gravitation Skrevet 28. september 2008 Del Skrevet 28. september 2008 (endret) Jeg fikk adware.agent.zo på pc'en for en tid tilbake, prøvde å fjerne den med spyware doctor, men det fungerte ikke. Nå er pc'en begynt å restarte etter at den har vært påskrudd i ca 2min(Jeg går utifra at dette skjer pga trojaneren?) Pc'en det er snakk om er forøvrig en hp compaq nx6325(skolepc) Endret 30. september 2008 av gravitation Lenke til kommentar
Svenni212000 Skrevet 28. september 2008 Del Skrevet 28. september 2008 Jeg ville startet med Avira AntiVir Rescue System Når du er ferdig å søke gjennom maskinen med Avira AntiVir Rescue System, tar du å midlertidig slår av Systemgjenopprettingsfunksjonen og utfører disse punktene: Hvordan aktivere eller deaktivere systemgjenoppretting i Vista? Hvordan aktivere eller deaktivere systemgjenoppretting i XP? Kjør og post loggene fra følgende programmer: SUPERAntiSpyware Free {-Kjør Full Scan-} Dr.Web CureIt! {-Kjør Full Scan-} Combofix og til slutt; HijackThis -- PS: Har du problemer med å installere programmer pga en form for sperring, kan du; Bytte SUPERAntiSpyware mot ewido anti-spyware micro scanner Lenke til kommentar
gravitation Skrevet 30. september 2008 Forfatter Del Skrevet 30. september 2008 (endret) Okei, logger: Superantispyware SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 09/30/2008 at 08:28 PM Application Version : 4.21.1004 Core Rules Database Version : 3582 Trace Rules Database Version: 1570 Scan type : Complete Scan Total Scan Time : 00:44:20 Memory items scanned : 553 Memory threats detected : 0 Registry items scanned : 4207 Registry threats detected : 13 File items scanned : 20628 File threats detected : 173 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAMFILER\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.Tracking Cookie C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@xiti[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@nrk[2].txt C:\Documents and Settings\Lena\Cookies\lena@insightexpressai[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\lena@kontera[2].txt C:\Documents and Settings\Lena\Cookies\lena@bravenet[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@xpsecuritycenter[2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@chitika[1].txt C:\Documents and Settings\Lena\Cookies\lena@advertising[2].txt C:\Documents and Settings\Lena\Cookies\[email protected][3].txt C:\Documents and Settings\Lena\Cookies\lena@adrevolver[1].txt C:\Documents and Settings\Lena\Cookies\lena@revsci[3].txt C:\Documents and Settings\Lena\Cookies\lena@partypoker[2].txt C:\Documents and Settings\Lena\Cookies\lena@statcounter[2].txt C:\Documents and Settings\Lena\Cookies\lena@realmedia[1].txt C:\Documents and Settings\Lena\Cookies\lena@tripod[1].txt C:\Documents and Settings\Lena\Cookies\lena@apmebf[1].txt C:\Documents and Settings\Lena\Cookies\lena@a[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\lena@dmtracker[1].txt C:\Documents and Settings\Lena\Cookies\lena@adserver[1].txt C:\Documents and Settings\Lena\Cookies\lena@toplist[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@clickbank[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@mywebsearch[2].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\lena@myroitracking[1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\lena@checkstat[2].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Cookies\lena@revsci[2].txt C:\Documents and Settings\Lena\Cookies\lena@adbrite[1].txt C:\Documents and Settings\Lena\Cookies\lena@tacoda[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@partypoker[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@winantivirus[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@specificclick[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@atdmt[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@casalemedia[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adrevolver[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adrevolver[3].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@tribalfusion[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@serving-sys[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@mediatraffic[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@accounts[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@revenueexplorer[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@drivecleaner[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@smileycentral[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@indexstats[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@tradedoubler[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@cassava[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adserver[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@stillcantfindwhatyouarelookingfor[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@advertising[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@clicksor[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@mywebsearch[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@targetnet[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@bluestreak[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@statcounter[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@tacoda[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@burstnet[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@hitbox[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adnetserver[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@fastclick[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adbrite[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@2o7[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@adtech[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@apmebf[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@atwola[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@bravenet[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@cpvfeed[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@doubleclick[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@insightexpressai[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@mediaplex[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@overture[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@questionmarket[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@realmedia[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@revenue[2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@revsci[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@tripod[1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Cookies\lena@zedo[1].txt Adware.UpMedia/SearchTool HKU\S-1-5-21-2089234509-2154071036-3969649739-1006\Software\UptownInstaller Trojan.Downloader-Gen/Suspicious C:\DOCUMENTS AND SETTINGS\LENA\LOKALE INNSTILLINGER\TEMP\18D.TMP Trojan.Net-4LWT C:\DOCUMENTS AND SETTINGS\LENA\LOKALE INNSTILLINGER\TEMP\188.TMP.XXX Trojan.SoftCashier-Installer/A C:\DOCUMENTS AND SETTINGS\LENA\LOKALE INNSTILLINGER\TEMP\UNINST.EXE.XXX Trojan.Unclassified/CRU629 C:\WINDOWS\CRU629.DAT.XXX C:\WINDOWS\SYSTEM32\CRU629.DAT.XXX Trace.Known Threat Sources C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\AXIXK1EV\Binaries3[1].zip C:\Documents and Settings\Lena\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\2DQX2ZO5\Binaries2[1].zip DrWeb 189.tmp.XXX;C:\Documents and Settings\Lena\Lokale innstillinger\Temp;Trojan.DownLoader.18993;Slettet.;18A.tmp.XXX;C:\Documents and Settings\Lena\Lokale innstillinger\Temp;Win32.HLLM.Bid;Slettet.; ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Lena\Skrivebord\ComboFix.exe;Sannsynlighvis BATCH.Virus;; ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\Lena\Skrivebord\ComboFix.exe;Sannsynlighvis BATCH.Virus;; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Lena\Skrivebord\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\Lena\Skrivebord;Arkiv inneholder infiserte objekter;Flyttet.; EscapeSetup-dm[1].exe.XXX;C:\Downloads;Adware.TryMedia;Slettet.; IngeniousSetup-dm[1].exe.XXX;C:\Downloads;Adware.TryMedia;Slettet.; RiseOfAtlantisSetup-dm[1].exe.XXX;C:\Downloads;Adware.TryMedia;Slettet.; RollerCoasterTycoon2Setup-dm[1].exe.XXX;C:\Downloads;Adware.TryMedia;Slettet.; braviax.exe.XXX;C:\WINDOWS;Trojan.Packed.596;Urensbar.Flyttet.; braviax.exe.XXX;C:\WINDOWS\system32;Trojan.Packed.596;Urensbar.Flyttet.; tdssadw.dll.XXX;C:\WINDOWS\system32;BackDoor.Tdss.7;Slettet.; tdssl.dll.XXX;C:\WINDOWS\system32;BackDoor.Tdss.7;Slettet.; tdsslog.dll.XXX;C:\WINDOWS\system32;Trojan.Sespy.13;Slettet.; tdssmain.dll.XXX;C:\WINDOWS\system32;BackDoor.Tdss.7;Slettet.; tdssserf.dll.XXX;C:\WINDOWS\system32;Trojan.Fakealert.1304;Slettet.; winivstr.exe.XXX;C:\WINDOWS\system32;Trojan.Fakealert.1208;Slettet.; _scui.cpl.XXX;C:\WINDOWS\system32;Trojan.Fakealert.1210;Slettet.; beep.sys.XXX;C:\WINDOWS\system32\dllcache;Trojan.Fakealert.458;Slettet.; beep.sys.XXX;C:\WINDOWS\system32\drivers;Trojan.Fakealert.458;Slettet.; combofix ComboFix 08-09-30.02 - Lena 2008-10-01 0:27:56.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.144 [GMT 2:00] Running from: C:\Documents and Settings\Lena\Lokale innstillinger\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 21:25 . 2008-09-30 22:52 <DIR> d-------- C:\Documents and Settings\Lena\DoctorWeb 2008-09-30 19:41 . 2008-09-30 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-09-30 19:40 . 2008-09-30 19:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-09-30 19:40 . 2008-09-30 19:40 <DIR> d-------- C:\Documents and Settings\Lena\Programdata\SUPERAntiSpyware.com 2008-09-17 03:46 . 2008-09-30 07:20 53,395 --a------ C:\WINDOWS\system32\tdssinit.dll 2008-09-17 03:45 . 2008-09-17 03:45 36,864 --a------ C:\WINDOWS\system32\drivers\tdssserv.sys.XXX 2008-09-17 03:45 . 2008-09-17 03:45 254 --a------ C:\WINDOWS\system32\tdssservers.dat 2008-08-19 23:35 . 2008-08-19 23:35 19,402 --a------ C:\Documents and Settings\All Users\Programdata\gusabo.pif 2008-08-19 23:35 . 2008-08-19 23:35 19,200 --a------ C:\WINDOWS\system32\itoci.scr 2008-08-19 23:35 . 2008-08-19 23:35 18,123 --a------ C:\Documents and Settings\Lena\Programdata\lipydodaby.bin 2008-08-19 23:35 . 2008-08-19 23:35 18,063 --a------ C:\WINDOWS\system32\xuxyriz.ban 2008-08-19 23:35 . 2008-08-19 23:35 17,801 --a------ C:\Documents and Settings\All Users\Programdata\avycel.com 2008-08-19 23:35 . 2008-08-19 23:35 17,663 --a------ C:\WINDOWS\ecowizem.scr 2008-08-19 23:35 . 2008-08-19 23:35 17,257 --a------ C:\WINDOWS\laquburof.sys 2008-08-19 23:35 . 2008-08-19 23:35 16,248 --a------ C:\WINDOWS\system32\izen.bat 2008-08-19 23:35 . 2008-08-19 23:35 14,646 --a------ C:\Documents and Settings\All Users\Programdata\uqotibiwy.dll 2008-08-19 23:35 . 2008-08-19 23:35 14,018 --a------ C:\Documents and Settings\All Users\Programdata\kipejakoqu.dll 2008-08-19 23:35 . 2008-08-19 23:35 12,313 --a------ C:\Documents and Settings\All Users\Programdata\eweqy.bin 2008-08-19 23:35 . 2008-08-19 23:35 10,919 --a------ C:\Documents and Settings\Lena\Programdata\ulycukaso.reg 2008-08-19 08:12 . 2008-09-30 20:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-17 20:50 . 2008-08-17 20:50 19,753 --a------ C:\WINDOWS\wehykapix.pif 2008-08-17 20:50 . 2008-08-17 20:50 19,542 --a------ C:\WINDOWS\ubexulaqar.dll 2008-08-17 20:50 . 2008-08-17 20:50 19,200 --a------ C:\WINDOWS\asij.db 2008-08-17 20:50 . 2008-08-17 20:50 18,658 --a------ C:\WINDOWS\system32\ysolu.reg 2008-08-17 20:50 . 2008-08-17 20:50 16,950 --a------ C:\WINDOWS\system32\zofig.lib 2008-08-17 20:50 . 2008-08-17 20:50 16,799 --a------ C:\Documents and Settings\All Users\Programdata\ocisisopy.exe 2008-08-17 20:50 . 2008-08-17 20:50 16,711 --a------ C:\WINDOWS\yduxos.vbs 2008-08-17 20:50 . 2008-08-17 20:50 16,619 --a------ C:\WINDOWS\system32\ejugegyruh._sy 2008-08-17 20:50 . 2008-08-17 20:50 16,085 --a------ C:\WINDOWS\ytatid.sys 2008-08-17 20:50 . 2008-08-17 20:50 15,960 --a------ C:\Documents and Settings\Lena\Programdata\panycyv.sys 2008-08-17 20:50 . 2008-08-17 20:50 14,192 --a------ C:\WINDOWS\goqeqyvat.db 2008-08-17 20:50 . 2008-08-17 20:50 12,946 --a------ C:\Documents and Settings\All Users\Programdata\avyba.bin 2008-08-17 20:50 . 2008-08-17 20:50 10,511 --a------ C:\Documents and Settings\All Users\Programdata\benu.dat 2008-08-12 21:15 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 22:25 --------- d-----w C:\Programfiler\Spyware Doctor 2008-09-30 19:41 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-09-30 17:40 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-09-17 08:37 94,208 ----a-w C:\WINDOWS\DUMP59a9.tmp 2008-09-17 07:38 94,208 ----a-w C:\WINDOWS\DUMP5c1a.tmp 2008-09-17 07:21 --------- d-----w C:\Documents and Settings\Lena\Programdata\Azureus 2008-09-17 07:10 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-09-17 07:09 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2008-09-17 07:08 --------- d-----w C:\Programfiler\Sonic 2008-09-17 07:06 --------- d-----w C:\Documents and Settings\Lena\Programdata\Teleca 2008-09-17 07:05 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-09-16 23:31 --------- d-----w C:\Programfiler\VideoLAN 2008-08-29 17:08 --------- d-----w C:\Programfiler\FinePixViewer 2008-08-19 21:35 10,289 ----a-w C:\Programfiler\Fellesfiler\xafam._sy 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-16 19:06 18,458 ----a-w C:\WINDOWS\system32\dawowo.exe 2008-07-16 19:06 18,196 ----a-w C:\WINDOWS\system32\riruken.pif 2008-07-16 19:06 18,012 ----a-w C:\WINDOWS\ifyqifu.com 2008-07-16 19:06 16,000 ----a-w C:\WINDOWS\system32\limy.com 2008-07-16 19:06 14,695 ----a-w C:\WINDOWS\ilysak.scr 2008-07-16 19:06 13,901 ----a-w C:\Programfiler\Fellesfiler\enyzucu.pif 2008-07-16 19:06 13,606 ----a-w C:\Programfiler\Fellesfiler\izipyqiwy.db 2008-07-16 19:06 13,333 ----a-w C:\Programfiler\Fellesfiler\etehipubu.bin 2008-07-16 19:06 11,432 ----a-w C:\Documents and Settings\All Users\Programdata\tufawap.reg 2008-07-16 19:06 10,633 ----a-w C:\Documents and Settings\Lena\Programdata\ygimuposen.bat 2008-07-16 19:06 10,235 ----a-w C:\Documents and Settings\Lena\Programdata\ziculonoxo.reg 2008-07-14 12:58 19,254 ----a-w C:\Documents and Settings\All Users\Programdata\ysypikubik.exe 2008-07-14 12:58 18,901 ----a-w C:\WINDOWS\system32\ohalikecib.pif 2008-07-14 12:58 18,779 ----a-w C:\Documents and Settings\Lena\Programdata\rejoby.bin 2008-07-14 12:58 16,805 ----a-w C:\WINDOWS\zaqifyqat.sys 2008-07-14 12:58 15,197 ----a-w C:\Programfiler\Fellesfiler\izyxucisa._sy 2008-07-14 12:58 14,680 ----a-w C:\Documents and Settings\Lena\Programdata\itemuxavyb.reg 2008-07-14 12:58 14,485 ----a-w C:\Documents and Settings\All Users\Programdata\izonehuquz.com 2008-07-14 12:58 12,595 ----a-w C:\Documents and Settings\All Users\Programdata\vujij.dll 2008-07-14 12:58 12,296 ----a-w C:\WINDOWS\hoty.dll 2008-07-14 12:58 11,997 ----a-w C:\WINDOWS\system32\ixuzofyqut.vbs 2008-07-14 12:58 11,063 ----a-w C:\Programfiler\Fellesfiler\ipefexi.reg 2008-07-14 02:33 18,829 ----a-w C:\WINDOWS\system32\xipogin.scr 2008-07-14 02:33 18,035 ----a-w C:\WINDOWS\oticysa.exe 2008-07-14 02:33 14,891 ----a-w C:\Programfiler\Fellesfiler\xevir.reg 2008-07-14 02:33 14,136 ----a-w C:\WINDOWS\uhetem.dll 2008-07-14 02:33 11,387 ----a-w C:\Programfiler\Fellesfiler\ukozakife.vbs 2008-07-14 02:33 10,618 ----a-w C:\WINDOWS\system32\guwomy.sys 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-29 08:39 19,537 ----a-w C:\Documents and Settings\All Users\Programdata\qegeke.dat 2008-06-29 08:39 18,052 ----a-w C:\WINDOWS\hosydom.com 2008-06-29 08:39 17,720 ----a-w C:\Programfiler\Fellesfiler\zypibe.exe 2008-06-29 08:39 16,993 ----a-w C:\Programfiler\Fellesfiler\dinozu.bat 2008-06-29 08:39 16,403 ----a-w C:\Programfiler\Fellesfiler\xuposasafo.lib 2008-06-29 08:39 11,392 ----a-w C:\Documents and Settings\Lena\Programdata\myka.bin 2008-06-29 08:31 374 ----a-w C:\Documents and Settings\Lena\Programdata\internaldb6334.dat 2008-06-29 08:15 18,432 ----a-w C:\Documents and Settings\Lena\Programdata\internaldb41.dat 2008-06-29 08:13 555 ----a-w C:\Documents and Settings\Lena\Programdata\internaldb8467.dat 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-25 171448] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "CTZDetec.exe"="C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "HP Software Update"="c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-28 282624] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-06-29 1107848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2006-09-17 184320] ExifLauncher2.lnk - C:\Programfiler\FinePixViewer\QuickDCF2.exe [2008-06-10 303104] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=cru629.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\WIDCOMM\\Bluetooth-programvare\\BTStackServer.exe"= "C:\\Programfiler\\WIDCOMM\\Bluetooth-programvare\\BTTray.exe"= "C:\\WINDOWS\\explorer.exe"= "C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352] S3 {EE37FD10-8FAE-4c12-AE2F-D47E54120E4D};{EE37FD10-8FAE-4c12-AE2F-D47E54120E4D};C:\WINDOWS\system32\{EE37FD10-8FAE-4c12-AE2F-D47E54120E4D} [ ] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-05-15 61600] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 61536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3916c2b1-7866-11dc-a962-001708398fbb}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3916c2b3-7866-11dc-a962-001708398fbb}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43992292-7ff7-11dc-a963-001708398fbb}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43992293-7ff7-11dc-a963-001708398fbb}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43992294-7ff7-11dc-a963-0014a5caa67b}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43992295-7ff7-11dc-a963-0014a5caa67b}] \Shell\AutoRun\command - F:\AutoRun.exe *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-DW4 - C:\Programfiler\The Weather Channel FW\Desktop Weather\DesktopWeather.exe HKCU-Run-WMPNSCFG - C:\Programfiler\Windows Media Player\WMPNSCFG.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com R0 -: HKLM-Main,Start Page = hxxp://www.google.com R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 -: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lena\Start-meny\Programmer\IMVU\Run IMVU.lnk O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lena\Start-meny\Programmer\IMVU\Run IMVU.lnk - O16 -: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 00:30:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????R??????R?@?????,?@ scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{EE37FD10-8FAE-4c12-AE2F-D47E54120E4D}] "ImagePath"="\??\C:\WINDOWS\system32\{EE37FD10-8FAE-4c12-AE2F-D47E54120E4D}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv] "imagepath"="\systemroot\system32\drivers\TDSSserv.sys" . Completion time: 2008-10-01 0:33:27 ComboFix-quarantined-files.txt 2008-09-30 22:33:25 Pre-Run: 1 823 440 896 byte ledig Post-Run: 7,185,686,528 byte ledig 251 HiJackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:35:25, on 01.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Spyware Doctor\pctsTray.exe C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\FinePixViewer\QuickDCF2.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Creative\Shared Files\CTDevSrv.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Opera\opera.exe C:\Documents and Settings\Lena\Skrivebord\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Programfiler\IMVU\IMVUClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: ExifLauncher2.lnk = C:\Programfiler\FinePixViewer\QuickDCF2.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lena\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O20 - AppInit_DLLs: cru629.dat O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programfiler\Creative\Shared Files\CTDevSrv.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe -- End of file - 8574 bytes Pc'en sluttet forøvrig å restarte av seg selv etter at jeg kjørte avira, og virker til å fungere helt normalt nå.. Endret 30. september 2008 av gravitation Lenke til kommentar
snippsat Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 (endret) Svenni212000 når du ber noen kjøre combofix,så må du gi riktig info. Den skal ligge på skrivebordet p.g.a manuel fjerning av maleware. Og man skal alltid be om at loggen postes. Resette systemgjennoppretting er noe combofix gjør så ingen grunn til og gi råd om dette. Skal se på loggen senere gravitation. Endret 1. oktober 2008 av SNIPPSAT Lenke til kommentar
norbat Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 gravitation: Last ned Malwarebytes Anti-Malware (MBAM) til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som ble funnet. MBAM vil i en del tilfeller be om en restart av pc'n. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Last deretter ned ny Combofix, legg det på skrivebordet. Kjør programmet og post loggen sammen med MBAM-loggen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå