mhw357 Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Hei, lurte på om noen som har spisskompetanse på det her kan se over disse loggene for å se om det fortsatt er igjen noe? MBAM: Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1567 Windows 5.1.2600 Service Pack 2 29.12.2008 17:18:52 mbam-log-2008-12-29 (17-18-52).txt Skanntype: Rask Skann Objekter skannet: 53796 Tid tilbakelagt: 12 minute(s), 49 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38899829690572222030431989327700 (Rogue.Antivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\SYSTEM32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\åshild\Lokale innstillinger\Temp\dat6C.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Combofix: ComboFix 08-12-28.04 - åshild 2008-12-29 17:28:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.511.166 [GMT 1:00] Kjører fra: c:\documents and settings\åshild\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\fad.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-28 til 2008-12-29 ))))))))))))))))))))))))))))))))) . 2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\documents and settings\åshild\Programdata\Malwarebytes 2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-29 16:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-12-29 16:51 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2008-12-29 16:48 . 2008-12-29 16:48 <DIR> d-------- c:\windows\LastGood 2008-12-04 18:53 . 2008-12-04 18:53 <DIR> d-------- c:\programfiler\Norton Security Scan 2008-12-02 23:17 . 2008-12-29 16:44 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-02 23:13 . 2008-12-29 16:14 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg 2008-12-02 23:13 . 2008-12-03 21:51 <DIR> d-------- c:\documents and settings\åshild\Programdata\AVGTOOLBAR 2008-12-02 23:13 . 2008-12-02 23:13 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys 2008-12-02 23:13 . 2008-12-02 23:13 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys 2008-12-02 23:13 . 2008-12-02 23:13 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll 2008-12-02 23:12 . 2008-12-02 23:12 <DIR> d-------- c:\programfiler\AVG 2008-12-02 23:12 . 2008-12-02 23:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-04 17:57 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-11-07 17:32 2,109,440 ------w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll 2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:15 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-15 17:01 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe 2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll 2008-10-03 10:17 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576] "Apoint"="c:\programfiler\Apoint\Apoint.exe" [2002-08-22 143360] "Dell QuickSet"="c:\programfiler\Dell\QuickSet\QuickSet.exe" [2003-01-31 364544] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672] "RoxioEngineUtility"="c:\programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632] "RoxioDragToDisc"="c:\programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760] "RoxioAudioCentral"="c:\programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952] "WinampAgent"="c:\programfiler\Winamp\Winampa.exe" [2003-04-02 12288] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-29 188416] "HP Software Update"="c:\programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "DeviceDiscovery"="c:\programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2004-06-14 286720] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2004-10-10 98304] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "Disk Monitor"="c:\programfiler\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe" [2004-06-29 491008] "PCSuiteTrayApplication"="c:\programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "Telenor Online Start"="c:\programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 178312] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336] "nwiz"="nwiz.exe" [2004-10-26 c:\windows\SYSTEM32\nwiz.exe] "PCTVOICE"="pctspk.exe" [2002-07-18 c:\windows\SYSTEM32\pctspk.exe] "Status"="STATUS.EXE" [2001-10-29 c:\windows\SYSTEM32\STATUS.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\SYSTEM32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "PcSync"="c:\programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Jensen AirLink.lnk - c:\programfiler\Wireless LAN Utility\SiWake.exe [2006-05-15 159744] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "VIDC.PIM1"= pclepim1.dll "vidc.XVID"= xvid.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-02 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-02 76040] S2 TA128;Intelligent ISDN PCMCIA;c:\windows\system32\DRIVERS\TA128.SYS [2004-03-08 897963] S3 ABOVCOM1;ABOVCOM1;c:\windows\system32\DRIVERS\ABOVCOM1.SYS [2004-03-08 88148] S3 CoIsdn;Intelligent COISDN Adapter;c:\windows\system32\DRIVERS\CoIsdn.sys [2004-03-08 67297] S3 DVDACCSS;DVDACCSS;\??\c:\progra~1\DVDACC~1\DVDAX.SYS [2003-12-22 179264] S3 SIS163u;Jensen Air:Link 7554 Wireless Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-05-15 215552] *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-04 c:\windows\Tasks\Norton Security Scan for åshild.job - c:\programfiler\Norton Security Scan\Nss.exe [2008-09-19 04:18] 2008-12-02 c:\windows\Tasks\Symantec NetDetect.job - c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2004-09-02 16:14] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-MsnMsgr - c:\programfiler\MSN Messenger\MsnMsgr.Exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/no/nor/gen/default.htm O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\ImageUploader_3.ocx - c:\windows\unicows.dll c:\windows\Downloaded Program Files\IPSUploader.ocx O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/18/defaults/activex/IPSUploader.cab c:\windows\Downloaded Program Files\IPSUploader.inf FF - ProfilePath - c:\documents and settings\åshild\Programdata\Mozilla\Firefox\Profiles\q90d43xt.default\ FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 17:31:32 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(768) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-29 17:33:48 ComboFix-quarantined-files.txt 2008-12-29 16:32:48 Pre-Run: 16 184 012 800 byte ledig Post-Run: 16,914,845,696 byte ledig 177 --- E O F --- 2008-12-29 15:19:39 HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:48, on 30.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Dell\QuickSet\QuickSet.exe C:\WINDOWS\System32\DSentry.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Programfiler\Winamp\Winampa.exe C:\WINDOWS\system32\STATUS.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\ C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Lexar Media Inc\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Wireless LAN Utility\SiWake.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\åshild\Skrivebord\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Programfiler\Winamp\Winampa.exe" O4 - HKLM\..\Run: [status] STATUS.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Disk Monitor] C:\Programfiler\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Jensen AirLink.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/18/...IPSUploader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8515 bytes På forhånd takk! Lenke til kommentar
norbat Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Hvet du hva dette er: C:\WINDOWS\system32\STATUS.EXE? Hvis ikke, last opp fila på Virustotal.com Lenke til kommentar
mhw357 Skrevet 30. desember 2008 Forfatter Del Skrevet 30. desember 2008 Var litt mistenksom til den jeg også, så jeg lastet den opp til http://virusscan.jotti.org/ og den gikk klar der. Testet nå med den siden din og resultatet ble 0/36 (0%). Den er beskrevet som "STATUS MFC Application", som etter litt googling ser ut til å være en statusbar eller noe fra Microsoft... Lenke til kommentar
norbat Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Ok, Loggene ser greie ut, så hvis alt fungerer slik det skal, kan du avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
mhw357 Skrevet 30. desember 2008 Forfatter Del Skrevet 30. desember 2008 Flott, da kom du til samme konklusjon som meg! Tusen takk for hjelpen!! Lenke til kommentar
norbat Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Bare hyggelig. God nytt år! Lenke til kommentar
Tosha0007 Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
mhw357 Skrevet 1. januar 2009 Forfatter Del Skrevet 1. januar 2009 Slik, da satt jeg den som løst! Godt nytt år! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå