Opelduude Skrevet 14. juli 2009 Del Skrevet 14. juli 2009 Får automatisk popups fra internet explorer selv om jeg bruker firefox, skulle gjerna ha fått fjerna det siden det kommer hvert 5. minutt Her er en logg fra hjt. Er takknemlig om noen vil se på den og se om det er noe som bør fjernes Logfile of HijackThis v1.99.1 Scan saved at 00:46:20, on 15.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\DellTPad\Apoint.exe C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Programfiler\Wave Systems Corp\secureupgrade.exe C:\Programfiler\DellTPad\ApMsgFwd.exe C:\Programfiler\DellTPad\HidFind.exe C:\WINDOWS\system32\KADxMain.exe C:\Programfiler\DellTPad\Apntex.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe c:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Cisco Systems\Clean Access Agent\ccaagent.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\StacSV.exe C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe c:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\TEMP\BI63F1.EXE C:\WINDOWS\system32\dllhost.exe C:\Programfiler\Trend Micro\OfficeScan Client\TmPfw.exe C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmproxy.exe C:\Programfiler\Steam\steam.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\Programfiler\SUPERAntiSpyware\superantispyware.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\ruka2705\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vg.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy01:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [KADxMain] c:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ATICCC] "c:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [tons bike intra poll] C:\Documents and Settings\All Users\Programdata\Poke admin tons bike\bows math.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [plan meet] C:\DOCUME~1\ruka2705\PROGRA~1\THISLO~1\dent bags.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Clean Access Agent.lnk = C:\Programfiler\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Opprett mobil favoritt - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211444102437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227034747578 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = opplandvgs.local O17 - HKLM\Software\..\Telephony: DomainName = vargstad.opplandvgs.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = opplandvgs.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = opplandvgs.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: gemsafe - C:\Programfiler\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Lenke til kommentar
norbat Skrevet 15. juli 2009 Del Skrevet 15. juli 2009 Start hjt,velg "Do a system scan only", sett merke framfor følgende to linjer og klikk Fix checked: O4 - HKLM\..\Run: [tons bike intra poll] C:\Documents and Settings\All Users\Programdata\Poke admin tons bike\bows math.exe O4 - HKCU\..\Run: [plan meet] C:\DOCUME~1\ruka2705\PROGRA~1\THISLO~1\dent bags.exe Kjør deretter gjennom veiledningen og post loggene det spørres etter, her i din egen tråd. Lenke til kommentar
Opelduude Skrevet 16. juli 2009 Forfatter Del Skrevet 16. juli 2009 (endret) Da har jeg gjort det. Er ingen logg å vise til fra MAM, men combofix sletta er par ting ComboFix 09-07-14.08 - ruka2705 16.07.2009 2:11.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1918.1332 [GMT 2:00] Kjører fra: c:\documents and settings\ruka2705\Skrivebord\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {104AD58F-FB7C-4BAD-9E3B-543E45E2966E} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-220523388-1326574676-1417001333-500 c:\recycler\S-1-5-21-682071642-3516339735-4183691861-500 c:\windows\Installer\3e565.msp . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-16 til 2009-07-16 ))))))))))))))))))))))))))))))))) . 2009-07-16 00:02 . 2009-07-16 00:02 -------- d-----w- c:\documents and settings\ruka2705\Programdata\Malwarebytes 2009-07-16 00:02 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-16 00:02 . 2009-07-16 00:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-07-16 00:02 . 2009-07-16 00:02 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-07-16 00:02 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-14 22:44 . 2009-07-14 22:44 -------- d-----w- C:\Program Files 2009-07-13 00:17 . 2009-07-15 22:18 117760 ----a-w- c:\documents and settings\ruka2705\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-13 00:16 . 2009-07-13 00:16 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-07-13 00:16 . 2009-07-13 00:16 -------- d-----w- c:\programfiler\SUPERAntiSpyware 2009-07-13 00:16 . 2009-07-13 00:16 -------- d-----w- c:\documents and settings\ruka2705\Programdata\SUPERAntiSpyware.com 2009-07-12 23:11 . 2009-07-12 23:11 307200 ----a-w- c:\documents and settings\ruka2705\Programdata\This log\teststoremode.exe 2009-07-12 23:11 . 2009-07-12 23:11 401408 ----a-w- c:\documents and settings\ruka2705\Programdata\This log\way upload style jump.exe 2009-07-12 23:11 . 2009-07-15 22:21 774144 ----a-w- c:\documents and settings\All Users\Programdata\Poke admin tons bike\bows math.exe 2009-07-12 23:11 . 2009-07-12 23:11 770048 ----a-w- c:\documents and settings\ruka2705\Programdata\This log\iohuvbtx.exe 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Poke admin tons bike 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\ruka2705\Programdata\This log 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\programfiler\This log 2009-07-12 23:11 . 2009-07-12 23:10 565248 ----a-w- c:\documents and settings\ruka2705\Programdata\This log\dent bags.exe 2009-07-12 23:10 . 2009-07-12 23:10 -------- d-----w- c:\programfiler\Crcle Developement 2009-07-05 23:49 . 2009-07-06 22:49 -------- d-----w- c:\windows\system32\NtmsData 2009-06-27 13:02 . 2009-06-27 13:02 -------- d-----w- c:\documents and settings\ruka2705\Lokale innstillinger\Programdata\Help 2009-06-27 13:00 . 2009-06-27 13:00 -------- d-----w- c:\programfiler\Common Files 2009-06-27 12:59 . 2004-12-06 12:07 104064 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-06-27 12:59 . 2004-12-06 12:07 104064 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-06-27 12:59 . 2005-01-19 13:27 65615 ----a-w- c:\windows\system32\pmailext.dll 2009-06-27 12:59 . 2005-01-19 13:27 57423 ----a-w- c:\windows\system32\MsgStRPC.dll 2009-06-27 12:59 . 2005-01-19 13:27 36942 ----a-w- c:\windows\system32\ppcload.dll 2009-06-27 12:59 . 2005-01-19 13:27 24653 ----a-w- c:\windows\system32\ceutil.dll 2009-06-27 12:59 . 2005-01-04 09:49 77899 ----a-w- c:\windows\system32\rapi.dll 2009-06-27 12:59 . 2009-06-27 13:00 -------- d-----w- c:\programfiler\Microsoft ActiveSync 2009-06-27 12:59 . 1998-10-06 17:03 327168 ----a-w- c:\windows\IsUn0414.exe 2009-06-27 12:58 . 2009-06-27 12:58 -------- d-sh--w- c:\windows\ftpcache 2009-06-16 14:43 . 2009-06-16 14:43 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-06-16 14:43 . 2009-06-16 14:43 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-15 22:21 . 2009-03-22 00:13 -------- d-----w- c:\programfiler\Steam 2009-07-15 22:19 . 2008-08-29 07:52 -------- d-----w- c:\documents and settings\ruka2705\Programdata\OpenOffice.org2 2009-07-15 22:17 . 2008-08-29 07:53 0 ----a-w- c:\documents and settings\ruka2705\Lokale innstillinger\Programdata\WavXMapDrive.bat 2009-07-14 23:16 . 2008-12-12 14:57 -------- d-----w- c:\programfiler\Live For Speed S2 Alpha Y Cracked version 2009-07-13 00:15 . 2008-05-27 13:40 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-07-12 23:10 . 2009-05-03 18:55 -------- d-----w- c:\programfiler\Messenger Plus! Live 2009-06-16 14:43 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:43 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:11 . 2004-08-04 10:00 1294336 ----a-w- c:\windows\system32\quartz.dll 2009-06-03 19:07 . 2008-12-12 10:20 -------- d-----w- c:\documents and settings\ruka2705\Programdata\U3 2009-06-03 19:07 . 2009-06-03 19:07 0 ----a-w- C:\LOG2211.tmp 2009-06-03 18:57 . 2009-06-03 18:57 0 ----a-w- C:\LOG21F0.tmp 2009-05-26 16:32 . 2009-05-26 16:32 0 ----a-w- C:\LOG1D3F.tmp 2009-05-20 22:09 . 2008-11-22 11:18 34 ----a-w- c:\documents and settings\ruka2705\jagex_runescape_preferences.dat 2009-05-15 22:46 . 2004-08-04 10:00 68272 ----a-w- c:\windows\system32\perfc014.dat 2009-05-15 22:46 . 2004-08-04 10:00 402016 ----a-w- c:\windows\system32\perfh014.dat 2009-05-07 15:34 . 2004-08-04 10:00 346112 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:50 . 2006-03-04 03:35 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:49 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:51 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 22:38 . 2009-04-17 22:38 0 ----a-w- C:\LOG123D.tmp 2009-06-12 23:07 . 2008-11-22 17:14 134648 ----a-w- c:\programfiler\mozilla firefox\components\brwsrcmp.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885400] "Steam"="c:\programfiler\steam\steam.exe" [2009-06-12 1217784] "H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2005-01-19 405583] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128] "plan meet"="c:\docume~1\ruka2705\PROGRA~1\THISLO~1\dent bags.exe" [2009-07-12 565248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\programfiler\DellTPad\Apoint.exe" [2007-09-24 159744] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504] "Dell QuickSet"="c:\programfiler\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "WavXMgr"="c:\programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\programfiler\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-08-28 714024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Default User\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\ruka2705\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Clean Access Agent.lnk - c:\programfiler\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672] Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2008-7-10 50688] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 13:20 73728 ----a-w- c:\programfiler\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Programfiler\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Programfiler\\Steam\\steam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [27.05.2008 15:41 251578] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [14.09.2007 14:35 19200] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [14.09.2007 14:35 48140] R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [14.09.2007 14:35 204800] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [23.06.2009 11:01 9968] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [23.06.2009 11:01 72944] R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [17.09.2007 16:40 36368] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [04.08.2004 12:00 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02.11.2006 12:32 97536] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16.07.2009 02:02 38160] R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [23.06.2009 11:01 7408] R3 tmcfw;tmcfw;c:\windows\system32\drivers\TM_CFW.sys [27.08.2007 15:27 335888] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S2 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\tmxpflt.sys [17.09.2007 16:40 225296] S3 TmPfw;OfficeScan NT Firewall;c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe [05.04.2007 00:35 488768] S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe [27.04.2007 22:35 652552] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-07-16 c:\windows\Tasks\80E20BFA886980EA.job - c:\docume~1\ruka2705\progra~1\thislo~1\teststoremode.exe [2009-07-12 23:11] 2009-04-17 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-07-15 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-07-15 c:\windows\Tasks\Oppdater Ordnett Pluss.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2008-05-21 13:10] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uInternet Connection Wizard,ShellNext = hxxp://www.vg.no/ uInternet Settings,ProxyServer = proxy01:8080 uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\ruka2705\Programdata\Mozilla\Firefox\Profiles\cxg5d1gf.default\ FF - prefs.js: browser.startup.homepage - vg.no ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 02:13 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-3105703912-1863893187-3053718399-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) @SACL= . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1164) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1224) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . Tidspunkt ferdig: 2009-07-16 2:15 ComboFix-quarantined-files.txt 2009-07-16 00:14 Pre-Run: 8 368 431 104 byte ledig Post-Run: 9 498 431 488 byte ledig 208 --- E O F --- 2009-07-14 23:15 Fant ut hva det var. Har instalert Messenger plus så da takka jeg ja til å instalere sponsorprogrammet også. Har fått fjerna det nå. Du kan se på loggen om det er noe mer som burde bli fjerna. Endret 16. juli 2009 av Gryterett Lenke til kommentar
norbat Skrevet 16. juli 2009 Del Skrevet 16. juli 2009 Hvis loggen er laget etter at du fjernet MSN Plus!, så gjør du følgende: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\Tasks\80E20BFA886980EA.job Folder:: c:\documents and settings\ruka2705\Programdata\This log c:\documents and settings\All Users\Programdata\Poke admin tons bike c:\programfiler\This log Lenke til kommentar
Bruker-158599 Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 Jeg ser at det er satt til løst. Er problemet borte? I så fall, må du fjerne combofix. Gå på start-->kjør(run) og skriv inn " combofix /u " Legg merke til mellom rommet mellom x og /u . Så trykker du på ok. Har du vista så søker du etter kjør eller run. Det hadde kanskje vært greit med en siste combofix logg.??? Eller? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå