Mr. Ty Skrevet 6. september 2008 Del Skrevet 6. september 2008 Har en mistanke om at pc-en er litt infisert: Combofix: ComboFix 08-09-05.02 - asdf 2008-09-06 20:54:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.442 [GMT 2:00] Running from: C:\Documents and Settings\asdf\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-06 13:55 . 2008-09-06 13:55 <DIR> d-------- C:\WINDOWS\LastGood 2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Documents and Settings\asdf\Programdata\SUPERAntiSpyware.com 2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-09-05 22:58 . 2003-08-25 18:06 115,808 --a------ C:\WINDOWS\system32\iuctl.dll 2008-09-05 22:58 . 2003-08-25 18:14 7,781 --a------ C:\WINDOWS\system32\iuctl.cat 2008-09-05 22:58 . 2003-08-25 18:12 1,096 --a------ C:\WINDOWS\system32\iuctl.inf 2008-09-05 22:18 . 2008-09-05 22:18 <DIR> d-------- C:\Programfiler\TMXCorp 2008-09-05 16:41 . 2004-08-03 22:32 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-09-05 16:40 . 2001-10-09 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2008-09-05 16:39 . 2001-10-09 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-09-05 16:38 . 2004-08-04 01:03 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-09-05 16:36 . 2008-09-05 16:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-09-05 14:48 . 2001-10-09 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-09-05 14:47 . 2004-08-04 01:03 501,248 --a--c--- C:\WINDOWS\system32\dllcache\clbcatq.dll 2008-09-05 14:47 . 2004-08-04 01:03 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll 2008-09-05 14:04 . 2004-08-04 01:54 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp 2008-09-05 14:04 . 2004-08-04 02:01 1,014,193 -ra------ C:\WINDOWS\SETD2.tmp 2008-09-05 14:04 . 2004-08-04 01:54 14,043 -ra------ C:\WINDOWS\SETE1.tmp 2008-09-05 11:24 . 2008-09-05 15:02 10,752 --a------ C:\WINDOWS\DCEBoot.exe 2008-08-11 21:41 . 2008-08-11 21:41 170,868,003 --a------ C:\t3ik.7 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 18:59 --------- d-----w C:\Documents and Settings\asdf\Programdata\uTorrent 2008-09-06 11:54 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2008-09-06 11:54 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2008-09-06 11:54 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2008-09-06 11:54 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe 2008-09-05 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-09-05 19:26 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdu.DAT 2008-08-31 20:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-29 20:44 --------- d-----w C:\Programfiler\Fellesfiler\Nikon 2008-08-29 20:43 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL 2008-08-21 11:34 --------- d-----w C:\Programfiler\Opera 2008-08-15 10:54 --------- d-----w C:\Programfiler\PPMate 2008-08-14 14:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-04 14:05 --------- d-----w C:\Programfiler\MSXML 4.0 2008-08-03 21:18 --------- d-----w C:\Documents and Settings\asdf\Programdata\ArcSoft 2008-08-03 21:00 --------- d-----w C:\Documents and Settings\asdf\Programdata\Nikon 2008-08-03 20:54 --------- d-----w C:\Programfiler\Nikon 2008-08-03 20:54 --------- d-----w C:\Programfiler\Fellesfiler\muvee Technologies 2008-08-03 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nikon 2008-08-03 20:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Ultima_T15 2008-08-03 20:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\EnterNHelp 2008-08-03 20:52 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-08-03 20:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-03 20:51 --------- d-----w C:\Programfiler\ArcSoft 2008-08-02 22:18 --------- d-----w C:\Programfiler\Java 2008-08-01 20:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Publish Providers 2008-08-01 20:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\DivX 2008-08-01 20:38 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Sony 2008-07-31 23:14 --------- d-----w C:\Programfiler\Nokia 2008-07-31 23:12 --------- d-----w C:\Programfiler\Nokia PC Suite 6 2008-07-29 11:21 --------- d-----w C:\Programfiler\Last.fm 2008-07-26 11:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\ATI 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-17 16:32 --------- d-----w C:\Programfiler\ImTOO 2008-07-11 23:17 --------- d-----w C:\Documents and Settings\asdf\Programdata\DivX 2008-07-11 17:59 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-07-09 21:46 --------- d-----w C:\Programfiler\DivX 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2008-06-11 00:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2008-06-11 00:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll 2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Active Desktop Calendar"="C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-02-14 3723264] "Gadu-Gadu"="C:\Programfiler\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "Google Update"="C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 110592] "Wireless Console 2"="C:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "ASUS Live Update"="C:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152] "ATKMEDIA"="C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248] "ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-10-23 376921] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 36352] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048] "SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 544768] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-04-26 185896] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544] C:\Documents and Settings\asdf\Start-meny\Programmer\Oppstart\ CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BlueSoleil.lnk - C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-09 1167360] Nikon Monitor.lnk - C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe [2008-04-10 479232] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Programfiler\\aMSN\\bin\\wish.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 16269] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208] R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 1260672] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344] S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 34048] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{922c9018-ed5e-11dc-b982-001b11be7f30}] \Shell\AutoRun\command - G:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\asdf\Programdata\Mozilla\Firefox\Profiles\e5b68wkt.default\ FF -: plugin - C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Programfiler\Opera\program\plugins\npdivx32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 20:59:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Programfiler\XemiComputers\Active Desktop Calendar\MouseHook.dll . Completion time: 2008-09-06 21:01:02 ComboFix-quarantined-files.txt 2008-09-06 19:00:50 ComboFix2.txt 2008-04-13 15:09:18 Pre-Run: 28,236,910,592 byte ledig Post-Run: 30,117,191,680 byte ledig 207 --- E O F --- 2008-08-14 14:09:53 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:49, on 06.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\sm56hlpr.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\Programfiler\Trend Micro\TrendSecure\TSCFCommander.exe C:\Programfiler\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\aMSN\bin\wish.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\asdf\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Programfiler\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programfiler\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Nikon Monitor.lnk = C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1220630631826 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205095031109 O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing) O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) -- End of file - 10962 bytes Lenke til kommentar
norbat Skrevet 6. september 2008 Del Skrevet 6. september 2008 Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk: C:\WINDOWS\DCEBoot.exe Gi tilbakemelding om det ble funnet noe på fila. Lenke til kommentar
Mr. Ty Skrevet 6. september 2008 Forfatter Del Skrevet 6. september 2008 Fant ingenting. Lenke til kommentar
norbat Skrevet 6. september 2008 Del Skrevet 6. september 2008 Da lar vi den være. Du kan bruke utforsker til å finne og slett følgende filer: C:\WINDOWS\SETD5.tmp C:\WINDOWS\SETD2.tmp C:\WINDOWS\SETE1.tmp Kan ikke se noe knyttet til malware i loggnee dine. Hva er det som gjør at du mistenker malware? Lenke til kommentar
Mr. Ty Skrevet 6. september 2008 Forfatter Del Skrevet 6. september 2008 Hm, vet ikke helt hvordan malware funker og hva det gjør, men har i hvert fall problem med at det ikke kommer lyd fra noen av nettleserene mine, windows update funker ikke og litt andre ting (lagde en tråd om problemene her). Tenkte kanskje det var noe virusgreier som gjorde dette ... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå