rstrr Skrevet 10. november 2008 Rapporter Del Skrevet 10. november 2008 (endret) Kunde ikke scanne ferdig med Ad-Aware så ville finne ut hva det er: https://www.diskusjon.no/index.php?showtopic=1032930&hl= -------------------------------------------------------------------------------- Ingenting funnet ved malwarescanning -------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:46:57, on 10.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slimstart.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A36F472C-F116-4337-B83D-03538149C5A4}: NameServer = 212.169.123.67 212.45.188.254 O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 6891 bytes ------------------------------------------------------------------------------------------------------------------------------------ ComboFix 08-11-09.01 - R 2008-11-10 1:15:14.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1044.18.201 [GMT 1:00] Running from: c:\users\R\Downloads\ComboFix1.exe . /wow section - STAGE 32 Kan ikke utføre den forespurte operasjonen på en fil med en brukertilordnet del åpen. ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-10 00:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-10 00:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-10 00:53 . 2008-11-10 00:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-09 21:21 . 2008-11-09 21:21 <DIR> d-------- c:\users\R\AppData\Roaming\Malwarebytes 2008-11-09 21:20 . 2008-11-09 21:20 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-09 21:20 . 2008-11-09 21:20 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\program files\Lavasoft 2008-11-09 18:12 . 2008-11-09 22:03 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-11-06 23:57 . 2008-11-06 23:57 <DIR> d-------- c:\users\R\AppData\Roaming\Comodo 2008-11-06 21:31 . 2008-11-06 21:31 249,592 --a------ c:\windows\System32\cssdll32.dll 2008-11-06 21:27 . 2008-11-06 23:49 <DIR> d-------- c:\users\All Users\comodo 2008-11-06 21:27 . 2008-11-06 23:49 <DIR> d-------- c:\programdata\comodo 2008-11-06 21:27 . 2008-11-06 21:31 <DIR> d-------- c:\program files\COMODO 2008-11-06 21:27 . 2008-11-06 21:27 143,096 --a------ c:\windows\System32\guard32.dll 2008-11-06 21:27 . 2008-11-06 21:27 98,320 --a------ c:\windows\System32\drivers\cmdguard.sys 2008-11-06 21:27 . 2008-11-06 21:27 25,104 --a------ c:\windows\System32\drivers\cmdhlp.sys 2008-11-02 04:15 . 2008-11-02 04:15 <DIR> d-------- c:\users\R\AppData\Roaming\OpenOffice.org 2008-11-02 04:10 . 2008-11-02 04:10 <DIR> d-------- c:\program files\OpenOffice.org 3 2008-11-02 01:17 . 2008-11-02 01:16 410,976 --a------ c:\windows\System32\deploytk.dll 2008-10-28 20:33 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-28 20:33 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-28 20:32 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-19 18:04 . 2008-10-19 18:04 23,600 --a------ c:\windows\System32\drivers\TVICHW32.SYS 2008-10-19 16:32 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-19 16:32 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys 2008-10-19 16:31 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-19 16:31 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-19 16:31 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-19 16:31 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-12 18:53 . 2008-11-06 17:10 <DIR> d-------- c:\users\R\AppData\Roaming\foobar2000 2008-10-12 18:53 . 2008-10-12 18:53 <DIR> d-------- c:\program files\foobar2000 2008-10-12 18:09 . 2008-11-08 21:29 <DIR> d-------- C:\My Downloads 2008-10-12 18:09 . 2006-11-12 11:39 483,328 --a------ c:\windows\System32\actskn45.ocx 2008-10-12 14:31 . 2008-11-10 00:40 <DIR> d-------- c:\users\R\Tracing 2008-10-10 16:16 . 2008-11-02 21:33 <DIR> d-------- c:\users\All Users\Google 2008-10-10 16:16 . 2008-11-02 21:38 <DIR> d-------- c:\program files\Google 2008-10-10 16:14 . 2008-11-02 01:16 <DIR> d-------- c:\program files\Java 2008-10-10 16:12 . 2008-10-10 16:12 <DIR> d-------- c:\program files\Common Files\Java 2008-10-10 06:58 . 2008-06-26 04:21 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-10-10 06:58 . 2008-06-26 04:21 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-10-10 06:56 . 2008-10-10 06:56 <DIR> d-------- c:\program files\Microsoft 2008-10-10 06:49 . 2008-10-10 06:49 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-10-10 00:01 . 2008-10-10 00:01 <DIR> d-------- c:\program files\filehippo.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 17:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-21 07:32 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 01:08 --------- d-----w c:\program files\Windows Mail 2008-10-10 06:01 --------- d-----w c:\program files\Windows Live 2008-10-08 06:59 174 --sha-w c:\program files\desktop.ini 2008-10-08 06:46 --------- d-----w c:\program files\Windows Sidebar 2008-10-08 06:46 --------- d-----w c:\program files\Windows Photo Gallery 2008-10-08 06:46 --------- d-----w c:\program files\Windows Defender 2008-10-08 06:46 --------- d-----w c:\program files\Windows Collaboration 2008-10-08 06:46 --------- d-----w c:\program files\Windows Calendar 2008-10-07 22:40 --------- d-----w c:\programdata\NOS 2008-10-07 22:40 --------- d-----w c:\program files\NOS 2008-10-07 21:17 --------- d-----w c:\program files\Common Files\Adobe 2008-10-07 20:08 --------- d-----w c:\program files\SigmaTel 2008-10-07 20:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-07 19:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2008-10-07 19:49 --------- d-----w c:\program files\DellTPad 2008-10-07 19:44 --------- d-----w c:\program files\Cisco 2008-10-07 19:41 --------- d-----w c:\users\R\AppData\Roaming\InstallShield 2008-10-07 19:41 --------- d-----w c:\program files\Dell 2008-10-07 19:16 --------- d-----w c:\program files\Broadcom 2008-10-07 17:03 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2008-10-07 17:01 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-07 16:56 --------- d-----w c:\programdata\WLInstaller 2008-10-07 16:41 --------- d-----w c:\program files\ATI 2008-10-07 16:18 --------- d-----w c:\programdata\Dell 2008-10-07 16:17 --------- d-----w c:\programdata\SupportSoft 2008-10-07 16:17 --------- d-----w c:\programdata\PCDr 2008-10-07 16:17 --------- d-----w c:\programdata\PC-Doctor 2008-10-07 16:16 --------- d-----w c:\program files\Dell Support Center 2008-10-07 16:15 --------- d-----w c:\program files\Common Files\supportsoft 2008-10-06 16:19 --------- d-----w c:\programdata\Avira 2008-10-06 16:19 --------- d-----w c:\program files\Avira 2008-10-06 16:10 --------- d-----w c:\programdata\SUPERAntiSpyware.com 2008-10-06 16:08 --------- d-----w c:\users\R\AppData\Roaming\SUPERAntiSpyware.com 2008-10-06 16:08 --------- d-----w c:\programdata\Lavasoft 2008-10-06 16:08 --------- d-----w c:\program files\SUPERAntiSpyware 2008-10-06 16:01 --------- d-----w c:\program files\CCleaner 2008-10-06 01:42 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-10-06 01:42 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-10-06 01:42 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-10-06 01:42 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-10-06 01:42 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-06 01:07 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys 2008-10-06 00:15 --------- d-----w c:\program files\Huawei technologies 2008-10-06 00:15 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-06 00:03 --------- d-sh--w c:\programdata\Start-meny 2008-10-06 00:03 --------- d-sh--w c:\programdata\Skrivebord 2008-10-06 00:03 --------- d-sh--w c:\programdata\Programdata 2008-10-06 00:03 --------- d-sh--w c:\programdata\Maler 2008-10-06 00:03 --------- d-sh--w c:\programdata\Favoritter 2008-10-06 00:03 --------- d-sh--w c:\programdata\Dokumenter 2008-10-06 00:03 --------- d-sh--w c:\program files\Fellesfiler 2008-09-05 13:56 287,744 ----a-w c:\windows\WLXPGSS.SCR . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-17 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-02 136600] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-11-06 1797880] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-02-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{7E4BFC61-49E2-499C-8DE9-343F26822EF4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{AAAD5115-8BA7-4207-9262-50E49CEFB4FA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{D83F2326-E3C6-4D47-ABE0-56A9E0A6CF46}"= UDP:c:\program files\filehippo.com\UpdateChecker.exe:Update Checker "{66D0743A-48F8-4316-9C3E-7E451AC5AA4A}"= TCP:c:\program files\filehippo.com\UpdateChecker.exe:Update Checker "TCP Query User{91E5EDE8-E94B-4898-8A03-7020BE1BC989}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza "UDP Query User{9BF7905B-CB5A-4AF7-A25F-871DB972C80F}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-06 98320] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-06 25104] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728] R2 ATIWebPAM;ATI WebPAM;c:\program files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe [2003-09-29 110592] R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-03-20 2411520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c478ba79-9339-11dd-aea6-0019b98924f8}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c478ba91-9339-11dd-aea6-0019b98924f8}] \shell\AutoRun\command - D:\AutoRun.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-09 c:\windows\Tasks\Schedule Task Weekly.job - c:\program files\Registry Easy\RE.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.slimstart.no/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 01:28:27 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\windows\system32\guard32.dll PROCESS: c:\windows\system32\lsass.exe -> c:\windows\system32\guard32.dll . Completion time: 2008-11-10 1:34:05 ComboFix-quarantined-files.txt 2008-11-10 00:33:57 Pre-Run: 63 069 917 184 byte ledig Post-Run: 62,906,540,032 byte ledig 194 --- E O F --- 2008-11-08 14:06:20 ---------------------------------------------------------------------------------------------------- mvh Endret 11. november 2008 av rstrr Lenke til kommentar
norbat Skrevet 10. november 2008 Rapporter Del Skrevet 10. november 2008 Loggene ser greie ut. Hvorfor Ad-aware stopper på wait_rm.cur-fila vet jeg ikke, men noe malware er det ikke. Lenke til kommentar
rstrr Skrevet 11. november 2008 Forfatter Rapporter Del Skrevet 11. november 2008 (endret) Takk Norbat. Jeg skal høre hva Lavasoft tenker om det. Edit: Installerte Comodo og bruker den istedet av Vista brannmur. Installerte Ad-Aware en gang til og kjørte. Ingen problem no! mvh Endret 11. november 2008 av rstrr Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå