r2d290 Skrevet 29. mai 2008 Del Skrevet 29. mai 2008 (endret) Til snippsat/norbat: Jeg har ordnet opp i hijackthis for mona14. Loggene viser fortsatt at linjene er der (det popper opp en gammel logg), men programmet viser ikke lenger disse linjene. Alle linjene jeg har kommentert ovenfor er nå borte (to av O4-linjene er fixet fra sikkerhetsmodus). Jeg har bedt brukeren om å kjøre ccleaner og SAS (sas-logg blir postet her). Har også bedt bruker om å installere comodo FW. Er det noe mer jeg har oversett? Endret 30. mai 2008 av r2d290 Lenke til kommentar
mona14 Skrevet 30. mai 2008 Del Skrevet 30. mai 2008 SAS logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/30/2008 at 04:32 PM Application Version : 4.1.1046 Core Rules Database Version : 3471 Trace Rules Database Version: 1462 Scan type : Complete Scan Total Scan Time : 00:15:33 Memory items scanned : 737 Memory threats detected : 0 Registry items scanned : 6970 Registry threats detected : 1 File items scanned : 18208 File threats detected : 50 Adware.Tracking Cookie C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@serving-sys[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@adbrite[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@tradedoubler[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@2o7[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@advertising[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@doubleclick[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@atdmt[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@clickbank[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@apmebf[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@adtech[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@imrworldwide[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@revsci[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@adnetserver[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@doubleclick[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@indexstats[2].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@nobullxxxvids[1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\Low\lene@tribalfusion[1].txt Adware.Vundo Variant/Rel HKU\S-1-5-21-4128802225-1587188728-665397840-1000\Software\Microsoft\rdfa Rogue.SpyShredder-Installer C:\USERS\LENE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3M6FK0PH\FILE[1].EXE C:\USERS\LENE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\J86X50G0\FILE[1].EXE C:\Windows\Prefetch\FILE[1].EXE-28F975B4.pf C:\Windows\Prefetch\FILE[1].EXE-AE719CA3.pf Lenke til kommentar
mona14 Skrevet 30. mai 2008 Del Skrevet 30. mai 2008 Da ser det ut til at problemet er løst. Tusen takk for all hjelp "r2d290" - Se ikke bort ifra at jeg kommer tilbake : ) Lenke til kommentar
Shoo Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 Ser ut som om norbat har stukket fra tråden. Hehe. lknight, du blir vel plaget av tilfeldige pop-ups, sant? Ser det på loggene at det er en del snusk der som gjør at du muligens blir plaget av det, men har ikke nok kunnskap til å foreslå hva du skal fjerne, så du får bare vente til norbat (eller noen andre kyndige) har scannet loggen din. Lykke til! Lenke til kommentar
norbat Skrevet 31. mai 2008 Forfatter Del Skrevet 31. mai 2008 Iknight: Opprett en egen tråd (klikk Nytt Emne-knappen) og kopier og lim inn loggene dine der. Det er lett at poster forsvinner når den ligger i en tråd som denne Lenke til kommentar
dxl200 Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 Problemer me spyware og pop-ups... Her er loggen fra hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12, on 2008-05-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Programfiler\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\HIMO\Skrivebord\New Folder\SUPERAntiSpyware.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programfiler\Symantec\LiveUpdate\AUPDATE.EXE C:\Documents and Settings\HIMO\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: {1ca98fe9-4156-014a-4a04-3b9f9d24f1b0} - {0b1f42d9-f9b3-40a4-a410-65149ef89ac1} - C:\WINDOWS\system32\fyaovdpv.dll (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [LManager] C:\Programfiler\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\HIMO\Skrivebord\New Folder\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: DirectEdit - https://www.itslearning.com/file/DirectEdit.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTSUEng.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\HIMO\Skrivebord\New Folder\SASWINLO.dll O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - (no file) O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7937 bytes Jeg er forholdsvis noob på dette, så hjelp må være tydelig... Vær så snill hjelp!!! Lenke til kommentar
r2d290 Skrevet 31. mai 2008 Del Skrevet 31. mai 2008 mens jeg ser over loggen din, kan du kopiere loggen din, og lime den inn i et nytt emne på forumet. Som norbat sier: det er litt at postene blir borte i mengden hvis du ikke gjør det, og ting blir mye ryddigere hvis du har din egen tråd Lenke til kommentar
GLN Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Tok en rensing på bror min sin pc med mye virus osv, kom borti mange program jeg ikke har brukt før. Så legger bare ut en hijackthis logg her, for å se om min pc har mye skitt å by på. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:52:40, on 10.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS2\System32\smss.exe E:\WINDOWS2\system32\winlogon.exe E:\WINDOWS2\system32\services.exe E:\WINDOWS2\system32\lsass.exe E:\WINDOWS2\system32\svchost.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe E:\WINDOWS2\Explorer.EXE E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe E:\WINDOWS2\system32\spoolsv.exe e:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe E:\WINDOWS2\SOUNDMAN.EXE E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe E:\WINDOWS2\system32\RUNDLL32.EXE E:\Programfiler\iTunes\iTunesHelper.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe E:\Programfiler\Logitech\QuickCam\Quickcam.exe E:\WINDOWS2\system32\LVCOMSX.EXE E:\Programfiler\Logitech\Video\LogiTray.exe E:\Programfiler\Corel\Corel Snapfire\Corel Photo Downloader.exe E:\Programfiler\PowerISO\PWRISOVM.EXE E:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe E:\WINDOWS2\system32\rundll32.exe E:\Programfiler\Logitech\Video\FxSvr2.exe E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\WINDOWS2\system32\CTsvcCDA.exe E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe E:\WINDOWS2\system32\nvsvc32.exe E:\WINDOWS2\system32\ctfmon.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe E:\Programfiler\Canon\CAL\CALMAIN.exe E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programfiler\iPod\bin\iPodService.exe E:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\wbem\wmiapsrv.exe E:\Programfiler\MSN Messenger\msnmsgr.exe E:\Programfiler\MSN Messenger\usnsvc.exe E:\Programfiler\Mozilla Firefox\firefox.exe E:\Programfiler\Valve\Steam\Steam.exe E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe E:\WINDOWS2\system32\wuauclt.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS2\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS2\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Corel Photo Downloader] E:\Programfiler\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [symantec PIF AlertEng] "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS2\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LVCOMSer - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - e:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMIndexingService - Nero AG - E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS2\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10717 bytes Lenke til kommentar
norbat Skrevet 10. juni 2008 Forfatter Del Skrevet 10. juni 2008 pirja: HJT-loggen viser kun denne linja: O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe Du kan fix den vha. hjt (sett merke framfor linja og klikk Fix checked. Du kan god kjøre en runde med combofix. Den logge kan vise om det fortsatt ligger noe på PC-en som skal vekk: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
kristianO Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Noen som har lyst til å sjekke HJT logg? Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:55:37, on 12.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Winamp\winamp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE G:\Programvare\Virus_spyware program\HiJackThis\test.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6465 bytes Lenke til kommentar
norbat Skrevet 12. juni 2008 Forfatter Del Skrevet 12. juni 2008 (endret) KristianOo Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O20 - AppInit_DLLs: Disse skader det heller ikke å fixe: O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) Det finnes en nyere java-versjon Ut over dette ser loggen fin ut. Endret 12. juni 2008 av norbat Lenke til kommentar
GLN Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Hvordan kan du se rusk i en sånn logg? Hva ser du etter? Tenker på å søke igjennom flere pcer, så blir det vel litt mye å poste alle loggene her? Vis jeg kan gjøre det selv. Lenke til kommentar
r2d290 Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Hvordan kan du se rusk i en sånn logg? Hva ser du etter? Tenker på å søke igjennom flere pcer, så blir det vel litt mye å poste alle loggene her? Vis jeg kan gjøre det selv. Sender deg pm Lenke til kommentar
kristianO Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 Takker for hjelp. Har en logg nr.2 fra en annen pc, om du hadde giddi å sjekket den. Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:56:03, on 13.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programfiler\Dell\OpenManage\Client\Iap.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\I8kfanGUI\I8kfanGUI.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\Apoint\ApMsgFwd.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\Apoint\HidFind.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe D:\HiJackThis\test.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fronter.com/aust-agdervgs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Programfiler\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 O4 - HKLM\..\Run: [Document Manager] C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Programfiler\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Programfiler\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [i8kfangui] C:\Programfiler\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204541977732 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Iap - Dell Inc. - C:\Programfiler\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programfiler\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Programfiler\Windows Defender\MsMpEng.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8953 bytes Lenke til kommentar
norbat Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 KristianOo: Ser fin ut, den Oppdater gjerne java'en på den også. Lenke til kommentar
haakka Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:07 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\LClock\LClock.exe F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\WINDOWS\system32\rundll32.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\Program Files\DAEMON Tools\daemon.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\Program Files\Launchy\Launchy.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE F:\WINDOWS\system32\svchost.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\iTunes\iTunes.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe F:\Program Files\Opera\opera.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://norwegian.ircfast2.com/index.php?mi...=44577&c=US R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [ATIPTA] "F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sideWinderTrayV4] F:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DelayLoad] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msprint.exe O4 - HKLM\..\Run: [94a8d052] rundll32.exe "F:\WINDOWS\system32\axtuannm.dll",b O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB3547] command /c del "F:\WINDOWS\system32\urqPgDTL.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD5064] cmd /c del "F:\WINDOWS\system32\urqPgDTL.dll" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O21 - SSODL: vregfwlx - {7A72B31E-9D61-4E2D-9DE2-A9771BC00C6E} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- End of file - 6648 bytes Lenke til kommentar
norbat Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 haakka: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
haakka Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 ComboFix 08-06-11.3 - Administrator 2008-06-13 13:18:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.283 [GMT 2:00] Running from: F:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\WINDOWS\system32\axtuannm.dll F:\WINDOWS\system32\eyggmjdj.ini F:\WINDOWS\system32\GQruuvut.ini F:\WINDOWS\system32\GQruuvut.ini2 F:\WINDOWS\system32\iQqAyJlm.ini F:\WINDOWS\system32\iQqAyJlm.ini2 F:\WINDOWS\system32\jdjmggye.dll F:\WINDOWS\system32\klqdlbkj.ini F:\WINDOWS\system32\LTDgPqru.ini F:\WINDOWS\system32\LTDgPqru.ini2 F:\WINDOWS\system32\mjpqjhjw.ini F:\WINDOWS\system32\mlJyAqQi.dll F:\WINDOWS\system32\mnnautxa.ini F:\WINDOWS\system32\mrpyqjda.ini F:\WINDOWS\system32\pmnkHYrr.dll F:\WINDOWS\system32\rpgngqlw.ini F:\WINDOWS\system32\usggmrcv.ini F:\WINDOWS\system32\vcrmggsu.dll F:\WINDOWS\system32\wjhjqpjm.dll . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-13 12:10 . 2008-06-13 12:10 <DIR> d-------- F:\Program Files\Trend Micro 2008-06-13 11:37 . 2008-06-13 11:37 <DIR> d-------- F:\Program Files\Apple Software Update 2008-06-08 23:07 . 2004-08-04 00:56 159,232 --a------ F:\WINDOWS\system32\ptpusd.dll 2008-06-08 23:07 . 2001-08-17 22:36 5,632 --a------ F:\WINDOWS\system32\ptpusb.dll 2008-06-05 13:29 . 2008-06-05 13:29 91 --a------ F:\WINDOWS\wininit.ini 2008-06-03 16:19 . 2004-08-03 22:58 15,104 --a------ F:\WINDOWS\system32\drivers\usbscan.sys 2008-06-03 16:15 . 2008-06-03 16:15 <DIR> d-------- F:\Program Files\Canon 2008-06-03 16:15 . 2003-07-23 14:18 159,744 --a------ F:\WINDOWS\system32\CNDUK170.dll 2008-06-03 16:15 . 2003-07-24 19:45 81,920 --a------ F:\WINDOWS\system32\PSCLK170.dll 2008-06-03 16:15 . 2003-07-23 14:18 81,920 --a------ F:\WINDOWS\system32\CNDCK170.dll 2008-06-03 16:15 . 2003-07-23 16:27 40,960 --a------ F:\WINDOWS\system32\CNDNDlg.exe 2008-06-02 02:50 . 2008-06-02 02:50 <DIR> d-------- F:\WINDOWS\Sun 2008-06-01 18:54 . 2008-02-22 02:33 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl 2008-06-01 18:52 . 2008-06-01 18:52 <DIR> d-------- F:\Program Files\ordrumbox 2008-05-28 00:16 . 2008-05-28 00:27 <DIR> d-------- F:\Program Files\Monopoly 3 2008-05-27 23:57 . 2008-05-28 00:16 <DIR> d-------- F:\Documents and Settings\Administrator\Application Data\GetRightToGo 2008-05-26 13:57 . 2008-06-13 13:23 54,156 --ah----- F:\WINDOWS\QTFont.qfn 2008-05-26 13:57 . 2008-05-26 13:57 1,409 --a------ F:\WINDOWS\QTFont.for 2008-05-26 13:53 . 2008-05-26 13:53 <DIR> d-------- F:\Program Files\iTunes 2008-05-26 13:53 . 2008-05-26 13:53 <DIR> d-------- F:\Program Files\iPod 2008-05-26 13:53 . 2008-05-26 13:53 <DIR> d-------- F:\Program Files\Bonjour 2008-05-26 13:53 . 2008-05-26 13:53 <DIR> d-------- F:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-05-26 13:52 . 2008-05-26 13:53 <DIR> d-------- F:\Program Files\QuickTime 2008-05-26 13:52 . 2008-05-26 13:52 <DIR> d-------- F:\Program Files\Common Files\Apple 2008-05-26 13:52 . 2008-05-26 13:53 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-26 13:52 . 2008-05-26 13:52 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple 2008-05-26 13:52 . 2008-02-18 11:16 30,464 --a------ F:\WINDOWS\system32\drivers\usbaapl.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 09:50 --------- d-----w F:\Documents and Settings\Administrator\Application Data\uTorrent 2008-06-13 09:43 --------- d-----w F:\Documents and Settings\Administrator\Application Data\foobar2000 2008-06-13 06:49 --------- d-----w F:\Documents and Settings\Administrator\Application Data\AVG7 2008-06-11 16:02 --------- d-----w F:\Program Files\Opera 2008-06-03 14:15 --------- d--h--w F:\Program Files\InstallShield Installation Information 2008-06-03 14:14 --------- d-----w F:\Program Files\Common Files\InstallShield 2008-06-03 12:55 --------- d-----w F:\Program Files\Java 2008-05-27 23:04 --------- d---a-w F:\Documents and Settings\All Users\Application Data\TEMP 2008-05-17 22:21 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-30 14:29 0 ---ha-w F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-30 14:29 0 ---ha-w F:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-04-30 14:29 0 ---ha-w F:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-30 14:29 --------- d-----w F:\Documents and Settings\All Users\Application Data\LogiShrd 2008-04-30 14:29 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Logitech 2008-04-30 14:28 --------- d-----w F:\Program Files\Common Files\Logishrd 2008-04-30 14:28 --------- d-----w F:\Documents and Settings\All Users\Application Data\Logitech 2008-04-30 14:27 --------- d-----w F:\Program Files\Logitech 2008-04-30 14:27 --------- d-----w F:\Documents and Settings\Administrator\Application Data\InstallShield 2008-04-23 13:57 --------- d-----w F:\Program Files\Lavasoft 2008-04-23 13:55 --------- d-----w F:\Program Files\EULAlyzer 2008-04-23 13:53 --------- d-----w F:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-23 13:52 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard 2008-04-23 13:51 --------- d-----w F:\Program Files\Eusing Free Registry Cleaner 2008-04-23 13:48 --------- d-----w F:\Program Files\Spybot - Search & Destroy 2008-04-23 13:14 --------- d-----w F:\Program Files\MSXML 6.0 2008-04-23 13:08 --------- d-----w F:\Program Files\Launchy 2008-04-23 13:04 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Launchy 2008-04-23 12:30 --------- d-----w F:\Program Files\Google 2008-04-23 12:30 --------- d-----w F:\Program Files\Commandos II 2008-04-23 01:08 --------- d-----w F:\Program Files\MSBuild 2008-04-23 01:06 --------- d-----w F:\Program Files\Reference Assemblies 2008-04-22 23:58 --------- d-----w F:\Program Files\foobar2000 2008-04-22 17:30 --------- d-----w F:\Program Files\PeerGuardian2 2008-04-19 19:10 --------- d-----w F:\Documents and Settings\All Users\Application Data\TrackMania 2008-04-16 13:03 --------- d-----w F:\Program Files\TmNationsForever 2008-04-13 18:17 107,888 ----a-w F:\WINDOWS\system32\CmdLineExt.dll 2008-04-13 18:17 --------- d--h--r F:\Documents and Settings\Administrator\Application Data\SecuROM 2008-03-27 08:12 151,583 ----a-w F:\WINDOWS\system32\msjint40.dll 2008-03-19 09:40 1,845,888 ----a-w F:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BB07DEF-FB3D-4E49-AEB6-89773CA08F3A}] F:\WINDOWS\system32\urqPgDTL.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{948ED74F-0B10-4453-AE31-2AF8B87A2692}] F:\WINDOWS\system32\tuvuurQG.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D708B23A-8C56-442F-9FD7-6237FC253E46}] F:\WINDOWS\boqnrwdmsvr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-04-23 15:38 5724184] "DAEMON Tools"="F:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360] "SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB3547"="command /c del F:\WINDOWS\system32\urqPgDTL.dll" [ ] "SpybotDeletingD5064"="cmd /c del F:\WINDOWS\system32\urqPgDTL.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 15:45 90112 F:\WINDOWS\SOUNDMAN.EXE] "LClock"="F:\Program Files\LClock\LClock.exe" [2004-09-19 12:27 65536] "ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 21:05 344064] "NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-23 08:27 579584] "SideWinderTrayV4"="F:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe" [1999-07-04 01:37 24650] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 F:\WINDOWS\KHALMNPR.Exe] "QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "94a8d052"="F:\WINDOWS\system32\wlqgngpr.dll" [ ] "DelayLoad"="F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msprint.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 18:11 219136] F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Launchy.lnk - F:\Program Files\Launchy\Launchy.exe [2008-04-23 15:08:05 274432] Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-30 16:28:12 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 f:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHYrr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\djP27.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "F:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "F:\\Program Files\\uTorrent\\uTorrent.exe"= "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "F:\\Program Files\\TmNationsForever\\TmForever.exe"= "F:\\Program Files\\Bonjour\\mDNSResponder.exe"= "F:\\Program Files\\iTunes\\iTunes.exe"= R0 nvcchflt;NVIDIA Disk Cache Filter Driver;F:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11] R3 portio;WinPic800 IO Drivers;F:\WINDOWS\system32\DRIVERS\WP800IO.sys [2007-08-26 10:51] S0 djP27;djP27;F:\WINDOWS\system32\Drivers\djP27.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09fc6182-946b-11dc-9688-001109288d5e}] \Shell\AutoRun\command - K:\Installer.exe . Contents of the 'Scheduled Tasks' folder "2008-06-13 09:37:58 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - F:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 13:22:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . F:\WINDOWS\system32\ati2evxx.exe F:\WINDOWS\system32\ati2evxx.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\iTunes\iTunes.exe F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe . ************************************************************************** . Completion time: 2008-06-13 13:28:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 11:27:57 Pre-Run: 2,956,603,392 bytes free Post-Run: 4,151,812,096 bytes free 209 --- E O F --- 2008-05-17 01:06:52 Lenke til kommentar
norbat Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 (endret) Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere og poste du sammen med ny HJT-logg. Endret 13. juni 2008 av norbat Lenke til kommentar
haakka Skrevet 14. juni 2008 Del Skrevet 14. juni 2008 (endret) HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:01:45 PM, on 6/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\LClock\LClock.exe F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\Program Files\DAEMON Tools\daemon.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\Program Files\Launchy\Launchy.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE F:\WINDOWS\system32\svchost.exe F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe F:\Program Files\Opera\opera.exe F:\Program Files\foobar2000\foobar2000.exe F:\PROGRA~1\Grisoft\AVG7\avgwb.dat F:\WINDOWS\system32\NOTEPAD.EXE F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://norwegian.ircfast2.com/index.php?mi...=44577&c=US R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7BB07DEF-FB3D-4E49-AEB6-89773CA08F3A} - F:\WINDOWS\system32\urqPgDTL.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {948ED74F-0B10-4453-AE31-2AF8B87A2692} - F:\WINDOWS\system32\tuvuurQG.dll (file missing) O2 - BHO: QXK Olive - {D708B23A-8C56-442F-9FD7-6237FC253E46} - F:\WINDOWS\boqnrwdmsvr.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [ATIPTA] "F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sideWinderTrayV4] F:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [94a8d052] rundll32.exe "F:\WINDOWS\system32\wlqgngpr.dll",b O4 - HKLM\..\Run: [DelayLoad] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msprint.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB3547] command /c del "F:\WINDOWS\system32\urqPgDTL.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD5064] cmd /c del "F:\WINDOWS\system32\urqPgDTL.dll" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Launchy.lnk = F:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: pmnkHYrr - F:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- End of file - 7648 bytes Malvarebytes Malwarebytes' Anti-Malware 1.17 Database versjon: 853 3:01:07 PM 6/14/2008 mbam-log-6-14-2008 (15-01-07).txt Skann type: Full Skann (C:\|F:\|H:\|J:\|) Objekter skannet: 111417 Tid tilbakelagt: 24 minute(s), 28 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\DelayLoad (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94a8d052 (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 14. juni 2008 av haakka Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå