r2d290 Skrevet 13. august 2008 Del Skrevet 13. august 2008 (endret) Dj6230: Hei og velkommer til forumet. Du kan fjerne denne: C:\WINDOWS2\system32\lchdiqcs.exe Du har ikke fått med deg hele combofix-loggen. Prøv igjen Endret 13. august 2008 av r2d290 Lenke til kommentar
dj6230 Skrevet 13. august 2008 Del Skrevet 13. august 2008 Hei, takk. Combofix ble abrutt på grunn av SAS, skal prøve igjen uten SAS. Lenke til kommentar
Theecurtains Skrevet 14. august 2008 Del Skrevet 14. august 2008 Hallo. I et svakt øyeblikk her om dagen greide jeg det store, å laste ned en sannsynligvis infisert .srt fil. Symptomene var popups på IE7. Kjører full Normanpakke som ikke reagerte overhodet, med lastet ned en annen scanner,PCdoctor e.l., som fant et Vundovirus ,Virtuvundo. DET viser seg å være relativt vanskelig å bli kvitt...Har gjort det som står i første post,men sliter med to ting: Rename Hijackthis ,og etter at jeg begynte å jobbe med å få viruset bort,kommer jeg heller ikke på nett med browser lengre. Men mail,oppdatere SAS osv, funker. Har tatt hele pcen av nett,etter å ha lest meg opp på hva den kan gjøre. Dessuten begynner PCen å henge ved noen av SAS-kjøringene.En annen ting jeg ikke får til er å slå av Norman så mye at den ikke tar den testfilen til Combofix. Har vært ivrig bruker av forumet i en årrekke,men jeg greide ikke å logge meg på med min gamle konto. Så derfor måtte jeg lage en ny,da jeg heller ikke fikk til å kontaktet noen. Håper noen har lyst til å prøve seg på denne. Takk. Jokis. Lenke til kommentar
Xarus Skrevet 14. august 2008 Del Skrevet 14. august 2008 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/14/2008 at 05:00 PM Application Version : 4.0.1154 Core Rules Database Version : 3302 Trace Rules Database Version: 1308 Scan type : Complete Scan Total Scan Time : 00:17:43 Memory items scanned : 481 Memory threats detected : 0 Registry items scanned : 5090 Registry threats detected : 0 File items scanned : 19479 File threats detected : 17 Adware.Tracking Cookie C:\Documents and Settings\Sindre\Cookies\sindre@mediaplex[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@serving-sys[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@apmebf[1].txt C:\Documents and Settings\Sindre\Cookies\[email protected][2].txt C:\Documents and Settings\Sindre\Cookies\sindre@adlegend[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@atdmt[2].txt C:\Documents and Settings\Sindre\Cookies\[email protected][1].txt C:\Documents and Settings\Sindre\Cookies\[email protected][1].txt C:\Documents and Settings\Sindre\Cookies\[email protected][2].txt C:\Documents and Settings\Sindre\Cookies\sindre@advertising[1].txt C:\Documents and Settings\Sindre\Cookies\sindre@indexstats[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@doubleclick[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@tradedoubler[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@toplist[1].txt C:\Documents and Settings\Sindre\Cookies\sindre@adtech[1].txt C:\Documents and Settings\Sindre\Cookies\sindre@imrworldwide[2].txt C:\Documents and Settings\Sindre\Cookies\sindre@serving-sys[1].txt Logfile of HijackThis v1.99.1 Scan saved at 16:41:21, on 14.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe C:\Programfiler\SAV\sav.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\programfiler\valve\steam\steam.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Skyr@cer Pro Utility\WLANPRO.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\Programfiler\Dell Wireless\PRISMCFG.exe C:\Programfiler\Xfire\Xfire.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sindre\Mine dokumenter\Skrivebord\Spyware\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb106\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb106\Dealio.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [iSUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler O4 - HKLM\..\Run: [Antivirus] C:\Programfiler\SAV\sav.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb106\res\DealioSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb106\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE COMBOFIX log: Running from: C:\Documents and Settings\Sindre\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\#SharedObjects\NY33T7AX\interclick.com C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\#SharedObjects\NY33T7AX\interclick.com\ud.sol C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Sindre\Programdata\ShoppingReport C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\Config.xml C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\res1\WhiteList.dbs C:\Programfiler\ShoppingReport C:\Programfiler\ShoppingReport\Uninst.exe C:\WINDOWS\system32\__c003E872.dat C:\WINDOWS\system32\__c00E1948.exe C:\WINDOWS\system32\__c00FEFD8.dat C:\WINDOWS\system32\~.exe . ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))) . 2008-08-14 04:19 . 2008-08-14 04:19 <DIR> d-------- C:\Programfiler\SAV 2008-08-14 04:19 . 2008-08-13 19:10 168,448 --a------ C:\WINDOWS\SYSTEM32\sav.cpl 2008-08-14 00:00 . 2008-08-14 00:02 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll 2008-08-05 20:55 . 2008-08-05 20:55 <DIR> d-------- C:\Programfiler\Sun 2008-07-17 02:59 . 2008-08-08 18:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-17 02:59 . 2008-07-17 02:59 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 20:58 --------- d-s---w C:\Programfiler\Xfire 2008-08-13 01:08 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Azureus 2008-08-11 22:17 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Xfire 2008-08-06 18:46 --------- d-----w C:\Documents and Settings\Sindre\Programdata\mIRC 2008-08-06 16:01 --------- d-----w C:\Programfiler\mIRC 2008-08-05 18:55 --------- d-----w C:\Programfiler\Java 2008-07-16 13:13 --------- d-----w C:\Programfiler\LimeWire 2008-07-13 18:48 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-13 18:48 --------- d-----w C:\Programfiler\AGEIA Technologies 2008-07-13 14:20 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-06-28 14:34 --------- d-----w C:\Programfiler\MyXOFT 2008-06-28 14:06 --------- d-----w C:\Documents and Settings\Sindre\Programdata\NCH Software 2008-06-28 14:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Software 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2006-05-06 16:42 7,260,160 ----a-w C:\Programfiler\mozilla firefox\plugins\libvlc.dll 2006-09-25 19:21 88 --sh--r C:\WINDOWS\SYSTEM32\233505DF60.sys 2006-09-25 19:21 3,766 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-06-12 21:46 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Steam"="c:\programfiler\valve\steam\steam.exe" [2008-03-28 19:52 1271032] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 12:21 67128] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-27 18:44 1481968] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480] "IAAnotif"="C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168] "CTSysVol"="C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 18:34 213936] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960] "Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 10:59 245760] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941] "QuickTime Task"="C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-07-11 14:50 282624] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-07-29 13:07 188416] "au"="C:\Programfiler\Dealio\DealioAU.exe" [2007-06-27 12:46 238936] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-16 00:54 37376] "ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Antivirus"="C:\Programfiler\SAV\sav.exe" [2008-08-13 19:40 399360] "P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Sindre\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] Xfire.lnk - C:\Programfiler\Xfire\Xfire.exe [2008-08-06 02:26:38 3065168] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 12:21:09 67128] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-05-18 16:10:42 434176] Skyr@cer Pro PCI 154 Configuration Utility.lnk - C:\Programfiler\Skyr@cer Pro Utility\WLANPRO.exe [2005-06-16 12:39:14 2502656] WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2005-09-20 17:28:40 106560] Wireless USB 2.0 WLAN Card Utility.lnk - C:\Programfiler\Dell Wireless\PRISMCFG.exe [2007-06-27 18:59:24 921704] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL] 2005-12-22 20:08 450646 C:\WINDOWS\SYSTEM32\PRISMAPI.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Valve\\Steam\\Steam.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\afselius\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\arning130\\counter-strike\\hl.exe"= "C:\\Documents and Settings\\Sindre\\Mine dokumenter\\programmer\\utorrent.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\Programfiler\\Xfire\\Xfire.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\oliverfrydenberg\\counter-strike\\hl.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\oliverfrydenberg\\half-life\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\torbratberg\\counter-strike\\hl.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\jelelfan\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\afselius\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R2 IAANTMon;IAA Event Monitor;C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 12:22] R2 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2005-12-22 20:21] S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43] . - - - - ORPHANS REMOVED - - - - HKCU-Run-VoipBuster - C:\Programfiler\VoipBuster.com\VoipBuster\VoipBuster.exe HKCU-Run-BitTorrent - C:\Programfiler\BitTorrent\bittorrent.exe HKU-Default-Run-Picasa Media Detector - C:\Programfiler\Picasa2\PicasaMediaDetector.exe Notify-__c00FEFD8 - C:\WINDOWS\system32\__c00FEFD8.dat . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Sindre\Programdata\Mozilla\Firefox\Profiles\g8vpeb44.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 16:32:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Application Accelerator\\iaanotif.exe" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE C:\WINDOWS\SYSTEM32\nvsvc32.exe C:\WINDOWS\SYSTEM32\PnkBstrA.exe C:\WINDOWS\SYSTEM32\MsPMSPSv.exe C:\WINDOWS\SYSTEM32\USERINIT.EXE C:\WINDOWS\SYSTEM32\PRISMSVR.exe C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\WinZip\WZQKPICK.EXE . ************************************************************************** . Completion time: 2008-08-14 16:37:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-14 14:37:03 ComboFix2.txt 2008-04-27 20:49:44 Pre-Run: 62,699,810,816 byte ledig Post-Run: 62,767,263,744 byte ledig 201 --- E O F --- 2008-08-13 22:02:48 Lenke til kommentar
r2d290 Skrevet 14. august 2008 Del Skrevet 14. august 2008 Xarus: ser ut til at du har blitt hjulpet i en annen tråd Lenke til kommentar
Xarus Skrevet 14. august 2008 Del Skrevet 14. august 2008 Xarus: ser ut til at du har blitt hjulpet i en annen tråd Hehe, ja. Lagde ny topic, men så fant jeg ut at jeg skulle ha postet det her. Så.... Men problemet er fixa, så bare ignorer posten min:) Lenke til kommentar
Piddy Skrevet 15. august 2008 Del Skrevet 15. august 2008 Hei, jeg har Vista, og får da ikke kjørt Combofix, så vi glemmer det. Min msn sender meldinger automatisk til folk. Kan noen sjekke HJT loggen min? Forresten, jeg kjørte HJT som admin, men den får fremdeles ikke tilgang til hosts. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:09:44 PM, on 8/15/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\FeedReader30\feedreader.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\V0230Mon.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Users\Piddy\AppData\Local\Temp\lsass.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\apvxdwin.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\WebProxy.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavBckPT.exe C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\avciman.exe C:\Users\Piddy\Desktop\Hijackthis\jaujau.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [sYSTEM.rt32] C:\Users\Piddy\AppData\Local\Temp\lsass.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\Inicio.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader30\feedreader.exe" O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\Bin\Servicing.9.3103.9\MoeMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Nedlasting alle med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: Nedlasting med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Nedlasting valgte med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\pavsrvx86.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files (x86)\panda security\panda internet security 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PskSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\TPSrvWow.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- Lenke til kommentar
norbat Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 Piddy: Du får ikke kjørt Combofix fordi du har en 64 bits-versjon av Vista, dessverre. Du kan gjøre følgende: Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste senere. Punkt 2: Hent Decard,legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt) som du kopierer og limer inn i din neste post sammen med loggen fra Malwarebytes Anti-Malware + ny Hijackthis-logg. Lenke til kommentar
Linkage Skrevet 15. august 2008 Del Skrevet 15. august 2008 (endret) Hei, kan noen ta en titt på disse loggene? Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-14.05 - Petter 2008-08-15 21:16:51.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.462 [GMT 2:00] Running from: C:\Documents and Settings\Petter\Mine dokumenter\harry\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@harddiskvakt[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\baard@classmates[3].txt C:\Documents and Settings\Baard\Cookies\baard@harddiskvakt[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@real[2].txt C:\Documents and Settings\Baard\Cookies\baard@real[3].txt C:\Documents and Settings\Baard\Cookies\baard@symantecstore[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\iforex.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\interclick.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\interclick.com\ud.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\iforex.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\interclick.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\interclick.com\ud.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\BM0a6725ef.txt C:\WINDOWS\BM0a6725ef.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\agwmrjwu.dll C:\WINDOWS\system32\bbufuswm.dll C:\WINDOWS\system32\bfhgrkmu.ini C:\WINDOWS\system32\boqgdtgr.dll C:\WINDOWS\system32\cfnogbpw.dll C:\WINDOWS\system32\cmkfhtjc.dll C:\WINDOWS\system32\DcIhQqru.ini C:\WINDOWS\system32\DcIhQqru.ini2 C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dujckypp.exe C:\WINDOWS\system32\ehbapvbf.dll C:\WINDOWS\system32\estvot.dll C:\WINDOWS\system32\fgfethrx.dll C:\WINDOWS\system32\gdwjnrtn.ini C:\WINDOWS\system32\gtkwsftt.exe C:\WINDOWS\system32\gvhtuumw.ini C:\WINDOWS\system32\gyvndluh.ini C:\WINDOWS\system32\hbirpm.dll C:\WINDOWS\system32\hdrwfwnc.dll C:\WINDOWS\system32\hpcebxcu.dll C:\WINDOWS\system32\ijjvnfvg.exe C:\WINDOWS\system32\ionnmbje.dll C:\WINDOWS\system32\jdfilwyd.dll C:\WINDOWS\system32\jmuduxjd.dll C:\WINDOWS\system32\jvmxtwde.dll C:\WINDOWS\system32\kbtiyrnd.dll C:\WINDOWS\system32\kmcvqvfv.dll C:\WINDOWS\system32\lamolwfi.exe C:\WINDOWS\system32\lqylnbbn.dll C:\WINDOWS\system32\lztqnj.dll C:\WINDOWS\system32\mrvmabgo.dll C:\WINDOWS\system32\mtdypuvt.dll C:\WINDOWS\system32\nfyskvhp.ini C:\WINDOWS\system32\nkfsgitw.dll C:\WINDOWS\system32\oekdcwoh.dll C:\WINDOWS\system32\ohddtjou.ini C:\WINDOWS\system32\olqeiqgg.ini C:\WINDOWS\system32\ovdmccks.exe C:\WINDOWS\system32\ovkssh.dll C:\WINDOWS\system32\oysptgaa.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pahmvdhi.dll C:\WINDOWS\system32\pdrabcjb.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\qdjqmepw.dll C:\WINDOWS\system32\qeahrfhx.dll C:\WINDOWS\system32\qixbgbce.dll C:\WINDOWS\system32\qkapgndl.dll C:\WINDOWS\system32\qwfhrk.dll C:\WINDOWS\system32\qwvsmjgg.dll C:\WINDOWS\system32\rdjjgk.dll C:\WINDOWS\system32\rgtdgqob.ini C:\WINDOWS\system32\rgucurvp.exe C:\WINDOWS\system32\ricmgnxt.dll C:\WINDOWS\system32\rmpedkee.dll C:\WINDOWS\system32\robsmm.dll C:\WINDOWS\system32\rwbsndof.dll C:\WINDOWS\system32\rwkgiefi.dll C:\WINDOWS\system32\uglfpyyx.exe C:\WINDOWS\system32\uojtddho.dll C:\WINDOWS\system32\uxmsyeyc.ini C:\WINDOWS\system32\vaumsscs.dll C:\WINDOWS\system32\vboluhrw.dll C:\WINDOWS\system32\VFffLRqr.ini C:\WINDOWS\system32\VFffLRqr.ini2 C:\WINDOWS\system32\vocyeo.dll C:\WINDOWS\system32\vyhepwqi.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wjjwyurf.exe C:\WINDOWS\system32\wlvpqmtc.dll C:\WINDOWS\system32\wpbgonfc.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wqsfwe.dll C:\WINDOWS\system32\wvlnsx.dll C:\WINDOWS\system32\xrirlo.dll C:\WINDOWS\system32\xuhxjnjj.dll C:\WINDOWS\system32\xxmfcngl.dll C:\WINDOWS\system32\yFghgfii.ini C:\WINDOWS\system32\yFghgfii.ini2 C:\WINDOWS\system32\yjhgordk.ini C:\WINDOWS\system32\ynwddpqb.dll C:\WINDOWS\system32\yskbvpxs.dll C:\WINDOWS\system32\zdakzo.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-15 19:57 . 2008-08-15 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-15 19:53 . 2008-08-15 19:53 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-08-15 19:52 . 2008-08-15 19:52 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-15 19:51 . 2008-08-15 19:51 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-12 17:11 . 2008-08-12 17:11 <DIR> d--hs---- C:\FOUND.075 2008-08-11 21:09 . 2008-08-15 19:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 21:09 . 2008-08-11 21:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-10 19:24 . 2008-08-10 19:24 <DIR> d--hs---- C:\FOUND.074 2008-07-27 11:44 . 2008-08-02 16:07 414 ---hs---- C:\WINDOWS\system32\hhewdogv.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 14:09 --------- d-----w C:\Programfiler\Mindscape 2008-06-21 09:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-21 09:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-21 09:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-21 09:17 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-19 12:44 94,208 ----a-w C:\WINDOWS\DUMP4286.tmp 2008-05-19 12:39 94,208 ----a-w C:\WINDOWS\DUMP8760.tmp 2007-08-02 16:13 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2007-11-08 15:05 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-08 15:05 56 --sh--r C:\WINDOWS\system32\90BE820EF0.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:20 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 17:11 458752] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-12 11:30 53408] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-09-10 08:03 180269] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 20:31 1838592] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "EverioService"="C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 21:10 151552] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MATH DOES FIRST MODE"="C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe" [2008-08-15 21:26 4909568] "RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-02 14:30:42 618557] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\EverioService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1496:UDP"= 1496:UDP:Windows Media Format SDK (iexplore.exe) "1497:UDP"= 1497:UDP:Windows Media Format SDK (iexplore.exe) R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Baard.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2008-05-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-08-15 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - BHO-{1ff73ac2-92a6-48d0-bb8c-515fd57c7c62} - C:\WINDOWS\system32\dasora.dll HKLM-Run-09541673 - C:\WINDOWS\system32\boqgdtgr.dll HKLM-Run-BM0a6725ef - C:\WINDOWS\system32\vboluhrw.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Petter\Programdata\Mozilla\Firefox\Profiles\u59m1ngy.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 21:23:14 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SNDSRVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAMFILER\FELLESFILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAMFILER\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE C:\PROGRAMFILER\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE C:\PROGRAMFILER\NORTON ANTIVIRUS\NAVAPSVC.EXE C:\PROGRAMFILER\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAMFILER\CYBERLINK\SHARED FILES\RICHVIDEO.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\LAUNCH MANAGER\QTZGACER.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-08-15 21:28:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 19:28:22 Pre-Run: 18,987,057,152 byte ledig Post-Run: 20,181,188,608 byte ledig 290 --- E O F --- 2008-06-10 20:10:01 HighJack This og SAS Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:30:37, on 15.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\admtray.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Petter\Mine dokumenter\harry\Ny mappe\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [EverioService] "C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?ed3c73f80b2b4980989cfdcea904c305 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?ed3c73f80b2b4980989cfdcea904c305 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.nordea.no/Privat/404%2b-%2bside...kke/777052.html O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13629 bytes [\skjul] SAS[\b] Klikk for å se/fjerne innholdet nedenfor SASSUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/15/2008 at 08:28 PM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Quick Scan Total Scan Time : 00:27:09 Memory items scanned : 731 Memory threats detected : 3 Registry items scanned : 453 Registry threats detected : 35 File items scanned : 16928 File threats detected : 440 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\PMNMJIBU.DLL C:\WINDOWS\SYSTEM32\PMNMJIBU.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7588F3E3-0F4B-4680-B225-BB186E940EFB} HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB} HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB}\InprocServer32 HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7588F3E3-0F4B-4680-B225-BB186E940EFB} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnmjIBU C:\WINDOWS\SYSTEM32\AWTUSTJC.DLL C:\WINDOWS\SYSTEM32\RQRLFFFV.DLL C:\WINDOWS\SYSTEM32\URQQHICD.DLL C:\WINDOWS\SYSTEM32\RQRJOJXV.DLL C:\WINDOWS\SYSTEM32\DDCATQQH.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\IIFGHGFY.DLL C:\WINDOWS\SYSTEM32\IIFGHGFY.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\DASORA.DLL C:\WINDOWS\SYSTEM32\DASORA.DLL Trojan.Vundo-Variant/Small HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{515FB3F3-09BB-4726-B9B7-C28736D20F8D} HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D} HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D}\InprocServer32 HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D}\InprocServer32#ThreadingModel Adware.IWantSearchBar HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID HKCR\ToolBand.ToolBandObj.1 HKCR\ToolBand.ToolBandObj.1\CLSID HKCR\ToolBand.ToolBandObj HKCR\ToolBand.ToolBandObj\CLSID HKCR\ToolBand.ToolBandObj\CurVer HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\win32 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR C:\WINDOWS\SYSTEM32\TOOLBAND.DLL HKU\S-1-5-21-1827998096-2234055062-2392453420-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-1827998096-2234055062-2392453420-1009\Software\Microsoft\rdfa C:\WINDOWS\SYSTEM32\MCRH.TMP Adware.Tracking Cookie C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@fastclick[2].txt C:\Documents and Settings\Karine\Cookies\karine@doubleclick[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@clickbank[1].txt C:\Documents and Settings\Karine\Cookies\karine@tradedoubler[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@zedo[2].txt C:\Documents and Settings\Karine\Cookies\karine@indexstats[2].txt C:\Documents and Settings\Karine\Cookies\karine@partypoker[2].txt C:\Documents and Settings\Karine\Cookies\karine@apmebf[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Cookies\karine@optimost[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@advertising[2].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@bravenet[1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adtech[2].txt C:\Documents and Settings\Baard\Cookies\baard@atdmt[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@statcounter[2].txt C:\Documents and Settings\Baard\Cookies\baard@indextools[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[3].txt C:\Documents and Settings\Baard\Cookies\baard@xiti[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adinterax[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[2].txt C:\Documents and Settings\Baard\Cookies\baard@kanoodle[1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@overture[2].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@overture[1].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[3].txt C:\Documents and Settings\Baard\Cookies\baard@insightfirst[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@247realmedia[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@realmedia[1].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@peoplefinders[1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[4].txt C:\Documents and Settings\Baard\Cookies\baard@insightfirst[3].txt C:\Documents and Settings\Baard\Cookies\baard@adbrite[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[1].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@doubleclick[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[1].txt C:\Documents and Settings\Baard\Cookies\baard@overture[4].txt C:\Documents and Settings\Baard\Cookies\baard@bluestreak[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[4].txt C:\Documents and Settings\Baard\Cookies\baard@indexstats[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@specificclick[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@revsci[1].txt C:\Documents and Settings\Baard\Cookies\baard@specificclick[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[1].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\baard@bluestreak[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@pacificpoker[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@apmebf[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\baard@trafficmp[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adbrite[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[4].txt C:\Documents and Settings\Baard\Cookies\baard@serving-sys[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[6].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@casalemedia[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@collective-media[1].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[1].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@fortunecity[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@statcounter[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@zanox[1].txt C:\Documents and Settings\Baard\Cookies\baard@trafficmp[1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@partypoker[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][6].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[6].txt C:\Documents and Settings\Baard\Cookies\baard@revsci[2].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[2].txt C:\Documents and Settings\Baard\Cookies\baard@serving-sys[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@clickbank[1].txt C:\Documents and Settings\Baard\Cookies\baard@interclick[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[3].txt C:\Documents and Settings\Baard\Cookies\baard@adnetserver[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][7].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[4].txt C:\Documents and Settings\Baard\Cookies\baard@pacificpoker[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt .2o7.net [ C:\Documents and Settings\Baard\Programdata\Mozilla\Firefox\Profiles\a0qr7989.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Baard\Programdata\Mozilla\Firefox\Profiles\a0qr7989.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Petter\Programdata\Mozilla\Firefox\Profiles\u59m1ngy.default\cookies.txt ] C:\Documents and Settings\Vilde\Cookies\vilde@tribalfusion[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@specificclick[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@doubleclick[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@adtech[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@seventeen[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@tradedoubler[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@advertising[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@atdmt[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@socialmedia[1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@fastclick[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@imrworldwide[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@questionmarket[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\vilde@mediaplex[1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@2o7[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@casalemedia[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@windowsmedia[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@tacoda[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\vilde@serving-sys[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@advertising[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][3].txt C:\Documents and Settings\Vilde\Cookies\vilde@tradedoubler[3].txt C:\Documents and Settings\Vilde\Cookies\[email protected][3].txt C:\Documents and Settings\Vilde\Cookies\vilde@seventeen[3].txt C:\Documents and Settings\Vilde\Cookies\vilde@fastclick[3].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@mediaplex[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@overture[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@statcounter[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adnetserver[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adtech[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adrevolver[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@screensavers[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@realmedia[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@statcounter[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tacoda[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@focalex[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@doubleclick[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@partyfriendfinder[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@atdmt[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@clickbank[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@xiti[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@serving-sys[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@revenue[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@smileycentral[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@serving-sys[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@zedo[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tacoda[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@burstnet[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@apmebf[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@indextools[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@specificclick[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@pacificpoker[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@smileycentral[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adinterax[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@atwola[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@revsci[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@valueclick[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adbrite[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@specificclick[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@precisionclick[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[4].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[4].txt C:\Documents and Settings\Andrine\Cookies\andrine@pro-market[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@pacificpoker[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\andrine@partypoker[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@overture[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@questionmarket[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[6].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@adultfriendfinder[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@searchfeed[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@indextools[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@toplist[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[5].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][6].txt [\skjul] Klikk for å se/fjerne innholdet nedenfor Endret 15. august 2008 av Linkage Lenke til kommentar
norbat Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 Linkage sin egen tråd Lenke til kommentar
GML Skrevet 17. august 2008 Del Skrevet 17. august 2008 Jeg måtte til slutt bite i det sure eplet i går og ringe Telenorhjelpa, de overstyrte pc`n min og innstallerte Norton. Er kvitt Pop-Upène nå men har en del annet "skit"på maskina som ikke Norton tar. Avinnstallerte Norton igjenn nå og lastet ned NORMAN men får ikke oppdatert det... Får bare opp beskjed om at at den ikke klarer å koble til valideringsserveren... Og"Ingen tilgjengelig NIU-valideringsserver". Når jeg klikker på Detaljer får jeg opp meldingen"Ingen tilgjengelig NIU-valideringsserver. niuthree.norman.no niutwo.norman.no. Siste melding: Kan ikke koble til valideringsserver:niutwo.norman.no. WinSock error 10061 WSAECONNREFUSED. kan ikke koble til fordi målmaskinen avslo tilkobling". Hva er galt??? Hjelp, please...? Lenke til kommentar
norbat Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Hvis du ønsker hjelp til å fjerne malware, følger du veiledningen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter, poster du i en egen tråd som du oppretter ved å klikke Nytt Emne-knappen. Normanproblemet: Lisensen er i orden? Det kan være rester etter Norton som gjør at man får slike problemer. Kjør Norton Removal Tool Lenke til kommentar
GML Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hvis du ønsker hjelp til å fjerne malware, følger du veiledningen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246.Loggene det spørres etter, poster du i en egen tråd som du oppretter ved å klikke Nytt Emne-knappen. Normanproblemet: Lisensen er i orden? Det kan være rester etter Norton som gjør at man får slike problemer. Kjør Norton Removal Tool Jeg prøvde å følge den veiledningen du linker til i går men klarte det ikke. Var et av programmene jeg ikke fikk kjørt på pc`n min. Ang.NORMAN så er alt fra Norton borte. Ang.lisensen så klikker jeg på LISENSVEIVISER og får opp et vindu med en kode/nøkkel i. Jeg klikker deretter FULLFØR og vinduet forsvinner. Skjer ikke noe mer så jeg vet ikke om det er slik det skal være, jeg? Får i allefall ikke kjørt noen oppdatering... Lenke til kommentar
norbat Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Hvilket operativsystem har du (xp / vista 32bits/64bits) ? Lenke til kommentar
GML Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hvilket operativsystem har du (xp / vista 32bits/64bits) ? Jeg har XP Home Edition... Lenke til kommentar
norbat Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Hent Combofix, og legg det på skrivebordet. Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
GML Skrevet 17. august 2008 Del Skrevet 17. august 2008 Hent Combofix, og legg det på skrivebordet. Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Prøvde å laste/kjør Combofix nå men får opp beskjeden:"You cannot rename ComboFix[1] Please use another name preferbaly made up of alphanumeric characters" Lenke til kommentar
norbat Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Slett evt. combofix hvis den ligger på skrivebordet og last ned ny som du lagrer på skrivebordet Lenke til kommentar
GML Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) Slett evt. combofix hvis den ligger på skrivebordet og last ned ny som du lagrer på skrivebordet Ok, da har jeg fått kjørt ComboFix og her er loggen: ComboFix 08-08-14.05 - ................ 2008-08-17 20:32:10.1 - NTFSx86Microsoft Windows XP Professional ........................ [GMT 2:00] Running from: C:\Documents and Settings\............\Mine dokumenter\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\FunWebProducts C:\Programfiler\FunWebProducts\PopSwatr\History\allowed C:\Programfiler\FunWebProducts\PopSwatr\History\notallow C:\Programfiler\FunWebProducts\ScreenSaver\Images\09C4EEA5.urr C:\Programfiler\FunWebProducts\Shared\32238985.dat C:\Programfiler\FunWebProducts\Shared\Cache\AvatarSmallBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\WebfettiBtn.html C:\Programfiler\internet explorer\msimg32.dll C:\Programfiler\MyWebSearch C:\Programfiler\MyWebSearch\bar\3.bin\F3BKGERR.JPG C:\Programfiler\MyWebSearch\bar\3.bin\F3CJPEG.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3DTACTL.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3IMSTUB.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3POPSWT.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3REPROX.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3SHLLVW.DLL C:\Programfiler\MyWebSearch\bar\3.bin\F3SPACER.WMV C:\Programfiler\MyWebSearch\bar\3.bin\F3WALLPP.DAT C:\Programfiler\MyWebSearch\bar\3.bin\M3FFXTBR.JAR C:\Programfiler\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\3.bin\M3HTML.DLL C:\Programfiler\MyWebSearch\bar\3.bin\M3MSG.DLL C:\Programfiler\MyWebSearch\bar\3.bin\M3NTSTBR.JAR C:\Programfiler\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\3.bin\M3SKIN.DLL C:\Programfiler\MyWebSearch\bar\3.bin\MWSOEPLG.DLL C:\Programfiler\MyWebSearch\bar\Avatar\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Cache\014ED72D C:\Programfiler\MyWebSearch\bar\Cache\014EDC2E.bin C:\Programfiler\MyWebSearch\bar\Cache\09C4DDBD C:\Programfiler\MyWebSearch\bar\Cache\09C4E2FD.bin C:\Programfiler\MyWebSearch\bar\Cache\09C4F02C.bin C:\Programfiler\MyWebSearch\bar\Cache\09C4F230.bin C:\Programfiler\MyWebSearch\bar\Cache\09C4FEA3.bin C:\Programfiler\MyWebSearch\bar\Cache\09C50B26.bin C:\Programfiler\MyWebSearch\bar\Cache\09C5C946.bin C:\Programfiler\MyWebSearch\bar\Cache\09C5CCC1.bin C:\Programfiler\MyWebSearch\bar\Cache\09C5CAAD.bin C:\Programfiler\MyWebSearch\bar\Cache\09C5D982.bin C:\Programfiler\MyWebSearch\bar\Cache\09C5DBA5 C:\Programfiler\MyWebSearch\bar\Cache\180DBF5C.bin C:\Programfiler\MyWebSearch\bar\Cache\180DC1AE C:\Programfiler\MyWebSearch\bar\Cache\files.ini C:\Programfiler\MyWebSearch\bar\Game\CHECKERS.F3S C:\Programfiler\MyWebSearch\bar\Game\CHESS.F3S C:\Programfiler\MyWebSearch\bar\Game\REVERSI.F3S C:\Programfiler\MyWebSearch\bar\History\search2 C:\Programfiler\MyWebSearch\bar\icons\CM.ICO C:\Programfiler\MyWebSearch\bar\icons\MFC.ICO C:\Programfiler\MyWebSearch\bar\icons\PSS.ICO C:\Programfiler\MyWebSearch\bar\icons\SMILEY.ICO C:\Programfiler\MyWebSearch\bar\icons\WB.ICO C:\Programfiler\MyWebSearch\bar\icons\ZWINKY.ICO C:\Programfiler\MyWebSearch\bar\Message\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Message\COMMON\ask_logo.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\autoup.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\autoup.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\center.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\index.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\mid_dots.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\mws_logo.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\protect.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\shocked.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\stop.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\systray.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\systrayp.htm C:\Programfiler\MyWebSearch\bar\Message\COMMON\tp_grad.gif C:\Programfiler\MyWebSearch\bar\Message\COMMON\warn.gif C:\Programfiler\MyWebSearch\bar\Notifier\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Notifier\DOG.F3S C:\Programfiler\MyWebSearch\bar\Notifier\FISH.F3S C:\Programfiler\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Programfiler\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAID.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Programfiler\MyWebSearch\bar\Notifier\OPERA.F3S C:\Programfiler\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SURFER.F3S C:\Programfiler\MyWebSearch\bar\Search\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Settings\prevcfg2.htm C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat C:\Programfiler\MyWebSearch\bar\Settings\setting2.htm C:\Programfiler\MyWebSearch\bar\Settings\setting2.htm.bak C:\Programfiler\MyWebSearch\bar\Settings\settings.dat C:\Programfiler\MyWebSearch\bar\Settings\settings.dat.bak C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-17 19:48 . 2008-08-17 20:09 <DIR> dr-h----- C:\Documents and Settings\gro mette\Siste 2008-08-17 17:41 . 2008-08-17 17:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny 2008-08-17 17:32 . 2008-08-17 17:32 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-08-17 14:12 . 2008-08-17 14:12 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-08-17 14:11 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-08-17 14:11 . 2008-01-24 11:23 79,752 --a------ C:\WINDOWS\system32\drivers\ndis_rd.sys 2008-08-17 14:11 . 2007-05-14 10:51 72,320 --a------ C:\WINDOWS\system32\drivers\tdi_rd.sys 2008-08-17 14:11 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-08-17 14:11 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-08-17 14:10 . 2008-08-17 18:06 <DIR> d-------- C:\Programfiler\Norman 2008-08-17 13:43 . 2008-08-17 13:43 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP 2008-08-17 01:29 . 2008-08-17 18:48 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-17 01:28 . 2008-08-17 15:07 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-08-17 01:28 . 2008-08-17 01:28 <DIR> d-------- C:\Documents and Settings\gro mette\Programdata\PC Tools 2008-08-17 01:28 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-17 01:28 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-17 01:28 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-17 01:28 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-16 15:27 . 2008-08-16 15:27 <DIR> d-------- C:\Documents and Settings\gro mette\Programdata\Symantec 2008-08-16 15:22 . 2008-08-16 16:10 <DIR> d-------- C:\Programfiler\Symantec 2008-08-16 15:22 . 2008-08-16 16:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-16 15:22 . 2008-08-16 16:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-16 15:22 . 2008-08-16 16:10 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-08-16 15:22 . 2008-08-16 16:10 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-08-16 15:18 . 2008-08-17 13:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-16 14:36 . 2008-08-16 14:36 <DIR> d-------- C:\Programfiler\Citrix 2008-08-16 14:36 . 2008-08-16 14:36 61,224 --a------ C:\Documents and Settings\gro mette\GoToAssistDownloadHelper.exe 2008-08-16 14:17 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-16 14:17 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-16 14:17 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-16 14:17 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-16 14:17 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-16 14:17 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-15 23:14 . 2008-08-15 23:14 <DIR> d-------- C:\Programfiler\iPod 2008-08-15 23:11 . 2008-08-15 23:11 <DIR> d-------- C:\Programfiler\Bonjour 2008-08-14 11:39 . 2008-08-14 11:39 <DIR> d-------- C:\Documents and Settings\gro mette\Programdata\LaCie 2008-08-14 09:50 . 2008-08-14 09:50 <DIR> d-------- C:\Programfiler\Sun 2008-08-08 01:43 . 2008-08-16 11:48 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-28 10:05 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-07-28 10:04 . 2008-07-28 10:04 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-07-28 09:58 . 2008-07-28 10:01 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-07-28 09:57 . 2008-08-05 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-20 17:52 . 2008-07-20 17:53 7,606,661 --a------ C:\Film RIP Roy.wmv . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 17:47 --------- d-----w C:\Programfiler\CCleaner 2008-08-17 17:23 --------- d-----w C:\Programfiler\Canon 2008-08-17 11:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-08-16 22:58 --------- d-----w C:\Programfiler\LimeWire 2008-08-16 13:01 --------- d-----w C:\Documents and Settings\gro mette\Programdata\AVGTOOLBAR 2008-08-16 13:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-08-15 21:18 --------- d-----w C:\Programfiler\Apple Software Update 2008-08-15 21:15 --------- d-----w C:\Programfiler\iTunes 2008-08-15 21:10 --------- d-----w C:\Programfiler\QuickTime 2008-08-15 20:43 --------- d-----w C:\Programfiler\Safari 2008-08-15 20:17 --------- d-----w C:\Programfiler\Macrogaming 2008-08-14 21:17 --------- d-----w C:\Documents and Settings\gro mette\Programdata\gtk-2.0 2008-08-14 07:50 --------- d-----w C:\Programfiler\Java 2008-08-05 09:39 --------- d-----w C:\Documents and Settings\gro mette\Programdata\Apple Computer 2008-08-04 07:08 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-07-28 07:53 --------- d-----w C:\Programfiler\MSN Messenger 2008-07-08 08:56 --------- d-----w C:\Programfiler\AVG 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:23 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:22 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-02 15:29 1510640] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "YSearchProtection"="C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-25 11:28 32768] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2006-04-19 17:03 65536] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2006-05-04 10:34 86016] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 10:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 10:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 10:17 118784] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 13:16 761946] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "YSearchProtection"="C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248] "VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-30 01:55 994096] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 15:35 189120] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.EXE" [2007-12-17 14:37 273520] "NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 14:29 126008] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 12:27 16207872 C:\WINDOWS\RTHDCPL.EXE] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 10:34 544768 C:\WINDOWS\sm56hlpr.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 94208 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728] hp psc 1000 series.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456] hpoddt01.exe.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-25 11:28:28 450560] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-25 11:26:51 784912] Mobilt Kontor.lnk - C:\Programfiler\Telenor\Mobilt Kontor\Mobilt Kontor.exe [2007-05-10 10:38:58 565248] Sound Station.lnk - C:\Programfiler\Sound Station\SNXUACP.exe [2008-01-24 18:48:49 643072] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-06-02 15:29 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-29 20:57 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 11:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.vp31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "C:\\WINDOWS\\system32\\spoolsv.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\TDI_RD.SYS [2007-05-14 10:51] R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 15:48] R2 IAANTMon;Intel® Matrix Storage Event Monitor;C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 12:30] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NPFSvc32;Norman Personal Firewall Service;C:\Programfiler\Norman\npf\bin\npfsvc32.exe [2008-01-28 10:21] R2 NPROSECSVC;Norman Security service;C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE [2007-11-27 15:13] R2 NVOY;Norman's Very Own supplY of resources;C:\Programfiler\Norman\npm\bin\nvoy.exe [2008-01-22 15:04] R3 NPC;Norman Parental Control;C:\Programfiler\Norman\npc\bin\npcsvc32.exe [2007-09-17 14:23] R3 NUAA;Norman User Activity Agent;C:\Programfiler\Norman\npc\bin\nuaa.exe [2007-09-17 14:22] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 11:41] R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-09-18 10:21] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 17:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 17:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 17:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 17:48] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-30 01:56] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2007-04-23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1169371842.job - C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52] . - - - - ORPHANS REMOVED - - - - HKLM-Run-CtrlVol - C:\Programfiler\Launch Manager\CtrlVol.exe Notify-__c007C4C6 - C:\WINDOWS\system32\__c007C4C6.dat . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/ R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR O8 -: &Search - O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab C:\WINDOWS\Downloaded Program Files\hcImpl.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\system32\msvcp60.dll C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll O16 -: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123hjemmeside.dk/builder/pages/KvikVideo-6-4-0-0.CAB C:\WINDOWS\Downloaded Program Files\VEAX.INF O16 -: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} - hxxp://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB C:\WINDOWS\Downloaded Program Files\KvikFoto-1-0-5.INF C:\WINDOWS\system32\Decenc32.dll C:\WINDOWS\system32\ijl11.dll C:\WINDOWS\Downloaded Program Files\KvikFoto-1-0-5.ocx O16 -: {AD71BA5A-114E-4B8B-8310-7A39BE5A81A6} - hxxps://downloadplugin.av.net/AVDS/avDownloadManager.cab C:\WINDOWS\Downloaded Program Files\avDownloadEngineX.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 20:36:57 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = C:\Programfiler\Launch Manager\CtrlVol.exe???S??\??????|x??|????q??|?j?wQj?w????????(??? ???????????????d??????|????????p?????@?????????0y?w???????????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????B~??@?N'?s$X;? :@?0X;???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-08-17 20:38:43 ComboFix-quarantined-files.txt 2008-08-17 18:38:36 Pre-Run: 1,975,042,048 byte ledig Post-Run: 2,237,018,112 byte ledig 361 --- E O F --- 2008-08-14 01:06:54 Endret 17. august 2008 av GML Lenke til kommentar
norbat Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 Last ned og kjør tidligere nevnte Norton Removal Tool Hvis mulig, avinstaller AVG fra legg til / fjern programmer Kjør combofix på nytt og post loggen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå