Brugi Skrevet 16. mai 2009 Del Skrevet 16. mai 2009 Hei. Jeg sliter med det jeg tror er en trojaner som gjemmer seg i prosessen til lyddriveren min. Når jeg starter opp maskinen min, avslutter Windows Generic Host Process for Win32 for å gi maskinen bedre sikkerhet, og da forsvinner lyden også. Kjørt noen viruskanner og lignende uten resultat. Takk for all hjelp. MBAM logg: Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2141 Windows 5.1.2600 Service Pack 3 16.05.2009 16:53:15 mbam-log-2009-05-16 (16-53-15).txt Skanntype: Rask Skann Objekter skannet: 87992 Tid tilbakelagt: 3 minute(s), 50 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) HJT logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:27:22, on 16.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Creative\Shared Files\CTDevSrv.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\Lycosa\razerhid.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\Programfiler\Razer\Lycosa\razertra.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Curse\CurseClient.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Programfiler\OpenOffice.org 3\program\swriter.exe C:\Programfiler\OpenOffice.org 3\program\soffice.exe C:\Programfiler\OpenOffice.org 3\program\soffice.bin C:\Documents and Settings\Bruginator\Skrivebord\HJT\pyramide.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Lycosa] "C:\Programfiler\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [CurseClient] C:\Programfiler\Curse\CurseClient.exe -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212246958890 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programfiler\Creative\Shared Files\CTDevSrv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 10003 bytes Lenke til kommentar
snippsat Skrevet 16. mai 2009 Del Skrevet 16. mai 2009 Hijackthis loggen er ren for malware. Da var en fix for "Windows Generic Host Process" Dette var for service pack 2,nå har du sp3 så da skulle det vært fixet. http://wer.microsoft.com/responses/Respons...d2-1e1448ab6a4e http://techblissonline.com/generic-host-pr...services-error/ Kan kjøre combofix,så vi er sikker på at du er ren for maleware. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Gjør dette og. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Lenke til kommentar
Brugi Skrevet 16. mai 2009 Forfatter Del Skrevet 16. mai 2009 Jeg er ganske sikker på at jeg har en trojaner, for jeg har en laptopp som fikk problemet først, tror det ble spredt gjennom nettet på skolen min. Når jeg kom hjem og startet opp tenkte jeg ikke på trojaneren og jeg fikk same problem på min stasjonære PC. Igjen, takk for all hjelp. Combofix logg: ComboFix 09-05-15.08 - Bruginator 16.05.2009 19:57.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1393 [GMT 2:00] Kjører fra: c:\documents and settings\Bruginator\Mine dokumenter\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bruginator\Programdata\.# . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 14:44 . 2009-05-16 14:44 -------- d-----w c:\programfiler\JRE 2009-05-16 14:31 . 2009-05-16 14:31 -------- d-----w c:\documents and settings\Bruginator\Programdata\OpenOffice.org 2009-05-16 14:30 . 2009-05-16 14:44 -------- d-----w c:\programfiler\OpenOffice.org 3 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\Bruginator\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 13:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-16 12:18 . 2009-05-16 12:25 -------- d-----w c:\programfiler\Google 2009-05-16 12:18 . 2009-05-16 12:22 -------- d-----w c:\windows\LastGood 2009-05-16 12:16 . 2009-05-16 12:16 -------- d-sh--w c:\documents and settings\Bruginator\IECompatCache 2009-05-16 12:15 . 2009-05-16 12:15 -------- d-sh--w c:\documents and settings\Bruginator\PrivacIE 2009-05-11 17:08 . 2009-05-11 17:08 -------- d-sh--w c:\documents and settings\NetworkService.NT-MYNDIGHET\IETldCache 2009-05-11 17:05 . 2009-05-11 17:05 -------- d-sh--w c:\documents and settings\Bruginator\IETldCache 2009-05-10 23:20 . 2009-05-10 23:20 -------- d-----w c:\windows\ie8updates 2009-05-10 23:20 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-10 23:19 . 2009-05-10 23:20 -------- dc-h--w c:\windows\ie8 2009-05-10 22:57 . 2009-05-10 22:58 -------- d-----w C:\e9cbded051f93498780f 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iPod 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iTunes 2009-04-25 14:41 . 2009-04-25 14:43 -------- d-----w c:\programfiler\QuickTime 2009-04-25 14:37 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-04-25 14:33 . 2009-04-25 14:33 -------- d-----w c:\programfiler\Bonjour 2009-04-25 11:53 . 2009-04-26 08:29 -------- d-----w c:\programfiler\DAEMON Tools Lite 2009-04-25 11:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-25 11:46 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-25 11:46 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-25 11:46 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-25 11:46 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-25 11:46 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-25 11:46 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-25 11:46 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-25 11:46 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-25 11:46 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 16:29 . 2008-07-28 17:54 -------- d-----w c:\programfiler\World of Warcraft 2009-05-16 14:29 . 2008-05-31 15:05 -------- d-----w c:\programfiler\OpenOffice.org 2.4 2009-05-11 17:00 . 2008-05-31 14:52 17672 ----a-w c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-10 23:02 . 2004-08-04 12:00 79838 ----a-w c:\windows\system32\perfc014.dat 2009-05-10 23:02 . 2004-08-04 12:00 444344 ----a-w c:\windows\system32\perfh014.dat 2009-05-01 12:05 . 2008-12-22 22:51 -------- d-----w c:\programfiler\Curse 2009-04-26 09:21 . 2008-05-31 14:34 -------- d-----w c:\programfiler\Java 2009-04-25 14:47 . 2007-07-16 11:33 -------- d-----w c:\programfiler\Fellesfiler\Apple 2009-04-25 12:36 . 2008-10-02 21:44 -------- d-----w c:\programfiler\Guild Wars 2009-04-25 11:53 . 2008-10-20 14:49 -------- d-----w c:\programfiler\DAEMON Tools Toolbar 2009-04-25 11:47 . 2008-06-10 17:09 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-26 13:23 . 2008-11-03 19:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-19 14:32 . 2008-11-03 19:09 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 03:19 . 2008-11-26 15:42 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTZDetec.exe"="c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408] "Google Update"="c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-21 133104] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "CurseClient"="c:\programfiler\Curse\CurseClient.exe" [2009-05-14 1933312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Lycosa"="c:\programfiler\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-07 16859136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= "c:\\Programfiler\\SEGA\\Medieval II Total War\\medieval2.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\LucasArts\\SWKotOR2\\swupdate.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40k.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40kWA.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Microsoft Games\\Halo\\halo.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Programfiler\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Curse\\CurseClient.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\DOW2.exe"= "c:\\Programfiler\\Tortun\\gui.exe"= "c:\\Programfiler\\World of Warcraft\\Launcher.exe"= "c:\\Programfiler\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01.05.2009 16:15 114768] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [28.05.2008 10:33 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [28.05.2008 10:33 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.05.2009 16:15 20560] R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [10.01.2009 02:00 16896] S3 lac97inf;lac97inf;\??\c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys --> c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys [?] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [28.05.2008 10:33 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [03.11.2008 21:08 36864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-725345543-1004.job - c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-21 00:10] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 20:01 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTZDetec.exe = c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(732) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2392) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 20:04 ComboFix-quarantined-files.txt 2009-05-16 18:04 ComboFix2.txt 2008-08-02 21:59 Pre-Run: 95 444 611 072 byte ledig Post-Run: 96 111 153 152 byte ledig 207 --- E O F --- 2009-05-14 21:31 Lenke til kommentar
snippsat Skrevet 16. mai 2009 Del Skrevet 16. mai 2009 Scann denne filen Virustotal c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt DirLook:: C:\e9cbded051f93498780f c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} File:: c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys Driver:: ac97inf Lenke til kommentar
Brugi Skrevet 16. mai 2009 Forfatter Del Skrevet 16. mai 2009 (endret) Online scan ga ingen resultater ComboFix 09-05-16.01 - Bruginator 16.05.2009 21:13.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1429 [GMT 2:00] Kjører fra: c:\documents and settings\Bruginator\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Bruginator\Skrivebord\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 14:44 . 2009-05-16 14:44 -------- d-----w c:\programfiler\JRE 2009-05-16 14:31 . 2009-05-16 14:31 -------- d-----w c:\documents and settings\Bruginator\Programdata\OpenOffice.org 2009-05-16 14:30 . 2009-05-16 14:44 -------- d-----w c:\programfiler\OpenOffice.org 3 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\Bruginator\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 13:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-16 12:18 . 2009-05-16 12:25 -------- d-----w c:\programfiler\Google 2009-05-16 12:18 . 2009-05-16 12:22 -------- d-----w c:\windows\LastGood 2009-05-16 12:16 . 2009-05-16 12:16 -------- d-sh--w c:\documents and settings\Bruginator\IECompatCache 2009-05-16 12:15 . 2009-05-16 12:15 -------- d-sh--w c:\documents and settings\Bruginator\PrivacIE 2009-05-11 17:08 . 2009-05-11 17:08 -------- d-sh--w c:\documents and settings\NetworkService.NT-MYNDIGHET\IETldCache 2009-05-11 17:05 . 2009-05-11 17:05 -------- d-sh--w c:\documents and settings\Bruginator\IETldCache 2009-05-10 23:20 . 2009-05-10 23:20 -------- d-----w c:\windows\ie8updates 2009-05-10 23:20 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-10 23:19 . 2009-05-10 23:20 -------- dc-h--w c:\windows\ie8 2009-05-10 22:57 . 2009-05-10 22:58 -------- d-----w C:\e9cbded051f93498780f 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iPod 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iTunes 2009-04-25 14:41 . 2009-04-25 14:43 -------- d-----w c:\programfiler\QuickTime 2009-04-25 14:37 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-04-25 14:33 . 2009-04-25 14:33 -------- d-----w c:\programfiler\Bonjour 2009-04-25 11:53 . 2009-04-26 08:29 -------- d-----w c:\programfiler\DAEMON Tools Lite 2009-04-25 11:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-25 11:46 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-25 11:46 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-25 11:46 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-25 11:46 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-25 11:46 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-25 11:46 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-25 11:46 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-25 11:46 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-25 11:46 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 16:29 . 2008-07-28 17:54 -------- d-----w c:\programfiler\World of Warcraft 2009-05-16 14:29 . 2008-05-31 15:05 -------- d-----w c:\programfiler\OpenOffice.org 2.4 2009-05-11 17:00 . 2008-05-31 14:52 17672 ----a-w c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-10 23:02 . 2004-08-04 12:00 79838 ----a-w c:\windows\system32\perfc014.dat 2009-05-10 23:02 . 2004-08-04 12:00 444344 ----a-w c:\windows\system32\perfh014.dat 2009-05-01 12:05 . 2008-12-22 22:51 -------- d-----w c:\programfiler\Curse 2009-04-26 09:21 . 2008-05-31 14:34 -------- d-----w c:\programfiler\Java 2009-04-25 14:47 . 2007-07-16 11:33 -------- d-----w c:\programfiler\Fellesfiler\Apple 2009-04-25 12:36 . 2008-10-02 21:44 -------- d-----w c:\programfiler\Guild Wars 2009-04-25 11:53 . 2008-10-20 14:49 -------- d-----w c:\programfiler\DAEMON Tools Toolbar 2009-04-25 11:47 . 2008-06-10 17:09 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-26 13:23 . 2008-11-03 19:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-19 14:32 . 2008-11-03 19:09 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 03:19 . 2008-11-26 15:42 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ---- 2009-04-25 14:47 . 2009-04-25 14:48 3678 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt 2009-03-24 23:19 . 2009-03-24 23:19 7919 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat 2009-03-19 14:38 . 2009-03-19 14:38 2763 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf 2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-02-04 11:56 . 2009-02-04 11:56 75112 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe 2008-04-17 10:12 . 2008-04-17 10:12 107368 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll 2006-11-02 04:21 . 2006-11-02 04:21 319456 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll ---- Directory of C:\e9cbded051f93498780f ---- 2009-05-10 22:57 . 2008-06-19 05:33 72 ------w c:\e9cbded051f93498780f\amd64\msxpsinc.ppd 2009-05-10 22:57 . 2008-06-19 05:33 2204 ------w c:\e9cbded051f93498780f\i386\msxpsdrv.inf 2009-05-10 22:57 . 2008-06-19 09:03 73 ------w c:\e9cbded051f93498780f\i386\msxpsinc.gpd 2009-05-10 22:57 . 2008-06-19 05:33 72 ------w c:\e9cbded051f93498780f\i386\msxpsinc.ppd 2009-05-10 22:57 . 2008-06-19 05:33 2204 ------w c:\e9cbded051f93498780f\amd64\msxpsdrv.inf 2009-05-10 22:57 . 2008-07-06 12:06 10929 ------w c:\e9cbded051f93498780f\amd64\msxpsdrv.cat 2009-05-10 22:57 . 2008-07-06 12:06 10929 ------w c:\e9cbded051f93498780f\i386\msxpsdrv.cat 2009-05-10 22:57 . 2008-07-06 12:06 147456 ------w c:\e9cbded051f93498780f\amd64\filterpipelineprintproc.dll 2009-05-10 22:57 . 2008-07-06 12:06 89088 ------w c:\e9cbded051f93498780f\i386\filterpipelineprintproc.dll 2009-05-10 22:57 . 2008-07-06 12:06 765440 ------w c:\e9cbded051f93498780f\i386\mxdwdrv.dll 2009-05-10 22:57 . 2008-07-06 12:06 1676288 ------w c:\e9cbded051f93498780f\i386\xpssvcs.dll 2009-05-10 22:57 . 2008-07-06 12:06 748032 ------w c:\e9cbded051f93498780f\amd64\mxdwdrv.dll 2008-07-06 15:36 . 2008-07-06 15:36 2936832 ------w c:\e9cbded051f93498780f\amd64\xpssvcs.dll 2008-06-19 09:03 . 2008-06-19 09:03 73 ------w c:\e9cbded051f93498780f\amd64\msxpsinc.gpd (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTZDetec.exe"="c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408] "Google Update"="c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-21 133104] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "CurseClient"="c:\programfiler\Curse\CurseClient.exe" [2009-05-14 1933312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Lycosa"="c:\programfiler\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-07 16859136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= "c:\\Programfiler\\SEGA\\Medieval II Total War\\medieval2.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\LucasArts\\SWKotOR2\\swupdate.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40k.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40kWA.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Microsoft Games\\Halo\\halo.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Programfiler\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Curse\\CurseClient.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\DOW2.exe"= "c:\\Programfiler\\Tortun\\gui.exe"= "c:\\Programfiler\\World of Warcraft\\Launcher.exe"= "c:\\Programfiler\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01.05.2009 16:15 114768] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [28.05.2008 10:33 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [28.05.2008 10:33 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.05.2009 16:15 20560] R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [10.01.2009 02:00 16896] S3 lac97inf;lac97inf;\??\c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys --> c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys [?] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [28.05.2008 10:33 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [03.11.2008 21:08 36864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-725345543-1004.job - c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-21 00:10] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 21:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTZDetec.exe = c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(732) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3964) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 21:17 ComboFix-quarantined-files.txt 2009-05-16 19:17 ComboFix2.txt 2009-05-16 19:05 ComboFix3.txt 2009-05-16 18:04 ComboFix4.txt 2008-08-02 21:59 Pre-Run: 96 109 780 992 byte ledig Post-Run: 96 096 169 984 byte ledig 230 --- E O F --- 2009-05-14 21:31 Endret 16. mai 2009 av Brugi Lenke til kommentar
Brugi Skrevet 16. mai 2009 Forfatter Del Skrevet 16. mai 2009 (endret) æ nooba Endret 16. mai 2009 av Brugi Lenke til kommentar
snippsat Skrevet 16. mai 2009 Del Skrevet 16. mai 2009 (endret) Lag et nytt CFScript.txt men denne tekst. File:: c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys Driver: lac97inf Etter dette er det helt sikkert at du ikke har trojan,som kjører på pcen din. Da er problemet du har knyttet til noe annet enn malware. Endret 16. mai 2009 av SNIPPSAT Lenke til kommentar
Brugi Skrevet 16. mai 2009 Forfatter Del Skrevet 16. mai 2009 Ja håper det gir resultater, for det er irriterende uten lyd på datan :/ ComboFix 09-05-16.03 - Bruginator 16.05.2009 22:08.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1473 [GMT 2:00] Kjører fra: c:\documents and settings\Bruginator\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Bruginator\Skrivebord\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 14:44 . 2009-05-16 14:44 -------- d-----w c:\programfiler\JRE 2009-05-16 14:31 . 2009-05-16 14:31 -------- d-----w c:\documents and settings\Bruginator\Programdata\OpenOffice.org 2009-05-16 14:30 . 2009-05-16 14:44 -------- d-----w c:\programfiler\OpenOffice.org 3 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\Bruginator\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 13:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-05-16 13:45 . 2009-05-16 13:45 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-16 12:18 . 2009-05-16 12:25 -------- d-----w c:\programfiler\Google 2009-05-16 12:18 . 2009-05-16 12:22 -------- d-----w c:\windows\LastGood 2009-05-16 12:16 . 2009-05-16 12:16 -------- d-sh--w c:\documents and settings\Bruginator\IECompatCache 2009-05-16 12:15 . 2009-05-16 12:15 -------- d-sh--w c:\documents and settings\Bruginator\PrivacIE 2009-05-11 17:08 . 2009-05-11 17:08 -------- d-sh--w c:\documents and settings\NetworkService.NT-MYNDIGHET\IETldCache 2009-05-11 17:05 . 2009-05-11 17:05 -------- d-sh--w c:\documents and settings\Bruginator\IETldCache 2009-05-10 23:20 . 2009-05-10 23:20 -------- d-----w c:\windows\ie8updates 2009-05-10 23:20 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-10 23:19 . 2009-05-10 23:20 -------- dc-h--w c:\windows\ie8 2009-05-10 22:57 . 2009-05-10 22:58 -------- d-----w C:\e9cbded051f93498780f 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iPod 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-25 14:47 . 2009-04-25 14:47 -------- d-----w c:\programfiler\iTunes 2009-04-25 14:41 . 2009-04-25 14:43 -------- d-----w c:\programfiler\QuickTime 2009-04-25 14:37 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-04-25 14:33 . 2009-04-25 14:33 -------- d-----w c:\programfiler\Bonjour 2009-04-25 11:53 . 2009-04-26 08:29 -------- d-----w c:\programfiler\DAEMON Tools Lite 2009-04-25 11:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-25 11:46 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-25 11:46 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-25 11:46 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-25 11:46 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-25 11:46 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-25 11:46 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-25 11:46 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-25 11:46 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-25 11:46 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 19:54 . 2008-05-31 14:52 17672 ----a-w c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-16 16:29 . 2008-07-28 17:54 -------- d-----w c:\programfiler\World of Warcraft 2009-05-16 14:29 . 2008-05-31 15:05 -------- d-----w c:\programfiler\OpenOffice.org 2.4 2009-05-10 23:02 . 2004-08-04 12:00 79838 ----a-w c:\windows\system32\perfc014.dat 2009-05-10 23:02 . 2004-08-04 12:00 444344 ----a-w c:\windows\system32\perfh014.dat 2009-05-01 12:05 . 2008-12-22 22:51 -------- d-----w c:\programfiler\Curse 2009-04-26 09:21 . 2008-05-31 14:34 -------- d-----w c:\programfiler\Java 2009-04-25 14:47 . 2007-07-16 11:33 -------- d-----w c:\programfiler\Fellesfiler\Apple 2009-04-25 12:36 . 2008-10-02 21:44 -------- d-----w c:\programfiler\Guild Wars 2009-04-25 11:53 . 2008-10-20 14:49 -------- d-----w c:\programfiler\DAEMON Tools Toolbar 2009-04-25 11:47 . 2008-06-10 17:09 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-26 13:23 . 2008-11-03 19:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-19 14:32 . 2008-11-03 19:09 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 03:19 . 2008-11-26 15:42 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTZDetec.exe"="c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408] "Google Update"="c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-21 133104] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "CurseClient"="c:\programfiler\Curse\CurseClient.exe" [2009-05-14 1933312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Lycosa"="c:\programfiler\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-07 16859136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= "c:\\Programfiler\\SEGA\\Medieval II Total War\\medieval2.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\LucasArts\\SWKotOR2\\swupdate.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40k.exe"= "c:\\Programfiler\\THQ\\Dawn Of War\\W40kWA.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "c:\\Programfiler\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Microsoft Games\\Halo\\halo.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Programfiler\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Curse\\CurseClient.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\DOW2.exe"= "c:\\Programfiler\\Tortun\\gui.exe"= "c:\\Programfiler\\World of Warcraft\\Launcher.exe"= "c:\\Programfiler\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Programfiler\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01.05.2009 16:15 114768] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [28.05.2008 10:33 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [28.05.2008 10:33 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.05.2009 16:15 20560] R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [10.01.2009 02:00 16896] S3 lac97inf;lac97inf;\??\c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys --> c:\docume~1\BRUGIN~1\LOKALE~1\Temp\lac97inf.sys [?] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [28.05.2008 10:33 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [03.11.2008 21:08 36864] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-725345543-1004.job - c:\documents and settings\Bruginator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-21 00:10] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 22:10 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTZDetec.exe = c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(732) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2016) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 22:12 ComboFix-quarantined-files.txt 2009-05-16 20:12 ComboFix2.txt 2009-05-16 19:17 ComboFix3.txt 2009-05-16 19:05 ComboFix4.txt 2009-05-16 18:04 ComboFix5.txt 2009-05-16 20:07 Pre-Run: 96 091 181 056 byte ledig Post-Run: 96 078 974 976 byte ledig 206 --- E O F --- 2009-05-14 21:31 Lenke til kommentar
Brugi Skrevet 22. mai 2009 Forfatter Del Skrevet 22. mai 2009 Har også kjørt CCleaner en rekke ganger, problemet er der fortsatt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå