24 . 2002-11-22 21:49 18,928 -ra------ C:\WINDOWS\system32\drivers\hphius11.sys 2008-06-02 18:24 . 2002-11-22 21:49 16,112 -ra------ C:\WINDOWS\system32\drivers\hphipr11.sys 2008-06-02 18:24 . 2002-11-22 21:49 4,760 --------- C:\WINDOWS\hphmdl11.dat 2008-06-02 10:22 . 2008-06-17 20:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-06-02 10:22 . 2008-06-17 20:08 <DIR> d-------- C:\Documents and Settings\John Ola\Application Data\SUPERAntiSpyware.com 2008-06-02 10:22 . 2008-06-17 20:08 <DIR> d-------- C:\DOCUME~1\JOHNOL~1\APPLIC~1\SUPERAntiSpyware.com 2008-06-02 10:22 . 2008-06-02 10:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2008-05-29 12:34 . 2008-05-29 12:34 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows 2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-05-23 10:40 . 2008-05-23 10:40 <DIR> d-------- C:\ADOBE_ACROBAT_PLUGINS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 17:53 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-15 11:53 --------- d-----w C:\Program Files\EA GAMES 2008-06-15 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-14 22:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrdnettPluss 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 13:41 --------- d-----w C:\Program Files\Opera 2008-06-06 09:47 --------- d-----w C:\Documents and Settings\John Ola\Application Data\OpenOffice.org2 2008-06-06 09:47 --------- d-----w C:\DOCUME~1\JOHNOL~1\APPLIC~1\OpenOffice.org2 2008-05-24 09:06 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 08:53 --------- d-----w C:\Program Files\Paint.NET 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-18 13:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-04 17:44 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-04-04 16:25 22,328 ----a-w C:\Documents and Settings\John Ola\Application Data\PnkBstrK.sys 2008-04-04 16:25 22,328 ----a-w C:\DOCUME~1\JOHNOL~1\APPLIC~1\PnkBstrK.sys 2008-03-30 13:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-30 13:26 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-03-17 19:03 32 ----a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 21:03 7557120] "nwiz"="nwiz.exe" [2006-03-21 21:03 1519616 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-03-21 21:03 73728 C:\WINDOWS\system32\nvhotkey.dll] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 16:41 24649] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-14 21:24 36904] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 00:43 702072] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 21:49 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 21:48 348160] "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 21:50 49152] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [4/26/2007 1:35:24 PM 2048074] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35089:TCP"= 35089:TCP:Trend Micro OfficeScan Listener R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 12:20] R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 23:43] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50] S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c0544f9-3560-11dd-96ff-001302ac02eb}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk-Games.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{723da530-f353-11dc-9556-0015c53dfc53}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winupdate.exe \Shell\menu\command - F:\winupdate.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c70438d-321b-11dd-96fe-0015c53dfc53}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winupdate.exe \Shell\menu\command - E:\winupdate.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-19 21:30:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-19 21:31:18 ComboFix-quarantined-files.txt 2008-06-19 19:31:14 Pre-Run: 82,114,502,656 bytes free Post-Run: 82,111,045,632 bytes free 205 --- E O F --- 2008-06-11 12:06:59 Combofix log. Men skal alt skifte farge etc. inkl startlinje osv.? SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/19/2008 at 07:58 PM Application Version : 4.15.1000 Core Rules Database Version : 3485 Trace Rules Database Version: 1476 Scan type : Complete Scan Total Scan Time : 03:15:34 Memory items scanned : 455 Memory threats detected : 1 Registry items scanned : 5355 Registry threats detected : 2 File items scanned : 22077 File threats detected : 4 Trojan.Smss/Win C:\WINDOWS\SMSS.EXE C:\WINDOWS\SMSS.EXE [Microsoft Updater] C:\WINDOWS\SMSS.EXE [Microsoft Updater] C:\WINDOWS\SMSS.EXE C:\WINDOWS\Prefetch\SMSS.EXE-0B973AA6.pf Adware.Tracking Cookie C:\Documents and Settings\John Ola\Cookies\john_ola@tradedoubler[1].txt C:\Documents and Settings\John Ola\Cookies\john_ola@atdmt[2].txt SAS sin logg. Kan jeg slette Combofix igjen nå? Endret 19. juni 2008 av LockBreaker Lenke til kommentar
r2d290 Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 (endret) La Combofix være litt til. Noen andre må se på den. Hva mener du med å skifte farge? Mulig temaet ble forandret, men det kan du isåfall bare sette tilbake igjen. Endret 19. juni 2008 av r2d290 Lenke til kommentar
LockBreaker Skrevet 19. juni 2008 Forfatter Del Skrevet 19. juni 2008 (endret) Vel alt fikk den tradisjonelle Windows looken. Den du finner i eldre operativsystemer som ME og Windows 98. Var bare å forandre det tilbake, men tenkte jeg skulle spørre om det var meningen at det skulle skje. Temaet jeg mente ja. Hvordan så loggen ut? Endret 19. juni 2008 av LockBreaker Lenke til kommentar
norbat Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 (endret) Loggen ser rimelig grei ut. Det er et par oppføringer til som skal fjernes, men prøv dette først: Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en full systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste Endret 19. juni 2008 av norbat Lenke til kommentar
r2d290 Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 Takk, norbat. Fint med hjelp Lenke til kommentar
LockBreaker Skrevet 20. juni 2008 Forfatter Del Skrevet 20. juni 2008 (endret) MBam fant en trojan. Har nå fjernet den. Logg ligger i spoiler. Malwarebytes' Anti-Malware 1.18 Database versjon: 871 09:57:06 20.06.2008 mbam-log-6-20-2008 (09-57-06).txt Skann type: Full Skann (C:\|) Objekter skannet: 102995 Tid tilbakelagt: 34 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Documents and Settings\John Ola\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully. Fant trojaneren på Symantec. Risk level: Very low. ( http://www.symantec.com/security_response/...-99&tabid=2 ) Fant den også på Sunbelt sine sider med Risk level: High ( http://research.sunbelt-software.com/threa...;threatid=41353 ) Det er en god stund siden, men jeg husker jeg hadde et E-Bay icon på skrivebordet en gang. Men slettet det. Skjønte ikke hvordan det hadde kommet dit, Norton fant jo ikke noe mistenkelig. Kjører nå nytt søk med MBam og poster ny logg etter jeg har gjort dette. (Kommer under her) Malwarebytes' Anti-Malware 1.18 Database versjon: 871 10:41:26 20.06.2008 mbam-log-6-20-2008 (10-41-26).txt Skann type: Full Skann (C:\|) Objekter skannet: 103329 Tid tilbakelagt: 33 minute(s), 37 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 20. juni 2008 av LockBreaker Lenke til kommentar
LockBreaker Skrevet 20. juni 2008 Forfatter Del Skrevet 20. juni 2008 Ikke noe mer? PCen skal være frisk da? Lenke til kommentar
norbat Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 Pc'n skal være frisk nå På vegne av r2d290 sier jeg surf trygt! Lenke til kommentar
r2d290 Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 Ja, Surf trygt Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Lenke til kommentar
LockBreaker Skrevet 20. juni 2008 Forfatter Del Skrevet 20. juni 2008 Tusen hjertelig takk for all hjelp. Vet ikke hva jeg skulle gjort uten dere. Mange tusen takke takk. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå