Stray_Cat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Maskina kjører fint. Det har den gjort helt siden jeg kjørte Combifix første gang. Likevell kan det jo tenkes at det fortsatt ligger igjen drit på pcn? Ny combifix-log: ComboFix 08-02.01.6 - Administrator 2008-02-03 18:43:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.229 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\DOCUME~1\ADMINI~1\PROGRA~1\ROAM2N~1\bat dart love.exe C:\WINDOWS\System32\KDP6840.dll C:\WINDOWS\System32\kdpupd.dll . ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-03 14:37 . 2008-02-03 14:37 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-01 17:45 . 2008-02-03 18:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-02-01 17:43 . 2008-02-01 17:43 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-01 17:12 . 2008-02-01 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-02-01 16:40 . 2007-08-14 09:12 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys 2008-02-01 16:15 . 2008-02-01 16:15 <DIR> d-------- C:\Programfiler\Sophos 2008-01-29 21:30 . 2008-01-29 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Programfiler\Winamp 2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Winamp 2008-01-26 13:31 . 2008-02-03 18:31 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\StumbleUpon 2008-01-26 13:30 . 2008-01-26 13:31 <DIR> d-------- C:\Programfiler\StumbleUpon 2008-01-24 23:04 . 2008-01-24 23:04 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services 2008-01-12 17:14 . 2008-01-12 17:14 <DIR> d-------- C:\WINDOWS\Samsung 2008-01-12 17:14 . 2001-11-06 16:29 94,208 --a------ C:\WINDOWS\system32\getpntid.exe 2008-01-12 17:14 . 2003-01-10 13:52 13,997 --a------ C:\WINDOWS\system32\Ssgb3mon.dll 2008-01-12 17:14 . 2001-03-20 16:10 3,262 --a------ C:\WINDOWS\reinstall.ico 2008-01-12 17:14 . 2001-03-20 14:52 766 --a------ C:\WINDOWS\Uninstall.ico 2008-01-12 17:12 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-11 14:30 . 2008-01-11 14:30 0 --a------ C:\WINDOWS\iPlayer.INI 2008-01-10 20:48 . 2008-01-11 00:24 <DIR> d-------- C:\Programfiler\PokerStars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 16:20 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-02-01 17:00 --------- d-----w C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-02-01 16:47 --------- d-----w C:\Programfiler\Microsoft AntiSpyware 2008-02-01 16:47 --------- d-----w C:\Programfiler\GetRight 2008-02-01 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-01-31 21:56 --------- d-----w C:\Programfiler\PhotoRescue Pro 2008-01-31 21:19 --------- d-----w C:\Programfiler\ARWizard3 2008-01-29 20:29 --------- d-----w C:\Programfiler\Last.fm 2008-01-27 15:05 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-01-25 15:38 --------- d-----w C:\Programfiler\EvilLyrics 2008-01-22 20:55 --------- d-----w C:\Programfiler\Paint Shop Pro 6 2008-01-13 13:24 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-12 16:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-14 13:12 --------- d-----w C:\Programfiler\MP3 Converter Simple 2007-12-11 11:37 --------- d-----w C:\Documents and Settings\Administrator\Programdata\dvdcss . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-11-18 00:09 5674352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-29 21:29:07 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^Last.fm Helper.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\Last.fm Helper.lnk backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NaturalColorLoad.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\NaturalColorLoad.lnk backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-08-05 20:05 344064 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2007-10-12 19:25 249896 C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWU] --a------ 2005-08-09 07:50 307200 C:\Programfiler\Jensen AirLink\AWU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-03 15:18 94208 C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard] C:\Programfiler\BullGuard Software\BullGuard\bullguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] C:\Programfiler\Fellesfiler\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2007-10-14 15:10 1115728 C:\Programfiler\Comodo\Firewall\CPF.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-06-12 13:32 700416 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 21:43 81920 C:\Programfiler\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] --a------ 2005-07-12 14:35 473928 C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 14:45 278528 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer] --a------ 2005-01-28 14:23 192512 C:\WINDOWS\inf\unregmp2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-18 00:09 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield] regsvr32 /s C:\WINDOWS\System32\sfg_568c.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-03-27 13:18 155648 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-02-09 09:54 65024 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 15:46 1460560 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 02:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-31 17:57 68856 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-04-16 21:14 180269 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] --a------ 2005-07-15 22:48 479232 C:\Programfiler\Google\Gmail Notifier\gnotify.exe R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 21:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 21:41] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22] R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 09:12] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\16.tmp [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 18:47:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-03 18:49:00 ComboFix-quarantined-files.txt 2008-02-03 17:48:51 ComboFix2.txt 2008-02-03 17:07:11 ComboFix3.txt 2008-02-03 15:53:59 . 2007-11-19 13:49:04 --- E O F --- Lenke til kommentar
norbat Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 (endret) Vi rydder litt til: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\System32\sfg_568c.dll Folder:: C:\PROGRA~1\Grisoft C:\Program Files\Altnet C:\Programfiler\Fellesfiler\CMEII Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield] Trenger ikke å se ny logg. Oppdater Java: http://java.com/en/download/index.jsp Avinstaller de program du har brukt under fixen: HJT: fra legg til/fjern programmer. Slett deretter programiconet/mappa Combofix: skriv combofix /u i kjør-vinduet (start->kjør) Hvis du ikke ønsker å beholde SAS, avinstaller det fra legg til/fjern programmer. Endret 3. februar 2008 av norbat Lenke til kommentar
Stray_Cat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Tusen hjertlig takk norbat! Lenke til kommentar
norbat Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 Bare hyggelig. Du får være litt mer forsiktig neste gang du laster ned noe. Cracks og annet 'på kanten ting' lønner seg sjelden i lengden. Lenke til kommentar
General_Kebab Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 ComboFix 08-02.03.1 - Acer 2008-02-04 19:36:25.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1248 [GMT 1:00] Running from: C:\Users\Acer\Desktop\ComboFixx.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))) . 2008-02-04 19:30 . 2008-02-04 19:33 <DIR> d-------- C:\ComboFix 2008-02-04 17:36 . 2008-02-04 17:36 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-02-04 17:36 . 2008-02-04 17:36 <DIR> d-------- C:\PROGRA~2\SUPERAntiSpyware.com 2008-02-04 17:35 . 2008-02-04 17:35 <DIR> d-------- C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com 2008-02-04 17:35 . 2008-02-04 19:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-01 00:07 . 2008-02-01 00:08 <DIR> d-------- C:\Program Files\LimeWire 2008-01-31 16:24 . 2008-01-31 16:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-31 16:14 . 2008-01-31 16:14 <DIR> d-------- C:\Program Files\CCleaner 2008-01-28 12:26 . 2008-01-28 12:26 <DIR> d-a------ C:\Users\All Users\TEMP 2008-01-28 12:26 . 2008-01-28 12:26 <DIR> d-a------ C:\PROGRA~2\TEMP 2008-01-28 08:02 . 2008-01-28 08:02 58,760 --a------ C:\symlcsv1.exe 2008-01-26 22:44 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll 2008-01-26 22:44 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll 2008-01-26 22:44 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll 2008-01-26 22:44 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll 2008-01-26 22:44 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll 2008-01-26 22:44 . 2007-03-05 12:42 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll 2008-01-26 16:06 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll 2008-01-17 19:32 . 2008-01-17 19:32 <DIR> d-------- C:\Program Files\America's Army Server Manager 2008-01-17 10:24 . 2008-01-17 10:24 <DIR> d-------- C:\Users\Acer\AppData\Roaming\OtakuSoftware 2008-01-13 03:02 . 2008-01-13 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-13 03:02 . 2008-01-13 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-13 03:02 . 2008-01-13 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-13 03:02 . 2008-01-13 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-13 03:02 . 2008-01-13 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-13 03:02 . 2008-01-13 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-13 03:02 . 2008-01-13 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-13 03:02 . 2008-01-13 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-13 03:02 . 2008-01-13 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-13 03:02 . 2008-01-13 03:02 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-10 08:44 . 2008-01-10 08:44 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-10 08:44 . 2008-01-10 08:44 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-10 08:44 . 2008-01-10 08:44 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-10 08:44 . 2008-01-10 08:44 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-10 08:44 . 2008-01-10 08:44 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-07 17:04 . 2008-02-04 08:35 <DIR> d-------- C:\Users\Acer\AppData\Roaming\AVG7 2008-01-07 17:04 . 2008-01-08 16:30 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys 2008-01-07 17:04 . 2008-01-07 17:04 9,216 --a------ C:\Windows\System32\avgwlntf.dll 2008-01-07 17:03 . 2008-01-07 17:03 <DIR> d-------- C:\Users\All Users\Grisoft 2008-01-07 17:03 . 2008-01-08 16:28 <DIR> d-------- C:\Users\All Users\avg7 2008-01-07 17:03 . 2008-01-07 17:03 <DIR> d-------- C:\PROGRA~2\Grisoft 2008-01-07 17:03 . 2008-01-08 16:28 <DIR> d-------- C:\PROGRA~2\avg7 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-04 18:36 --------- d-----w C:\Users\Acer\AppData\Roaming\BitTorrent DNA 2008-02-04 17:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-04 16:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 00:44 79,432 ----a-w C:\Users\Acer\AppData\Roaming\nvModes.dat 2008-02-02 16:30 --------- d-----w C:\Users\Acer\AppData\Roaming\LimeWire 2008-01-28 17:47 --------- d-----w C:\Program Files\Norton Security Scan 2008-01-28 11:13 --------- d-----w C:\Program Files\Acer GameZone 2008-01-24 18:01 --------- d-----w C:\Users\Acer\AppData\Roaming\BitTorrent 2008-01-13 02:12 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-13 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-13 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-13 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-13 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-12 21:44 --------- d-----w C:\Program Files\Common Files\Steam 2008-01-10 10:21 --------- d-----w C:\Program Files\Windows Mail 2007-12-17 08:36 --------- d-----w C:\Program Files\Google 2007-12-14 17:12 --------- d-----w C:\Users\Acer\AppData\Roaming\dvdcss 2007-12-13 07:38 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-13 07:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-13 07:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-13 07:36 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 07:36 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-13 07:36 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 07:36 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-13 07:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-13 07:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-13 07:36 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 07:36 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-13 07:34 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-13 07:34 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-11-17 12:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-15 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-15 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-15 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-15 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-15 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-15 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-15 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-15 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-15 02:03 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-15 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-10-31 12:30 101,360 ----a-w C:\Users\Acer\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-10-22 15:40 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 03:02 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "Steam"="D:\spel\Steam.exe" [ ] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "BitTorrent DNA"="C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe" [2007-11-05 17:55 286016] "DeskSpace"="D:\Deskspace\deskspace.exe" [ ] "Octoshape Streaming Services"="C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-09 23:01 1006264] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ] "Persistence"="C:\Windows\system32\igfxpers.exe" [ ] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216] "Acer Tour"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 16:39 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 16:39 8470528] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 16:39 81920] "BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-08 19:48 53248] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 10:15 752136] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38 206952] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00 174872] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-11 18:41 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 16:30 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 17:03 219136] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-09-16 14:33:25 10872] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-09 23:31:52 535336] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-01-07 17:04 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34] R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05] R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23] R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-01-08 16:30] R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-26 17:25] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57] S3 NETw3v32;Intel® PRO/trådløs 3945ABG-kortdriver for Windows Vista, 32-bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30] S3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-11 17:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a0c32f-817a-11dc-849a-c0026999b9d1}] \shell\AutoRun\command - F:\Launcher.exe . Contents of the 'Scheduled Tasks' folder "2008-02-04 18:05:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-04 19:38:36 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-04 19:39:39 ComboFix-quarantined-files.txt 2008-02-04 18:39:36 . 2008-02-01 10:06:18 --- E O F --- Hei, General_Kebab. Du bør rydde litt mer: Bestem deg for hvilket antivirusprogram du vil ha. Avinstaller de andre da det ikke er bra å ha flere enn ett antivirusprogram. Du har også noen rester etter Norton. Se om du får avinstaller restene fra legg til/fjern programmer evt. bruk Norton Removal Tool Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Dette er et antispywareprogram som vil ta evt. bugs som ligger der. Når SAS er ferdigkjørt, så henter du Combofix, legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
norbat Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 Og hvordan går det med 'problemet', General_Kebab ? Lenke til kommentar
General_Kebab Skrevet 5. februar 2008 Del Skrevet 5. februar 2008 Og hvordan går det med 'problemet', General_Kebab ? trur eg er kvitt det. har i vertfall ikkje hatt noke problem med det etter at eg gjorde som du sa. men trur ikkje eg har fått sletta alle nortonfilene. ligge vertfall noken der som eg ikkje får sletta når eg søke i min datamiskin. men det kan vel kanskje vere fordi eg valgte feil norton-produkt. eg veit egentli ikkje kass eg hadde sidan det var installert på maskina då eg fekk den. eg berre valgte 2007 sidan eg fekk maskina i 2007 (hausten). Lenke til kommentar
norbat Skrevet 7. februar 2008 Forfatter Del Skrevet 7. februar 2008 Kunne du ha postet en ny hjt-logg, så ser vi om den viser noen norton-prosesser. Lenke til kommentar
General_Kebab Skrevet 8. februar 2008 Del Skrevet 8. februar 2008 Kunne du ha postet en ny hjt-logg, så ser vi om den viser noen norton-prosesser. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:06, on 01.02.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Windows\System32\rundll32.exe C:\Windows\BR040286.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://united.no.ezdeal.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "D:\spel\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [DeskSpace] D:\Deskspace\deskspace.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Acer\AppData\Local\Temp\opnon.dll,#1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Acer\AppData\Local\Temp\urstq.dll,c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12812 bytes Lenke til kommentar
norbat Skrevet 8. februar 2008 Forfatter Del Skrevet 8. februar 2008 Denne loggen var fra 1/2. Kunne du ha laget en ny ved å kjøre hjt igjen? Lenke til kommentar
M3moreX Skrevet 8. februar 2008 Del Skrevet 8. februar 2008 (endret) Har fått en del pop-ups som kommer på en av mine pcer Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:12, on 08.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\BitTorrent\bittorrent.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Windows Live Toolbar\msn_sl.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EG R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ultimate Defender] "C:\Programfiler\Ultimate Defender\App.exe" hide O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [bearFlix] "C:\Programfiler\BearFlix\bearflix.exe" /pause O4 - HKLM\..\Run: [support audio cool poll] C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [locks draw] C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-1295431271-1194567502-417556232-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1295431271-1194567502-417556232-1007\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-1295431271-1194567502-417556232-1007\..\Run: [skyResortExtremeSetup.exe] C:\DOWNLO~1\SKYRES~1.EXE /r (User '?') O4 - HKUS\S-1-5-21-1295431271-1194567502-417556232-1007\..\Run: [JewelQuestSetup.exe] C:\DOWNLO~1\JEWELQ~1.EXE /r (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1295431271-1194567502-417556232-1007 Startup: .protected (User '?') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?d642a7d5f49644e297c46632e564aac3 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?d642a7d5f49644e297c46632e564aac3 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13996 bytes Endret 8. februar 2008 av M3moreX Lenke til kommentar
norbat Skrevet 8. februar 2008 Forfatter Del Skrevet 8. februar 2008 M3moreX: Det ligger en Lop.com infeksjon der. Kunne du ha kjørt gjennom langversjonen i 1.post og postet loggene det spørres etter, i en egen post som du oppretter ved å klikke "Nytt Emne"? Lenke til kommentar
lknight Skrevet 8. februar 2008 Del Skrevet 8. februar 2008 er også blant de som sliter med MSN virus... klikket på link og vips... plaget med virus. har kjørt samtlige programmer, og her er loggene: SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/08/2008 at 10:41 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:58:26 Memory items scanned : 382 Memory threats detected : 1 Registry items scanned : 5627 Registry threats detected : 10 File items scanned : 48074 File threats detected : 171 Trojan.WinFixer C:\WINDOWS\SYSTEM32\AWTST.DLL C:\WINDOWS\SYSTEM32\AWTST.DLL HKLM\Software\Classes\CLSID\{CE730545-6176-4948-909A-7555E695AF55} HKCR\CLSID\{CE730545-6176-4948-909A-7555E695AF55} HKCR\CLSID\{CE730545-6176-4948-909A-7555E695AF55}\InprocServer32 HKCR\CLSID\{CE730545-6176-4948-909A-7555E695AF55}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE730545-6176-4948-909A-7555E695AF55} Adware.Vundo Variant HKLM\Software\Classes\CLSID\{ED9D960F-CB0A-47BE-9FDD-DA7AAF4A7A6C} HKCR\CLSID\{ED9D960F-CB0A-47BE-9FDD-DA7AAF4A7A6C} HKCR\CLSID\{ED9D960F-CB0A-47BE-9FDD-DA7AAF4A7A6C}\InprocServer32 HKCR\CLSID\{ED9D960F-CB0A-47BE-9FDD-DA7AAF4A7A6C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\JKKJH.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED9D960F-CB0A-47BE-9FDD-DA7AAF4A7A6C} C:\WINDOWS\SYSTEM32\PMKHH.DLL Adware.Tracking Cookie C:\Documents and Settings\Biret\Cookies\biret@2o7[1].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\[email protected][2].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@adtech[2].txt C:\Documents and Settings\Biret\Cookies\biret@advertising[2].txt C:\Documents and Settings\Biret\Cookies\biret@atdmt[2].txt C:\Documents and Settings\Biret\Cookies\[email protected][2].txt C:\Documents and Settings\Biret\Cookies\biret@casalemedia[2].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@doubleclick[2].txt C:\Documents and Settings\Biret\Cookies\biret@fastclick[1].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@revenue[2].txt C:\Documents and Settings\Biret\Cookies\biret@serving-sys[1].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@statcounter[2].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@toplist[1].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Biret\Cookies\biret@tradedoubler[1].txt C:\Documents and Settings\Biret\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@2o7[2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\gjest@adtech[2].txt C:\Documents and Settings\Gjest\Cookies\gjest@advertising[2].txt C:\Documents and Settings\Gjest\Cookies\gjest@atdmt[2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\gjest@casalemedia[1].txt C:\Documents and Settings\Gjest\Cookies\gjest@doubleclick[2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\gjest@fastclick[1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@serving-sys[1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@statcounter[1].txt C:\Documents and Settings\Gjest\Cookies\gjest@toplist[1].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt C:\Documents and Settings\Gjest\Cookies\gjest@tradedoubler[2].txt C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt Adware.Lop-Gen C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP535\A0126522.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP535\A0126523.EXE ComboFIX: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - biret 2008-02-08 23:05:03.1 - NTFSx86 Running from: C:\biret\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\xxyawww.dll C:\WINDOWS\svchost.exe C:\WINDOWS\system32\awtsp.dll C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\funibvfw.dll C:\WINDOWS\system32\gsxfoytn.dll C:\WINDOWS\system32\hgnnrbuw.dll C:\WINDOWS\system32\hjkkj.ini C:\WINDOWS\system32\hjkkj.ini2 C:\WINDOWS\system32\hydbopfr.dll C:\WINDOWS\system32\iqxokhjj.dll C:\WINDOWS\system32\lknprqgh.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mtynaroe.dll C:\WINDOWS\system32\ngrwbxcv.dll C:\WINDOWS\system32\pbyerotl.dll C:\WINDOWS\system32\pstwa.ini C:\WINDOWS\system32\pstwa.ini2 C:\WINDOWS\system32\RCX3F.tmp C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\tstwa.ini C:\WINDOWS\system32\tstwa.ini2 C:\WINDOWS\system32\xxyawww.dll C:\WINDOWS\system32\yjyqwaif.dll . ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-08 21:41 . 2008-02-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 21:39 . 2008-02-08 22:48 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 21:38 . 2008-02-08 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:12 . 2008-02-08 21:12 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-06 01:40 . 2008-02-07 03:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-06 01:40 . 2008-02-06 01:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 00:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-21 00:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-21 00:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-21 00:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-21 00:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-21 00:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-21 00:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-21 00:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-21 00:11 . 2008-01-21 00:11 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-20 22:23 . 2008-01-21 00:10 338,432 --a------ C:\WINDOWS\system32\jkkjh.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 21:51 --------- d-----w C:\Programfiler\Windows Defender 2008-01-31 01:38 --------- d-----w C:\Programfiler\Lexmark Fax Solutions 2008-01-31 01:38 --------- d-----w C:\Programfiler\Lexmark 2300 Series 2008-01-31 01:38 --------- d-----w C:\Programfiler\iTunes 2008-01-31 01:37 --------- d-----w C:\Programfiler\HOTALBUMMyBOX 2008-01-20 23:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\option play 32 that 2008-01-20 23:41 --------- d-----w C:\Programfiler\QuickTime 2008-01-20 00:13 --------- d-----w C:\Programfiler\Lx_cats 2008-01-07 01:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-07 01:45 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-07 01:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-02 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-01-02 19:12 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-02 19:12 --------- d-----w C:\Programfiler\Creative 2008-01-02 19:11 --------- d-----w C:\Programfiler\Audible 2008-01-02 19:08 --------- d--h--w C:\Programfiler\Creative Installation Information 2008-01-02 18:59 --------- d-----w C:\Programfiler\Fellesfiler\Creative . <pre> ----a-w 253,952 2008-01-21 00:22:45 C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe ----a-w 57,344 2008-01-21 00:23:36 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe ----a-w 344,064 2008-01-21 00:22:21 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 787,096 2008-01-21 00:23:44 C:\Programfiler\HOTALBUMMyBOX\MBBalloon .exe ----a-w 49,152 2008-01-21 00:22:24 C:\Programfiler\Hp\HP Software Update\HPWuSchd2 .exe ----a-w 233,534 2008-01-21 00:22:54 C:\Programfiler\HPQ\Default Settings\cpqset .exe ----a-w 794,624 2008-01-21 00:22:37 C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe ----a-w 409,600 2008-01-21 00:22:54 C:\Programfiler\HPQ\Quick Launch Buttons\EabServr .exe ----a-w 278,528 2008-01-21 00:22:40 C:\Programfiler\iTunes\iTunesHelper .exe ----a-w 36,975 2008-01-21 00:22:24 C:\Programfiler\Java\jre1.5.0_05\bin\jusched .exe ----a-w 94,208 2008-01-21 00:23:08 C:\Programfiler\Lexmark 2300 Series\ezprint .exe ----a-w 200,704 2008-01-21 00:22:58 C:\Programfiler\Lexmark 2300 Series\lxcgmon .exe ----a-w 299,008 2008-01-21 00:23:14 C:\Programfiler\Lexmark Fax Solutions\fm3032 .exe ----a-w 73,840 2008-01-21 00:24:03 C:\Programfiler\Macrogaming\SweetIM\SweetIM .exe ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-20 23:41:34 C:\Programfiler\QuickTime\QTTask .exe ----a-w 159,744 2008-01-21 00:23:31 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe ----a-w 729,178 2008-01-21 00:22:30 C:\Programfiler\Synaptics\SynTP\SynTPEnh .exe ----a-w 866,584 2008-01-21 00:23:30 C:\Programfiler\Windows Defender\MSASCui .exe ----a-w 15,360 2008-01-20 23:11:01 C:\WINDOWS\system32\ctfmon .exe ----a-w 188,416 2008-01-21 00:23:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask .exe" [2008-01-21 00:41 286720] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2008-01-21 00:41 571904] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [ ] "Windows Taskmanager"="svchost.exe" [2004-08-04 09:00 14336 C:\WINDOWS\system32\svchost.exe] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 18:48 73728] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ hp psc 1000 series.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456] hpoddt01.exe.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672] MediaChecker.lnk - C:\Programfiler\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 10:48:22 913560] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-08-19 18:06] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06] . Contents of the 'Scheduled Tasks' folder "2008-01-07 01:46:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-08 22:19:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-08 21:31:11 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 23:18:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkCalRem.exe . ************************************************************************** . Completion time: 2008-02-08 23:22:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-08 22:22:26 . 2008-02-08 20:03:27 --- E O F --- HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:49:47, on 08.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\QuickTime\QTTask .exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\HOTALBUMMyBOX\MediaChecker.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\biret\Skrivebord\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettby.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: wkcalrem.LNK = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: MediaChecker.lnk = C:\Programfiler\HOTALBUMMyBOX\MediaChecker.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe -- End of file - 7651 bytes En ting jeg lurer på... Når jeg har kjørt ferdig SuperAntiSpyware, så ber den meg om å reboote, jeg rebooter, men alt som er igjen, er Quarantine... Skal jeg trykke på 'remove' på den aktuelle quantatine, eller? jeg antar at det er en god del å ta tak i her, men men... Lenke til kommentar
norbat Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Hei, Det er ikke så mye igjen. :, så fortsett med følgende: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\jkkjh.exe Folder:: C:\Documents and Settings\All Users\Programdata\option play 32 that Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Taskmanager"=- RenV:: ----a-w 253,952 2008-01-21 00:22:45 C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe ----a-w 57,344 2008-01-21 00:23:36 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe ----a-w 344,064 2008-01-21 00:22:21 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 787,096 2008-01-21 00:23:44 C:\Programfiler\HOTALBUMMyBOX\MBBalloon .exe ----a-w 49,152 2008-01-21 00:22:24 C:\Programfiler\Hp\HP Software Update\HPWuSchd2 .exe ----a-w 233,534 2008-01-21 00:22:54 C:\Programfiler\HPQ\Default Settings\cpqset .exe ----a-w 794,624 2008-01-21 00:22:37 C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe ----a-w 409,600 2008-01-21 00:22:54 C:\Programfiler\HPQ\Quick Launch Buttons\EabServr .exe ----a-w 278,528 2008-01-21 00:22:40 C:\Programfiler\iTunes\iTunesHelper .exe ----a-w 36,975 2008-01-21 00:22:24 C:\Programfiler\Java\jre1.5.0_05\bin\jusched .exe ----a-w 94,208 2008-01-21 00:23:08 C:\Programfiler\Lexmark 2300 Series\ezprint .exe ----a-w 200,704 2008-01-21 00:22:58 C:\Programfiler\Lexmark 2300 Series\lxcgmon .exe ----a-w 299,008 2008-01-21 00:23:14 C:\Programfiler\Lexmark Fax Solutions\fm3032 .exe ----a-w 73,840 2008-01-21 00:24:03 C:\Programfiler\Macrogaming\SweetIM\SweetIM .exe ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-20 23:41:34 C:\Programfiler\QuickTime\QTTask .exe ----a-w 159,744 2008-01-21 00:23:31 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe ----a-w 729,178 2008-01-21 00:22:30 C:\Programfiler\Synaptics\SynTP\SynTPEnh .exe ----a-w 866,584 2008-01-21 00:23:30 C:\Programfiler\Windows Defender\MSASCui .exe ----a-w 15,360 2008-01-20 23:11:01 C:\WINDOWS\system32\ctfmon .exe ----a-w 188,416 2008-01-21 00:23:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe Post ny logg fra Combofix. Lenke til kommentar
General_Kebab Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Denne loggen var fra 1/2. Kunne du ha laget en ny ved å kjøre hjt igjen? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:11, on 09.02.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Windows\BR040286.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe C:\Windows\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe D:\spel\Steam\Steam.exe C:\Users\Acer\Program Files\BitTorrent\BitTorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://united.no.ezdeal.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "D:\spel\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Acer\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [DeskSpace] D:\Deskspace\deskspace.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Acer\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10994 bytes Lenke til kommentar
norbat Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Ingen spor etter Norton , General_Kebab Lenke til kommentar
lknight Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Ok... Her er ny ComboFIX-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - biret 2008-02-09 21:27:49.2 - NTFSx86 Running from: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\jkkjh.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\option play 32 that . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 23:22 . <DIR> C:\Documents and Settings\Ellen Marianne Hµtta\Lokale innstillinger 2008-02-08 23:22 . <DIR> C:\Documents and Settings\Ellen Marianne Hµtta\Lokale innstillinger 2008-02-08 22:58 . 2004-08-04 09:00 388,096 --a------ C:\kmd.exe 2008-02-08 21:41 . 2008-02-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 21:39 . 2008-02-08 23:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 21:38 . 2008-02-08 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:12 . 2008-02-08 21:12 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-06 01:40 . 2008-02-07 03:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-06 01:40 . 2008-02-06 01:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 00:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-21 00:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-21 00:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-21 00:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-21 00:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-21 00:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-21 00:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-21 00:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 20:27 --------- d-----w C:\Programfiler\Windows Defender 2008-02-09 20:27 --------- d-----w C:\Programfiler\QuickTime 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark Fax Solutions 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark 2300 Series 2008-02-09 20:27 --------- d-----w C:\Programfiler\iTunes 2008-02-09 20:27 --------- d-----w C:\Programfiler\HOTALBUMMyBOX 2008-01-20 00:13 --------- d-----w C:\Programfiler\Lx_cats 2008-01-07 01:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-07 01:45 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-07 01:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-02 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-01-02 19:12 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-02 19:12 --------- d-----w C:\Programfiler\Creative 2008-01-02 19:11 --------- d-----w C:\Programfiler\Audible 2008-01-02 19:08 --------- d--h--w C:\Programfiler\Creative Installation Information 2008-01-02 18:59 --------- d-----w C:\Programfiler\Fellesfiler\Creative . <pre> ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask .exe" [2008-01-21 00:41 286720] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2008-01-21 01:22 233534] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2008-01-21 01:23 188416] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 18:48 73728] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-08-19 18:06] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06] . Contents of the 'Scheduled Tasks' folder "2008-01-07 01:46:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-09 20:35:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-09 20:31:06 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 21:34:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????7?7?1?3??????? ???B?????????????hLC???????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe . ************************************************************************** . Completion time: 2008-02-09 21:37:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-09 20:37:13 ComboFix2.txt 2008-02-08 22:22:32 . 2008-02-08 20:03:27 --- E O F --- norbat: avast ser ut til å finne problemer/viruser hele tiden.... er avast i det store og hele anbefalt, eller?? har f-secure som alternativ her, hva syns du om det alternativet?? Lenke til kommentar
norbat Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 (endret) Kunne du ha lastet opp følgende fil for sjekk på http://virusscan.jotti.org/: C:\kmd.exe Opprett en ny CFScript.txt-fil med følgende innhold som du drar over combofix: RenV:: ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe Post gjerne loggen. Avast vs. F-secure: Tror jeg ville ha gått for F-secure Opplever du noe problemer med 'virus'-meldinger nå? Endret 9. februar 2008 av norbat Lenke til kommentar
lknight Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 tjah... ser ut som om det meste er blitt borte nå... men avast fant fremdeles malware som den kmd.exe du nevnte ovenfor. jeg kjørte scan på den fila i den siden du nevnte, var ingenting galt med den, fikk jeg rapportert. utenom norton, finnes det bedre alternativ enn f-secure da..? frister å ha en av-program kjørende i bakgrunnen, men som ikke forstyrrer meg nevneverdig når jeg f.eks sitter å ser på filmer å gjøre skolearbeid. går det ann at hvis den finner virus/søppel, så slettes det automatisk uten at det kommer opp pop-uper hele tiden? hvilken program fungerer best på det her?? syns at f-secure fungerer bra greit, men finne det "bedre" alternativer enn den?? her er en ny Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - biret 2008-02-09 23:21:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.128 [GMT 1:00] Running from: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-09 21:25 . 2004-08-04 09:00 388,096 --a------ C:\kmd.exe 2008-02-08 23:22 . 2008-02-09 21:37 <DIR> d-------- C:\Documents and Settings\Ellen Marianne Hµtta\Lokale innstillinger 2008-02-08 21:41 . 2008-02-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 21:39 . 2008-02-08 23:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 21:39 . 2008-02-08 21:39 <DIR> d-------- C:\Documents and Settings\Ellen Marianne Hætta\Programdata\SUPERAntiSpyware.com 2008-02-08 21:38 . 2008-02-08 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:15 . 2008-02-09 23:11 <DIR> dr-h----- C:\Documents and Settings\Ellen Marianne Hætta\Siste 2008-02-08 21:15 . 2008-02-09 23:11 <DIR> dr-h----- C:\Documents and Settings\Ellen Marianne Hætta\Siste 2008-02-08 21:12 . 2008-02-08 21:12 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-06 01:40 . 2008-02-07 03:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-06 01:40 . 2008-02-06 01:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 00:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-21 00:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-21 00:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-21 00:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-21 00:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-21 00:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-21 00:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-21 00:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 20:27 --------- d-----w C:\Programfiler\Windows Defender 2008-02-09 20:27 --------- d-----w C:\Programfiler\QuickTime 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark Fax Solutions 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark 2300 Series 2008-02-09 20:27 --------- d-----w C:\Programfiler\iTunes 2008-02-09 20:27 --------- d-----w C:\Programfiler\HOTALBUMMyBOX 2008-02-08 22:19 --------- d-----w C:\Documents and Settings\Ellen Marianne Hætta\Programdata\OpenOffice.org2 2008-02-07 02:31 4,706 ----a-w C:\Documents and Settings\Ellen Marianne Hætta\Programdata\wklnhst.dat 2008-01-20 00:13 --------- d-----w C:\Programfiler\Lx_cats 2008-01-07 01:56 --------- d-----w C:\Documents and Settings\Ellen Marianne Hætta\Programdata\Apple Computer 2008-01-07 01:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-07 01:45 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-07 01:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-02 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-01-02 19:12 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-02 19:12 --------- d-----w C:\Programfiler\Creative 2008-01-02 19:11 --------- d-----w C:\Programfiler\Audible 2008-01-02 19:08 --------- d--h--w C:\Programfiler\Creative Installation Information 2008-01-02 18:59 --------- d-----w C:\Programfiler\Fellesfiler\Creative . <pre> ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask .exe" [2008-01-21 00:41 286720] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2008-01-21 01:22 233534] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2008-01-21 01:23 188416] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 18:48 73728] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-08-19 18:06] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06] . Contents of the 'Scheduled Tasks' folder "2008-01-07 01:46:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-09 22:11:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-09 20:31:06 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 23:24:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????7?7?1?3??`???? ???B?????????????hLC???????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-09 23:25:46 ComboFix-quarantined-files.txt 2008-02-09 22:25:27 ComboFix2.txt 2008-02-09 20:37:24 ComboFix3.txt 2008-02-08 22:22:32 . 2008-02-08 20:03:27 --- E O F --- er det noe mer å gjøre da, tror du?? Lenke til kommentar
norbat Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 (endret) Opprett på ny en CFScript-fil med følgende innhold: RenV:: ----a-w 286,720 2008-01-20 23:41:58 C:\Programfiler\QuickTime\QTTask .exe Ps. Sjekk at det er to mellomrom mellom QTTask og .exe (Det ble bare ett forrige gang, så prøv på nytt ) Post loggen Endret 10. februar 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå