Lami Skrevet 7. november 2008 Del Skrevet 7. november 2008 Jeg fant noe greier med SUPERAntiSpyware og når jeg skulle fjerne de så kom det opp at maskinen måtte restartes for å få fjernet softwaren som det sto. Etter jeg reinstallerte så forsvant mange programmer! Ikke bare installert, men det som fulgte med XP, som Paint, System Restore osv! Jeg tenkte å gjennopprette pcen før dette skjedde, men siste punktet er på den dagen det skjedde, men etter det skjedde så da får jeg ikke gjennopprettet pcen før dette skjedde. Her er loggen for SUPERAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/05/2008 at 06:25 PM Application Version : 4.21.1004 Core Rules Database Version : 3623 Trace Rules Database Version: 1607 Scan type : Quick Scan Total Scan Time : 00:08:37 Memory items scanned : 603 Memory threats detected : 0 Registry items scanned : 297 Registry threats detected : 2 File items scanned : 4070 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Simen\Cookies\simen@serving-sys[1].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt Adware.MyWebSearch/FunWebProducts HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs Hvis dere vil se utfyllende, se her Håper dere kan hjelpe! Lenke til kommentar
norbat Skrevet 7. november 2008 Del Skrevet 7. november 2008 Det SAS fant er kun smårusk og skulle ikke ha noe med de problemene du opplever. Kunne du ha kjørt en scan med Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
raWrz Skrevet 9. november 2008 Del Skrevet 9. november 2008 ta og kjør Mbam også: http://www.malwarebytes.org/mbam.php oppdater og velg rask scan :-) Lenke til kommentar
Lami Skrevet 9. november 2008 Forfatter Del Skrevet 9. november 2008 Her er Combofix loggen Enjoy :!: ComboFix 08-11-07.01 - Simen 2008-11-09 19:10:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1291 [GMT 1:00] Running from: c:\documents and settings\Simen\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_000003_.tmp.dll c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-06 15:56 . 2008-11-09 19:08 1,374 --a------ c:\windows\imsins.BAK 2008-11-06 15:55 . 2008-11-06 15:55 <DIR> d-------- c:\windows\Profiles 2008-11-06 15:54 . 2008-11-06 15:54 <DIR> d-------- c:\documents and settings\Default User 2008-11-06 15:53 . 2008-11-06 15:54 <DIR> d-------- c:\documents and settings\Administrator 2008-11-06 15:50 . 2008-11-06 15:50 <DIR> d-------- c:\program files\CCleaner 2008-11-06 15:36 . 2008-11-06 15:51 <DIR> d-------- c:\program files\SpeedFan 2008-11-06 15:36 . 2008-11-06 15:36 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-06 12:15 . 2008-11-06 12:15 <DIR> d-------- c:\documents and settings\All Users\Documents 2008-11-06 12:14 . 2008-11-06 12:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-05 19:41 . 2008-11-05 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-05 19:08 . 2008-11-05 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-05 19:08 . 2008-11-05 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-11-05 19:08 . 2008-11-05 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2008-11-05 18:51 . 2008-11-05 18:51 <DIR> d-------- c:\program files\Alwil Software 2008-11-05 18:51 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2008-11-05 18:51 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2008-11-05 18:33 . 2008-11-05 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-05 18:33 . 2008-11-06 12:15 <DIR> d-------- c:\documents and settings\All Users 2008-11-05 18:31 . 2008-11-05 18:52 <DIR> d-------- c:\documents and settings\Simen\Application Data\Spybot - Search & Destroy 2008-11-05 16:18 . 2008-11-05 16:18 <DIR> d-------- C:\Downloads 2008-11-05 14:44 . 2008-11-05 14:44 <DIR> d-------- c:\program files\AskBarDis 2008-11-05 14:44 . 2008-11-05 14:48 <DIR> d-------- c:\documents and settings\Simen\Application Data\Azureus 2008-11-05 14:14 . 2008-11-07 15:52 <DIR> d-------- c:\program files\DNA 2008-11-05 14:14 . 2008-11-05 14:14 <DIR> d-------- c:\program files\BitTorrent 2008-11-05 14:14 . 2008-11-07 18:23 <DIR> d-------- c:\documents and settings\Simen\Application Data\DNA 2008-11-05 14:14 . 2008-11-05 19:45 <DIR> d-------- c:\documents and settings\Simen\Application Data\BitTorrent 2008-11-04 18:53 . 2008-11-04 18:54 <DIR> d-------- C:\Far Cry 2 Baner 2008-11-02 19:48 . 2008-11-02 19:48 <DIR> d-------- c:\documents and settings\Simen\Application Data\AdobeUM 2008-11-02 19:41 . 2008-11-02 19:41 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-02 10:47 . 2008-11-02 17:27 <DIR> d-------- c:\program files\RivaTuner v2.11 2008-11-01 19:01 . 2008-11-01 19:02 <DIR> d-------- C:\POP3.CD 2008-11-01 18:59 . 2008-11-01 18:59 <DIR> d-------- c:\program files\bullfrog 2008-11-01 13:13 . 2008-11-01 13:13 <DIR> d-------- c:\documents and settings\Simen\Application Data\InfraRecorder 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\documents and settings\Simen\Application Data\SUPERAntiSpyware.com 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\documents and settings\Simen\Application Data\Malwarebytes 2008-11-01 11:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-01 11:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 11:03 . 2008-11-01 11:03 <DIR> d-------- c:\program files\Trend Micro 2008-10-30 20:00 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp 2008-10-30 16:11 . 2008-10-30 16:11 3,932,214 --a------ c:\windows\InvaderDark1280.bmp 2008-10-30 16:11 . 2008-10-30 20:01 3,932,214 --a------ c:\windows\AW_XenoMorph1280.bmp 2008-10-30 16:10 . 2008-10-30 16:10 <DIR> d-------- c:\program files\Common Files\Stardock 2008-10-30 16:10 . 2008-10-30 20:00 <DIR> d-------- c:\program files\AlienGUIse 2008-10-30 16:10 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll 2008-10-30 16:10 . 2008-10-30 16:10 56 --a------ c:\windows\wb.ini 2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\documents and settings\Simen\Application Data\Lavasoft 2008-10-29 19:01 . 2008-10-29 19:01 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-29 19:01 . 2008-10-29 19:01 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-29 19:01 . 2008-10-29 19:01 164 --a------ C:\install.dat 2008-10-29 19:00 . 2008-10-29 19:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-10-29 19:00 . 2008-10-29 19:00 <DIR> d-------- c:\program files\Lavasoft 2008-10-29 18:59 . 2008-10-29 19:00 <DIR> d-------- C:\Temp 2008-10-29 18:56 . 2008-10-29 18:56 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-29 18:56 . 2008-11-01 10:20 <DIR> d-------- c:\program files\Hitman Pro 2008-10-29 18:56 . 2006-02-28 13:43 1,077,344 --a------ c:\windows\system32\mscomctl.ocx 2008-10-25 12:13 . 2008-10-25 12:13 <DIR> d-------- c:\documents and settings\Simen\Application Data\Apple Computer 2008-10-25 12:13 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-25 12:13 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\QuickTime 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\iTunes 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\iPod 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Bonjour 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Apple Software Update 2008-10-25 12:12 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-25 12:11 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-24 21:08 . 2008-10-24 21:08 <DIR> dr-h----- c:\documents and settings\Simen\Application Data\SecuROM 2008-10-24 21:01 . 2008-10-24 21:08 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-10-24 20:59 . 2008-10-24 20:59 <DIR> d-------- c:\windows\Logs 2008-10-24 20:59 . 2008-10-24 20:59 22,328 --a------ c:\documents and settings\Simen\Application Data\PnkBstrK.sys 2008-10-24 20:58 . 2008-10-24 20:58 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2008-10-24 14:41 . 2008-10-24 14:41 <DIR> d-------- c:\documents and settings\Simen\Application Data\Ubisoft 2008-10-24 14:18 . 2008-10-24 20:55 <DIR> d-------- c:\program files\Ubisoft 2008-10-23 15:02 . 2008-10-23 15:02 4,096 --a------ c:\windows\d3dx.dat 2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\Simen\Application Data\SystemRequirementsLab 2008-10-22 15:36 . 2008-10-22 15:36 <DIR> d-------- C:\YouTubeVideos 2008-10-22 15:30 . 2008-11-07 14:04 <DIR> d-------- c:\program files\eMule 2008-10-20 17:53 . 2008-10-20 17:53 <DIR> d-------- c:\documents and settings\Simen\Application Data\KeePass 2008-10-20 16:25 . 2008-11-06 22:17 <DIR> d-------- c:\program files\LastPass 2008-10-15 16:46 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 16:46 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 16:46 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 16:46 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 16:34 . 2008-10-15 16:34 151,845 --a------ C:\SL370585(000).JPG 2008-10-15 16:33 . 2008-07-10 09:22 3,532,579 --a------ C:\SL370585.JPG 2008-10-15 16:33 . 2008-07-10 09:22 3,493,575 --a------ C:\SL370586.JPG 2008-10-13 19:54 . 2008-10-13 19:54 232,228 --a------ C:\inni.JPG 2008-10-13 19:53 . 2008-10-13 19:53 321,552 --a------ C:\utenpå.JPG 2008-10-13 19:53 . 2008-10-13 19:53 210,773 --a------ C:\skrivebord.JPG 2008-10-13 18:28 . 2008-10-13 18:28 <DIR> d-------- c:\windows\Cache 2008-10-13 18:28 . 2004-03-09 10:39 8,704 --a------ c:\windows\system32\vidccleaner.exe 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\program files\Xvid 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\program files\Samsung 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\documents and settings\Simen\Application Data\InstallShield 2008-10-13 18:27 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll 2008-10-13 18:27 . 2003-02-21 14:42 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-10-13 18:27 . 1998-07-09 19:41 217,088 --a------ c:\windows\system32\skjpeg40.dll 2008-10-13 18:27 . 2006-11-01 14:54 180,224 --a------ c:\windows\system32\xvidvfw.dll 2008-10-13 18:27 . 1998-03-04 10:40 83,968 --a------ c:\windows\system32\Skbase40.dll 2008-10-13 18:27 . 2006-11-01 15:26 77,824 --a------ c:\windows\system32\xvid.ax 2008-10-13 17:10 . 2008-11-07 15:13 <DIR> d-------- C:\Musikk 2008-10-12 18:04 . 2008-10-12 18:04 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-12 18:04 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2008-10-12 18:03 . 2008-10-12 18:03 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-10 15:09 . 2008-11-07 16:52 139,664 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-10-10 15:09 . 2008-11-07 16:51 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-10-10 15:08 . 2008-10-12 18:03 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-10 15:08 . 2008-10-10 15:08 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-10-09 16:53 . 2008-10-09 16:53 262,144 --a------ c:\windows\system32\wrap_oal.dll 2008-10-09 16:53 . 2008-10-09 16:53 86,016 --a------ c:\windows\system32\OpenAL32.dll 2008-10-09 16:52 . 2007-09-07 13:55 12,744 --a------ c:\windows\system32\drivers\Entech64.sys 2008-10-09 16:52 . 2007-09-07 13:55 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2008-10-09 16:52 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2008-10-09 16:48 . 2008-10-09 16:48 <DIR> d-------- c:\program files\Futuremark 2008-10-09 16:06 . 2008-10-09 16:06 <DIR> d--h----- c:\windows\PIF 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\windows\system32\Futuremark 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\windows\Sun 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\program files\Common Files\Futuremark Shared 2008-10-09 15:10 . 2008-05-29 11:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\program files\Java 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\program files\Common Files\Java 2008-10-09 15:09 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 15:01 --------- d-----w c:\program files\Steam 2008-10-24 19:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-08 19:16 --------- d-----w c:\program files\Windows Live 2008-10-08 19:15 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-08 15:39 --------- d-----w c:\program files\Electronic Arts 2008-10-08 15:25 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-10-07 19:42 --------- d-----w c:\program files\PC Wizard 2008 2008-10-07 19:33 --------- d-----w c:\program files\Logitech 2008-10-07 16:48 315,392 ----a-w c:\windows\HideWin.exe 2008-10-07 16:48 --------- d-----w c:\program files\Realtek 2008-10-07 16:45 --------- d-----w c:\program files\Intel 2008-10-07 16:41 --------- d-----w c:\program files\ATI 2008-10-07 16:39 --------- d-----w c:\program files\ATI Technologies 2008-10-07 15:30 --------- d-----w c:\documents and settings\Simen\Application Data\U3 2008-10-07 15:25 --------- d-----w c:\documents and settings\Simen\Application Data\ATI 2008-10-07 15:22 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-10-07 15:20 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-07 15:15 --------- d-----w c:\program files\microsoft frontpage 2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-02 16:44 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "RTHDCPL"="RTHDCPL.EXE" [2008-03-31 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\Simen\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-10-30 2074360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-11-05 14:14 342336 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 16:21 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\saimens95\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-02 460168] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] S3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-01 32000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff7ccc2-9484-11dd-a5d7-9f5ad9a3dedb}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab1ae9-954d-11dd-a5dd-00195b43d601}] \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe . Contents of the 'Scheduled Tasks' folder 2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Simen\Application Data\Mozilla\Firefox\Profiles\o3la047h.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 19:13:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2008-11-09 19:16:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-09 18:15:45 Pre-Run: 282 137 079 808 bytes free Post-Run: 282,135,879,680 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /fastdetect 300 --- E O F --- 2008-11-09 18:08:54 Lenke til kommentar
r2d290 Skrevet 9. november 2008 Del Skrevet 9. november 2008 Du kan avinstallere AskToolbar fra legg til/fjern programmer hvis du ikke bruker den. Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: DirLook:: C:\POP3.CD C:\YouTubeVideos Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
Lami Skrevet 9. november 2008 Forfatter Del Skrevet 9. november 2008 Jeg la den txt over ComboFix, ingenting skjedde men når jeg kjørte ComboFix så forsvant den. Men ComboFix sier; SED: can't read temp0D: No such file or directory. Når ComboFix er ferdig restarter ikke maskinen seg! Her er loggen isåfall: ComboFix 08-11-09.01 - Simen 2008-11-09 22:46:44.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1547 [GMT 1:00] Running from: c:\documents and settings\Simen\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Simen\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-06 15:56 . 2008-11-09 19:08 1,374 --a------ c:\windows\imsins.BAK 2008-11-06 15:55 . 2008-11-06 15:55 <DIR> d-------- c:\windows\Profiles 2008-11-06 15:54 . 2008-11-09 19:16 <DIR> d-------- c:\documents and settings\Default User 2008-11-06 15:53 . 2008-11-06 15:54 <DIR> d-------- c:\documents and settings\Administrator 2008-11-06 15:50 . 2008-11-06 15:50 <DIR> d-------- c:\program files\CCleaner 2008-11-06 15:36 . 2008-11-06 15:51 <DIR> d-------- c:\program files\SpeedFan 2008-11-06 15:36 . 2008-11-06 15:36 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-06 12:15 . 2008-11-06 12:15 <DIR> d-------- c:\documents and settings\All Users\Documents 2008-11-06 12:14 . 2008-11-06 12:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-05 19:41 . 2008-11-05 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-05 19:08 . 2008-11-05 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-05 19:08 . 2008-11-05 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-11-05 19:08 . 2008-11-05 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2008-11-05 18:51 . 2008-11-05 18:51 <DIR> d-------- c:\program files\Alwil Software 2008-11-05 18:51 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2008-11-05 18:51 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2008-11-05 18:33 . 2008-11-05 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-05 18:33 . 2008-11-06 12:15 <DIR> d-------- c:\documents and settings\All Users 2008-11-05 18:31 . 2008-11-05 18:52 <DIR> d-------- c:\documents and settings\Simen\Application Data\Spybot - Search & Destroy 2008-11-05 16:18 . 2008-11-05 16:18 <DIR> d-------- C:\Downloads 2008-11-05 14:44 . 2008-11-05 14:44 <DIR> d-------- c:\program files\AskBarDis 2008-11-05 14:44 . 2008-11-05 14:48 <DIR> d-------- c:\documents and settings\Simen\Application Data\Azureus 2008-11-05 14:14 . 2008-11-07 15:52 <DIR> d-------- c:\program files\DNA 2008-11-05 14:14 . 2008-11-05 14:14 <DIR> d-------- c:\program files\BitTorrent 2008-11-05 14:14 . 2008-11-07 18:23 <DIR> d-------- c:\documents and settings\Simen\Application Data\DNA 2008-11-05 14:14 . 2008-11-05 19:45 <DIR> d-------- c:\documents and settings\Simen\Application Data\BitTorrent 2008-11-04 18:53 . 2008-11-09 22:33 <DIR> d-------- C:\Far Cry 2 Baner 2008-11-02 19:48 . 2008-11-02 19:48 <DIR> d-------- c:\documents and settings\Simen\Application Data\AdobeUM 2008-11-02 19:41 . 2008-11-02 19:41 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-02 10:47 . 2008-11-02 17:27 <DIR> d-------- c:\program files\RivaTuner v2.11 2008-11-01 19:01 . 2008-11-01 19:02 <DIR> d-------- C:\POP3.CD 2008-11-01 18:59 . 2008-11-01 18:59 <DIR> d-------- c:\program files\bullfrog 2008-11-01 13:13 . 2008-11-01 13:13 <DIR> d-------- c:\documents and settings\Simen\Application Data\InfraRecorder 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\documents and settings\Simen\Application Data\SUPERAntiSpyware.com 2008-11-01 11:05 . 2008-11-01 11:05 <DIR> d-------- c:\documents and settings\Simen\Application Data\Malwarebytes 2008-11-01 11:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-01 11:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-01 11:03 . 2008-11-01 11:03 <DIR> d-------- c:\program files\Trend Micro 2008-10-30 20:00 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp 2008-10-30 16:11 . 2008-10-30 16:11 3,932,214 --a------ c:\windows\InvaderDark1280.bmp 2008-10-30 16:11 . 2008-10-30 20:01 3,932,214 --a------ c:\windows\AW_XenoMorph1280.bmp 2008-10-30 16:10 . 2008-10-30 16:10 <DIR> d-------- c:\program files\Common Files\Stardock 2008-10-30 16:10 . 2008-10-30 20:00 <DIR> d-------- c:\program files\AlienGUIse 2008-10-30 16:10 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll 2008-10-30 16:10 . 2008-10-30 16:10 56 --a------ c:\windows\wb.ini 2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\documents and settings\Simen\Application Data\Lavasoft 2008-10-29 19:01 . 2008-10-29 19:01 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-29 19:01 . 2008-10-29 19:01 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-29 19:01 . 2008-10-29 19:01 164 --a------ C:\install.dat 2008-10-29 19:00 . 2008-10-29 19:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-10-29 19:00 . 2008-10-29 19:00 <DIR> d-------- c:\program files\Lavasoft 2008-10-29 18:59 . 2008-10-29 19:00 <DIR> d-------- C:\Temp 2008-10-29 18:56 . 2008-10-29 18:56 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-29 18:56 . 2008-11-01 10:20 <DIR> d-------- c:\program files\Hitman Pro 2008-10-29 18:56 . 2006-02-28 13:43 1,077,344 --a------ c:\windows\system32\mscomctl.ocx 2008-10-25 12:13 . 2008-10-25 12:13 <DIR> d-------- c:\documents and settings\Simen\Application Data\Apple Computer 2008-10-25 12:13 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-10-25 12:13 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\QuickTime 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\iTunes 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\iPod 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Bonjour 2008-10-25 12:12 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Apple Software Update 2008-10-25 12:12 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-10-25 12:11 . 2008-10-25 12:12 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-24 21:08 . 2008-10-24 21:08 <DIR> dr-h----- c:\documents and settings\Simen\Application Data\SecuROM 2008-10-24 21:01 . 2008-10-24 21:08 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-10-24 20:59 . 2008-10-24 20:59 <DIR> d-------- c:\windows\Logs 2008-10-24 20:59 . 2008-10-24 20:59 22,328 --a------ c:\documents and settings\Simen\Application Data\PnkBstrK.sys 2008-10-24 20:58 . 2008-10-24 20:58 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2008-10-24 14:41 . 2008-10-24 14:41 <DIR> d-------- c:\documents and settings\Simen\Application Data\Ubisoft 2008-10-24 14:18 . 2008-10-24 20:55 <DIR> d-------- c:\program files\Ubisoft 2008-10-23 15:02 . 2008-10-23 15:02 4,096 --a------ c:\windows\d3dx.dat 2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:\documents and settings\Simen\Application Data\SystemRequirementsLab 2008-10-22 15:36 . 2008-10-22 15:36 <DIR> d-------- C:\YouTubeVideos 2008-10-22 15:30 . 2008-11-07 14:04 <DIR> d-------- c:\program files\eMule 2008-10-20 17:53 . 2008-10-20 17:53 <DIR> d-------- c:\documents and settings\Simen\Application Data\KeePass 2008-10-20 16:25 . 2008-11-06 22:17 <DIR> d-------- c:\program files\LastPass 2008-10-15 16:46 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 16:46 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 16:46 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 16:46 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 16:34 . 2008-10-15 16:34 151,845 --a------ C:\SL370585(000).JPG 2008-10-15 16:33 . 2008-07-10 09:22 3,532,579 --a------ C:\SL370585.JPG 2008-10-15 16:33 . 2008-07-10 09:22 3,493,575 --a------ C:\SL370586.JPG 2008-10-13 19:54 . 2008-10-13 19:54 232,228 --a------ C:\inni.JPG 2008-10-13 19:53 . 2008-10-13 19:53 321,552 --a------ C:\utenpå.JPG 2008-10-13 19:53 . 2008-10-13 19:53 210,773 --a------ C:\skrivebord.JPG 2008-10-13 18:28 . 2008-10-13 18:28 <DIR> d-------- c:\windows\Cache 2008-10-13 18:28 . 2004-03-09 10:39 8,704 --a------ c:\windows\system32\vidccleaner.exe 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\program files\Xvid 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\program files\Samsung 2008-10-13 18:27 . 2008-10-13 18:27 <DIR> d-------- c:\documents and settings\Simen\Application Data\InstallShield 2008-10-13 18:27 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll 2008-10-13 18:27 . 2003-02-21 14:42 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-10-13 18:27 . 1998-07-09 19:41 217,088 --a------ c:\windows\system32\skjpeg40.dll 2008-10-13 18:27 . 2006-11-01 14:54 180,224 --a------ c:\windows\system32\xvidvfw.dll 2008-10-13 18:27 . 1998-03-04 10:40 83,968 --a------ c:\windows\system32\Skbase40.dll 2008-10-13 18:27 . 2006-11-01 15:26 77,824 --a------ c:\windows\system32\xvid.ax 2008-10-13 17:10 . 2008-11-07 15:13 <DIR> d-------- C:\Musikk 2008-10-12 18:04 . 2008-10-12 18:04 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-10-12 18:04 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2008-10-12 18:03 . 2008-10-12 18:03 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-10-10 15:09 . 2008-11-07 16:52 139,664 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-10-10 15:09 . 2008-11-07 16:51 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-10-10 15:08 . 2008-10-12 18:03 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-10 15:08 . 2008-10-10 15:08 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-10-09 16:53 . 2008-10-09 16:53 262,144 --a------ c:\windows\system32\wrap_oal.dll 2008-10-09 16:53 . 2008-10-09 16:53 86,016 --a------ c:\windows\system32\OpenAL32.dll 2008-10-09 16:52 . 2007-09-07 13:55 12,744 --a------ c:\windows\system32\drivers\Entech64.sys 2008-10-09 16:52 . 2007-09-07 13:55 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2008-10-09 16:52 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2008-10-09 16:48 . 2008-10-09 16:48 <DIR> d-------- c:\program files\Futuremark 2008-10-09 16:06 . 2008-10-09 16:06 <DIR> d--h----- c:\windows\PIF 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\windows\system32\Futuremark 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\windows\Sun 2008-10-09 15:10 . 2008-10-09 15:10 <DIR> d-------- c:\program files\Common Files\Futuremark Shared 2008-10-09 15:10 . 2008-05-29 11:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\program files\Java 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\program files\Common Files\Java 2008-10-09 15:09 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 15:01 --------- d-----w c:\program files\Steam 2008-10-24 19:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-08 19:16 --------- d-----w c:\program files\Windows Live 2008-10-08 19:15 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-08 15:39 --------- d-----w c:\program files\Electronic Arts 2008-10-08 15:25 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-10-07 19:42 --------- d-----w c:\program files\PC Wizard 2008 2008-10-07 19:33 --------- d-----w c:\program files\Logitech 2008-10-07 16:48 315,392 ----a-w c:\windows\HideWin.exe 2008-10-07 16:48 --------- d-----w c:\program files\Realtek 2008-10-07 16:45 --------- d-----w c:\program files\Intel 2008-10-07 16:41 --------- d-----w c:\program files\ATI 2008-10-07 16:39 --------- d-----w c:\program files\ATI Technologies 2008-10-07 15:30 --------- d-----w c:\documents and settings\Simen\Application Data\U3 2008-10-07 15:25 --------- d-----w c:\documents and settings\Simen\Application Data\ATI 2008-10-07 15:22 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-10-07 15:20 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-07 15:15 --------- d-----w c:\program files\microsoft frontpage 2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll 2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll 2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe 2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll 2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll 2008-08-21 01:50 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-08-21 01:38 2,377,856 ----a-w c:\windows\system32\ativvaxx.dll 2008-08-21 01:23 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-08-21 01:19 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-08-21 01:18 37,376 ----a-w c:\windows\system32\atiadlxx.dll 2008-08-21 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-08-21 01:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-08-21 01:11 561,152 ----a-w c:\windows\system32\ati2cqag.dll 2008-08-20 19:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\POP3.CD ---- 2008-11-01 19:04 5016 --a------ c:\pop3.cd\SAVE\SAVGAM00.HDR 2008-11-01 19:04 1706 --a------ c:\pop3.cd\net.cfg 2008-11-01 19:01 0 --a------ c:\pop3.cd\set.qd ---- Directory of C:\YouTubeVideos ---- ((((((((((((((((((((((((((((( snapshot@2008-11-09_19.15.34.51 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-09 18:08:51 58,800 ----a-w c:\windows\system32\perfc009.dat + 2008-11-09 18:14:54 58,800 ----a-w c:\windows\system32\perfc009.dat - 2008-11-09 18:08:51 392,626 ----a-w c:\windows\system32\perfh009.dat + 2008-11-09 18:14:54 392,626 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-02 16:44 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "RTHDCPL"="RTHDCPL.EXE" [2008-03-31 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\Simen\Start Menu\Programs\Startup\ Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-10-30 2074360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-11-05 14:14 342336 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 16:21 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\saimens95\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-02 460168] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] R3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-01 32000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff7ccc2-9484-11dd-a5d7-9f5ad9a3dedb}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dab1ae9-954d-11dd-a5dd-00195b43d601}] \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 22:47:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-09 22:47:59 ComboFix-quarantined-files.txt 2008-11-09 21:47:57 ComboFix2.txt 2008-11-09 21:43:59 ComboFix3.txt 2008-11-09 21:39:51 ComboFix4.txt 2008-11-09 18:16:25 Pre-Run: 282 158 235 648 bytes free Post-Run: 282,145,460,224 bytes free 292 --- E O F --- 2008-11-09 18:08:54 Lenke til kommentar
r2d290 Skrevet 10. november 2008 Del Skrevet 10. november 2008 kjenner du til pop3? f.eks: c:\pop3.cd\SAVE\SAVGAM00.HDR hvis ikke, kan du gjøre følgende: Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\pop3.cd\SAVE\SAVGAM00.HDR Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
Lami Skrevet 10. november 2008 Forfatter Del Skrevet 10. november 2008 (endret) File: SAVGAM00.HDR Status: OK MD5: d83833acfb8e30ed857e3375b98d1c6b Packers detected: - Scanner results Scan taken on 10 Nov 2008 15:01:07 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Here you go Men fant dere noe på ComboFix loggen? Btw, får ikke fjernet AskBarDis fordi: Cannot delete AskService.exe: Access is denied osv... Endret 10. november 2008 av Lami Lenke til kommentar
norbat Skrevet 10. november 2008 Del Skrevet 10. november 2008 Loggen ser grei ut. Kan du gi en beskrivelse av problemet du har nå? Lenke til kommentar
Lami Skrevet 10. november 2008 Forfatter Del Skrevet 10. november 2008 Problemet er forsatt at masse av programmer er borte. Feks i Start - All Programs er masse av Applications og Windows programmer borte. Sånne ting jeg virkelig trenger. Men de andre programmene, lurer på om det er bare snarveien der som er borte. Feks PC Wizard 2008 ligger i Program Files i C: men ikke i Start - All Programs. Lenke til kommentar
PHP_Yoghurt Skrevet 10. november 2008 Del Skrevet 10. november 2008 Problemet er forsatt at masse av programmer er borte. Feks i Start - All Programs er masse av Applications og Windows programmer borte. Sånne ting jeg virkelig trenger. Men de andre programmene, lurer på om det er bare snarveien der som er borte. Feks PC Wizard 2008 ligger i Program Files i C: men ikke i Start - All Programs. Så kun snarveiene fra startmenyen er slettet? Prøv å starte paint slik: Kjør -> mspaint Lenke til kommentar
Lami Skrevet 11. november 2008 Forfatter Del Skrevet 11. november 2008 Ja, kun snarveiene ser det ut som. Men det er slitsomt og bruke kjør til å hente Windows programmer opp! Også er det mange jeg ikke vet hva heter osv! Jeg vil helst ha snarveiene og Windows programmene tilbake. Lenke til kommentar
norbat Skrevet 11. november 2008 Del Skrevet 11. november 2008 Hvis jeg har forstått deg rett, så har du kjørt en repair (en form for reinstallering) av windows og mangler derfor snarveiene i startmenyen? Lenke til kommentar
Lami Skrevet 11. november 2008 Forfatter Del Skrevet 11. november 2008 Jeg aner ikke. Jeg fant noe greier i SAS og skulle ta reboot så forsvant nesten alt etter oppstart. Men det kan hende det har med SpyBot S&D at ting blir lagt i registeret? Lenke til kommentar
norbat Skrevet 11. november 2008 Del Skrevet 11. november 2008 Hvis du går inn i mappe Program files / Programfiler og finner de programmene som du mangler snarvei til, så kan du høyreklikk på programfila og legge en snarvei ut på skrivebordet. Lenke til kommentar
Lami Skrevet 12. november 2008 Forfatter Del Skrevet 12. november 2008 Takk:) Men hva med Windows programmene? Lenke til kommentar
Pizzaen Skrevet 12. november 2008 Del Skrevet 12. november 2008 Takk:) Men hva med Windows programmene? Du finner de fleste windows programene i C:\WINDOWS eller C:\WINDOWS\system32 også lager du bare en snarvei sånn som du har gjort før, men de har et annet navn der en det du er vant til så se på ikonene. Du kan først prøve og reparere xp ved og bruke installasjons cd'n. Lenke til kommentar
Lami Skrevet 12. november 2008 Forfatter Del Skrevet 12. november 2008 Jeg tok nettopp sånn Sikkerhetsbeskyttelse for Windows eller noe sånt. Brukte isåfall kommandoen: sfc.exe /scannow Hvordan reparer jeg da? Lenke til kommentar
Pizzaen Skrevet 12. november 2008 Del Skrevet 12. november 2008 Jeg tok nettopp sånn Sikkerhetsbeskyttelse for Windows eller noe sånt. Brukte isåfall kommandoen: sfc.exe /scannow Hvordan reparer jeg da? Du putter inn Xp cd'n også trykker du "reparer xp" eller noe sånt, tror nåkk du finner ut av det. Lenke til kommentar
Lami Skrevet 14. november 2008 Forfatter Del Skrevet 14. november 2008 Har ingenting som heter noe som repair els. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå