DjShugaA Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 Heisann Pcen til kjæresten min har visst noe drit på seg for Msn sender random meldinger til folk. Har kjørt SuperantiSpyware og den fant ingenting. MBAS ville ikke kjøre på pcen hennes. Dette er meldingen jeg fikk fra henne: This is like a dream come true for me and my Becky. We both are living proof that Acai pills work to lose weight quick, we both lost over 30 pounds and still losing, no diet or excercise they just burn the fat off. Get them now for only five dollars at hxxp://tillhave.com <- Ødela linken slik at ingen skulle trykke ved uhell Her er Hijack loggen jeg fikk fra henne: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:41, on 09.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\mstsc.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232559883929 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7647 bytes Lenke til kommentar
raWrz Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
DjShugaA Skrevet 9. mars 2009 Forfatter Del Skrevet 9. mars 2009 Takker for svar Her er Combofix loggen ComboFix 09-03-06.02 - Fei Li 2009-03-09 22:34:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.181 [GMT 1:00] Kjører fra: c:\documents and settings\Fei Li\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 ))))))))))))))))))))))))))))))))) . 2009-03-09 21:59 . 2009-03-09 21:59 <DIR> d-------- c:\program files\Trend Micro 2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-02 23:19 . 2009-03-02 23:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia 2009-03-02 23:18 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys 2009-03-02 23:18 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys 2009-03-02 23:15 . 2009-03-02 23:18 <DIR> d-------- c:\program files\Nokia 2009-03-02 23:07 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2009-03-02 23:07 . 2008-04-14 00:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2009-03-02 23:07 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-03-02 23:07 . 2009-03-02 23:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-03-02 23:07 . 2009-03-02 23:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-03-02 23:06 . 2009-03-02 23:07 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\PC Suite 2009-03-02 23:06 . 2009-03-02 23:48 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Nokia 2009-03-02 23:06 . 2009-03-02 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite 2009-03-02 23:03 . 2009-03-02 23:03 <DIR> d-------- c:\program files\DIFX 2009-03-02 23:03 . 2009-03-02 23:03 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-03-02 23:03 . 2009-03-02 23:15 <DIR> d-------- c:\program files\Common Files\Nokia 2009-03-02 23:03 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-03-02 23:02 . 2009-03-02 23:02 <DIR> d-------- c:\program files\PC Connectivity Solution 2009-03-02 23:02 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-03-02 23:02 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-03-02 23:02 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2009-03-02 23:02 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-03-02 23:02 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-03-02 23:02 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-03-02 23:02 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-03-02 22:58 . 2009-03-02 23:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations 2009-03-02 14:21 . 2009-03-02 14:21 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Codemonster 2009-03-02 14:15 . 2009-03-02 14:15 <DIR> d-------- c:\program files\Codemonster 2009-03-02 09:43 . 2009-03-02 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\SUPERAntiSpyware.com 2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Malwarebytes 2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-02 09:32 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-02 09:32 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-25 22:14 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-16 13:29 . 2009-03-08 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-02-14 13:26 . 2009-02-14 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 00:09 --------- d-----w c:\program files\Opera 2009-03-07 23:55 --------- d-----w c:\documents and settings\Fei Li\Application Data\Skype 2009-03-07 23:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\skypePM 2009-03-04 22:24 --------- d-----w c:\program files\eMule 2009-02-26 08:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 10:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-14 15:08 --------- d-----w c:\documents and settings\Fei Li\Application Data\uTorrent 2009-02-07 15:54 --------- d-----w c:\program files\Reference Assemblies 2009-02-07 15:54 --------- d-----w c:\program files\MSBuild 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-02 19:46 --------- d-----w c:\program files\uTorrent 2009-01-23 19:46 --------- d-----w c:\program files\TTPlayer 2009-01-23 09:58 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-23 09:58 --------- d-----w c:\program files\Java 2009-01-22 11:51 --------- d-----w c:\program files\Foxit Software 2009-01-22 11:51 --------- d-----w c:\documents and settings\Fei Li\Application Data\Foxit 2009-01-22 10:14 409,600 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-22 10:14 114,688 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-22 10:14 --------- d-----w c:\program files\OpenAL 2009-01-22 10:13 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools Lite 2009-01-22 10:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools Pro 2009-01-22 10:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools 2009-01-22 10:07 --------- d-----w c:\program files\DAEMON Tools Lite 2009-01-22 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-01-22 10:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-21 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard 2009-01-21 19:21 21,425 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-21 19:21 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel 2009-01-21 19:21 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel 2009-01-21 19:21 --------- d-----w c:\documents and settings\Fei Li\Application Data\Intel 2009-01-21 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2009-01-21 19:20 --------- d-----w c:\program files\Intel 2009-01-21 19:18 --------- d-----w c:\program files\Windows Live 2009-01-21 19:18 --------- d-----w c:\program files\Microsoft 2009-01-21 19:17 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-21 19:13 --------- d-----w c:\program files\Common Files\Windows Live 2009-01-21 19:09 --------- d-----w c:\program files\Windows Defender 2009-01-21 19:08 --------- d-----w c:\documents and settings\Fei Li\Application Data\vlc 2009-01-21 19:07 --------- d-----w c:\program files\VideoLAN 2009-01-21 19:03 --------- d-----w c:\program files\Skype 2009-01-21 19:03 --------- d-----w c:\program files\Common Files\Skype 2009-01-21 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-01-21 18:43 --------- d-----w c:\program files\Alwil Software 2009-01-21 18:17 --------- d-----w c:\documents and settings\Fei Li\Application Data\Windows Desktop Search 2009-01-21 18:16 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-21 18:16 --------- d-----w c:\program files\Windows Desktop Search 2009-01-21 18:13 --------- d-----w c:\program files\Sigmatel 2009-01-21 18:10 --------- d-----w c:\program files\CONEXANT 2009-01-21 17:43 --------- d-----w c:\program files\Broadcom 2009-01-21 17:42 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-21 15:06 --------- d-----w c:\program files\microsoft frontpage 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128] "PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "d:\\Spill\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Spill\\Neverwinter Nights\\nwmain.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-21 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-21 20560] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-02 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-02 8320] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 22:36:37 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(860) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Tidspunkt ferdig: 2009-03-09 22:38:20 ComboFix-quarantined-files.txt 2009-03-09 21:38:15 Pre-Run: 3 690 995 712 bytes free Post-Run: 3,850,489,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] redirect=usebiossettings redirectbaudrate= timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 194 --- E O F --- 2009-03-05 20:57:23 Lenke til kommentar
norbat Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 Be kjæresten din om å endre passord på msn-kontoen. Se om ikke det får slutt på problemet. Loggene viser ikke noe spesielt. Lenke til kommentar
DjShugaA Skrevet 9. mars 2009 Forfatter Del Skrevet 9. mars 2009 okey vi får prøve det. Takker for hjelpen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå