lknight Skrevet 10. februar 2008 Del Skrevet 10. februar 2008 her er nok et Combofix-llogg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - biret 2008-02-10 1:09:43.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.85 [GMT 1:00] Running from: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Ellen Marianne Hætta\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))) . 2008-02-10 01:02 . 2008-02-10 01:02 <DIR> d-------- C:\Programfiler\Combined Community Codec Pack 2008-02-10 01:01 . 2007-06-03 00:26 7,462,674 --a------ C:\Combined-Community-Codec-Pack-2007-02-22.exe 2008-02-10 00:57 . 2008-02-10 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\F-Secure 2008-02-10 00:57 . 2008-02-10 00:57 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe 2008-02-10 00:57 . 2005-06-21 16:32 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-10 00:57 . 2005-06-21 16:31 33,744 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-10 00:56 . 2008-02-10 00:57 <DIR> d-------- C:\Programfiler\F-Secure Anti Virus 2008-02-10 00:54 . 2008-02-10 00:54 <DIR> d-------- C:\Programfiler\F-Secure 2008-02-10 00:53 . 2008-02-10 00:54 <DIR> d-------- C:\Programfiler\F-secure install filer 2008-02-09 23:20 . 2004-08-04 09:00 388,096 --a------ C:\kmd.exe 2008-02-08 23:22 . <DIR> C:\Documents and Settings\Ellen Marianne Hµtta\Lokale innstillinger 2008-02-08 23:22 . <DIR> C:\Documents and Settings\Ellen Marianne Hµtta\Lokale innstillinger 2008-02-08 21:41 . 2008-02-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 21:39 . 2008-02-09 23:29 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 21:38 . 2008-02-08 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:12 . 2008-02-08 21:12 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-06 01:40 . 2008-02-07 03:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-06 01:40 . 2008-02-06 01:40 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 00:15 --------- d-----w C:\Programfiler\QuickTime 2008-02-09 20:27 --------- d-----w C:\Programfiler\Windows Defender 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark Fax Solutions 2008-02-09 20:27 --------- d-----w C:\Programfiler\Lexmark 2300 Series 2008-02-09 20:27 --------- d-----w C:\Programfiler\iTunes 2008-02-09 20:27 --------- d-----w C:\Programfiler\HOTALBUMMyBOX 2008-01-20 00:13 --------- d-----w C:\Programfiler\Lx_cats 2008-01-07 01:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-07 01:45 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-07 01:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-02 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-01-02 19:12 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-02 19:12 --------- d-----w C:\Programfiler\Creative 2008-01-02 19:11 --------- d-----w C:\Programfiler\Audible 2008-01-02 19:08 --------- d--h--w C:\Programfiler\Creative Installation Information 2008-01-02 18:59 --------- d-----w C:\Programfiler\Fellesfiler\Creative . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask .exe" [ ] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2008-01-21 01:22 233534] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2008-01-21 01:23 188416] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 18:48 73728] "F-Secure Manager"="C:\Programfiler\F-Secure Anti Virus\Common\FSM32.exe" [2005-06-02 23:37 122929] "F-Secure TNB"="C:\Programfiler\F-Secure Anti Virus\TNB\TNBUtil.exe" [2004-05-27 09:57 684032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ F-Secure Automatic Update.lnk - C:\Programfiler\F-Secure Anti Virus\BackWeb\7681197\program\F-Secure Automatic Update.exe [2008-02-10 00:57:38 32807] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-06-21 16:32] R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-08-19 18:06] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-SECU~2\BackWeb\7681197\Program\SERVIC~1.EXE [2008-02-10 00:57] R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure Anti Virus\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure Anti Virus\Anti-Virus\Win2K\FSgk.sys [2005-02-16 16:49] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure Anti Virus\Anti-Virus\Win2K\FSrec.sys [2004-12-17 10:34] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06] *Newly Created Service* - BACKWEB_PLUG-IN_-_7681197 *Newly Created Service* - F-SECURE_NETWORK_REQUEST_BROKER *Newly Created Service* - FSDFWD *Newly Created Service* - FSFW *Newly Created Service* - FSMA *Newly Created Service* - LXCGCUSTOMERCONNECT . Contents of the 'Scheduled Tasks' folder "2008-01-07 01:46:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-10 00:18:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-09 23:31:07 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 01:17:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????????h????????? ???B?????????????hLC???????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\F-Secure Anti Virus\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure Anti Virus\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure Anti Virus\BackWeb\7681197\program\fsbwsys.exe C:\Programfiler\F-Secure Anti Virus\Common\FSMA32.EXE C:\Programfiler\F-Secure Anti Virus\Anti-Virus\fssm32.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\F-Secure Anti Virus\Common\FSMB32.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\F-Secure Anti Virus\Common\FCH32.EXE C:\Programfiler\F-Secure Anti Virus\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure Anti Virus\Common\FAMEH32.EXE C:\Programfiler\F-Secure Anti Virus\Anti-Virus\fsrw.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\F-Secure Anti Virus\Common\FNRB32.EXE C:\Programfiler\F-Secure Anti Virus\FWES\Program\fsdfwd.exe C:\Programfiler\F-Secure Anti Virus\Anti-Virus\fsav32.exe C:\Programfiler\F-Secure Anti Virus\Common\FIH32.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\F-SECU~2\ANTI-S~1\fsaw.exe C:\Programfiler\F-Secure Anti Virus\FSGUI\fsguidll.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe C:\Programfiler\F-Secure Anti Virus\fsgui\fsavgui.exe C:\Programfiler\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ************************************************************************** . Completion time: 2008-02-10 1:23:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-10 00:23:00 ComboFix2.txt 2008-02-09 22:25:46 ComboFix3.txt 2008-02-09 20:37:24 ComboFix4.txt 2008-02-08 22:22:32 . 2008-02-08 20:03:27 --- E O F --- Lenke til kommentar
General_Kebab Skrevet 10. februar 2008 Del Skrevet 10. februar 2008 Ingen spor etter Norton , General_Kebab ok tusen takk for all hjelpa. Lenke til kommentar
norbat Skrevet 10. februar 2008 Forfatter Del Skrevet 10. februar 2008 lknight: Gå til legg til / fjern programmer og avinstaller QuickTime Før du laster ned ny QuickTime, sørg for at mappa er slettet: C:\Programfiler\QuickTime Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background Avinstaller combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør). Dette vil automatisk fjerne combofix, karantenefiler og nullstille systemgjenopprettingen. Kjør deretter en full scan med ditt antivirusprogram. Ut over dette ser det fint ut. Fortell gjerne om F-secure fant noe og om hvordan PC-en kjører. Lenke til kommentar
Shoo Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 Jeg lurer på en ting... Skal ha meg ny AV-program, men er usikker på hvem jeg skal gå for. Har en ganske så treig maskin med ikke fullt så mye minne (512mb, faktisk). Har prøvd F-Secure, men den sluker noe sinnsykt på minnekapasiteten også går alt så treigt når den kjører i bakgrunnen. Hva slags programmer untenom F-Secure, Avast og Norton ville du anbefalt? Kan ikke ha en laptop uten AV-program... Lenke til kommentar
DreamHeaven Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 Hei, har fått en eller annen form for spyware og lurer på hvordan jeg skal fjærne det. Har fulgt hele guide 2. Her er loggene fra programmene jeg kjørte: combofix logg ComboFix 08-02-12.1 - Ulle 2008-02-11 21:47:56.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.129 [GMT 1:00] Running from: C:\Documents and Settings\Ulle\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat C:\Programfiler\Helper ----- BITS: Possible infected sites ----- hxxp://icanhascheezburger.com hxxp://s.wordpress.com hxxp://icanhascheezburger.files.wordpress.com hxxp://www.gravatar.com hxxp://a.wordpress.com hxxp://pixel.quantserve.com . ((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))) . 2008-02-11 20:45 . 2008-02-11 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-11 20:44 . 2008-02-11 21:45 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-11 20:44 . 2008-02-11 20:44 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\SUPERAntiSpyware.com 2008-02-11 20:42 . 2008-02-11 21:15 <DIR> dr-h----- C:\Documents and Settings\Ulle\Siste 2008-02-11 20:40 . 2008-02-11 20:40 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-11 00:01 . 2008-02-11 00:01 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-02-11 00:01 . 2008-02-11 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-10 23:45 . 2008-02-10 23:49 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-02-10 23:44 . 2008-02-10 23:44 <DIR> d-------- C:\Programfiler\NetProject 2008-02-08 17:49 . 2008-02-08 17:49 <DIR> d-------- C:\Programfiler\Google 2008-01-30 00:52 . 2008-02-10 19:41 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-29 20:33 . 2008-01-29 20:33 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Leadertech 2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Programfiler\Atari 2008-01-29 20:29 . 2008-01-29 20:29 <DIR> d-------- C:\Programfiler\ffdshow 2008-01-29 20:29 . 2007-04-20 22:13 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-01-29 20:29 . 2007-04-06 19:46 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-01-29 20:27 . 2008-01-29 20:27 <DIR> d-------- C:\Programfiler\4U Computing 2008-01-23 19:10 . 2008-02-06 02:43 <DIR> d-------- C:\Programfiler\Full Tilt Poker 2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d-------- C:\Programfiler\iPod 2008-01-17 19:14 . 2008-01-17 19:14 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Programfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-01-16 22:56 . 2008-01-16 22:56 <DIR> d-------- C:\Programfiler\Hotspot Shield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 20:46 --------- d-----w C:\Programfiler\Steam 2008-02-11 20:44 --------- d-----w C:\Programfiler\Free Music Zilla 2008-02-11 20:42 --------- d-----w C:\Documents and Settings\Ulle\Programdata\uTorrent 2008-02-11 19:44 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-06 19:41 --------- d-----w C:\Documents and Settings\Ulle\Programdata\OpenOffice.org2 2008-02-05 22:33 16,874 ----a-w C:\WINDOWS\Fonts\ghostwriter.zip 2008-01-29 19:29 13,312 --s-a-w C:\WINDOWS\system32\wuuawkz.dll 2008-01-23 18:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-19 20:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-19 19:17 --------- d-----w C:\Programfiler\CarbonPoker 2008-01-18 17:24 --------- d-----w C:\Documents and Settings\Ulle\Programdata\Apple Computer 2008-01-18 13:12 --------- d-----w C:\Programfiler\World of Warcraft 2008-01-17 21:09 --------- d-----w C:\Programfiler\iTunes 2008-01-17 21:07 --------- d-----w C:\Programfiler\QuickTime 2008-01-02 00:40 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-29 16:26 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2001-11-23 07:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] 2008-02-11 21:43 10240 --a------ C:\Programfiler\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {81705D67-3F73-4983-859B-97D09 HJT logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:31, on 12.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\D-Link\Air USB Utility\AirCFG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WZCBDL Service\WZCBDLS.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\NetProject\sbsm.exe C:\Programfiler\Messenger\MSMSGS.EXE C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Ulle\Skrivebord\hjt\HijackThis.exe C:\Documents and Settings\Ulle\Skrivebord\hjt\test.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programfiler\NetProject\sbmdl.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programfiler\NetProject\wamdl.dll O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programfiler\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: FMZilla.lnk = C:\Programfiler\Free Music Zilla\FMZilla.exe O4 - Global Startup: Google Desktop-sidefelt.lnk = C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Ulle\Start-meny\Programmer\CarbonPoker\CarbonPoker.lnk (HKCU) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe -- End of file - 8020 bytes SAS logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/11/2008 at 09:34 PM Application Version : 3.9.1008 Core Rules Database Version : 3399 Trace Rules Database Version: 1391 Scan type : Complete Scan Total Scan Time : 00:48:09 Memory items scanned : 554 Memory threats detected : 0 Registry items scanned : 5500 Registry threats detected : 37 File items scanned : 38932 File threats detected : 5 Adware.E404 Helper/Variant-A HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\InprocServer32 HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\InprocServer32#ThreadingModel HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\ProgID HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\Programmable HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\TypeLib HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\VersionIndependentProgID C:\PROGRAMFILER\HELPER\1202683491.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} Trojan.Security Toolbar C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url Trojan.DNSChanger-Codec HKCR\CLSID\E404.e404mgr HKCR\CLSID\E404.e404mgr#UserId Trojan.Media-Codec/V4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Programfiler\NetProject\scit.exe ] Adware.E404 Helper/Hij HKCR\E404.e404mgr HKCR\E404.e404mgr\CLSID HKCR\E404.e404mgr\CurVer HKCR\E404.e404mgr.1 HKCR\E404.e404mgr.1\CLSID HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Rogue.VirusHeat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\bdsJ HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\bhynPvce HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\HehRkhtaWuft HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\isirqwbjulZk HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\PersistentHandler HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\qxqIprug HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\wiSvO C:\SYSTEM VOLUME INFORMATION\_RESTORE{35DEA3EC-68C9-4684-898E-6999D5A1D4B2}\RP243\A0011667.EXE Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\ULLE\FAVORITTER\ONLINE SECURITY TEST.URL Takk på forhånd Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 Jeg lurer på en ting... Skal ha meg ny AV-program, men er usikker på hvem jeg skal gå for. Har en ganske så treig maskin med ikke fullt så mye minne (512mb, faktisk). Har prøvd F-Secure, men den sluker noe sinnsykt på minnekapasiteten også går alt så treigt når den kjører i bakgrunnen. Hva slags programmer untenom F-Secure, Avast og Norton ville du anbefalt? Kan ikke ha en laptop uten AV-program... Du kan forsøke AVG (free edition) Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 DreamHeaven: Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programfiler\NetProject\sbmdl.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programfiler\NetProject\wamdl.dll O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll Kjør Combofix på nytt og post loggen Lenke til kommentar
DreamHeaven Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 DreamHeaven: Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programfiler\NetProject\sbmdl.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Programfiler\NetProject\wamdl.dll O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll Kjør Combofix på nytt og post loggen Da var det gjort: Combofix logg: ComboFix 08-02-12.1 - Ulle 2008-02-12 22:33:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.82 [GMT 1:00] Running from: C:\Documents and Settings\Ulle\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))) . 2008-02-11 20:45 . 2008-02-11 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-11 20:44 . 2008-02-12 21:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-11 20:44 . 2008-02-11 20:44 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\SUPERAntiSpyware.com 2008-02-11 20:42 . 2008-02-11 21:15 <DIR> dr-h----- C:\Documents and Settings\Ulle\Siste 2008-02-11 20:40 . 2008-02-11 20:40 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-11 00:01 . 2008-02-11 00:01 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-02-11 00:01 . 2008-02-11 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-10 23:45 . 2008-02-10 23:49 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-02-10 23:44 . 2008-02-10 23:44 <DIR> d-------- C:\Programfiler\NetProject 2008-02-08 17:49 . 2008-02-08 17:49 <DIR> d-------- C:\Programfiler\Google 2008-01-30 00:52 . 2008-02-10 19:41 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-29 20:33 . 2008-01-29 20:33 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Leadertech 2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Programfiler\Atari 2008-01-29 20:29 . 2008-01-29 20:29 <DIR> d-------- C:\Programfiler\ffdshow 2008-01-29 20:29 . 2007-04-20 22:13 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-01-29 20:29 . 2007-04-06 19:46 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-01-29 20:27 . 2008-01-29 20:27 <DIR> d-------- C:\Programfiler\4U Computing 2008-01-23 19:10 . 2008-02-06 02:43 <DIR> d-------- C:\Programfiler\Full Tilt Poker 2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d-------- C:\Programfiler\iPod 2008-01-17 19:14 . 2008-01-17 19:14 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Programfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-01-16 22:56 . 2008-01-16 22:56 <DIR> d-------- C:\Programfiler\Hotspot Shield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 20:46 --------- d-----w C:\Programfiler\Steam 2008-02-11 20:44 --------- d-----w C:\Programfiler\Free Music Zilla 2008-02-11 20:42 --------- d-----w C:\Documents and Settings\Ulle\Programdata\uTorrent 2008-02-11 19:44 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-06 19:41 --------- d-----w C:\Documents and Settings\Ulle\Programdata\OpenOffice.org2 2008-02-05 22:33 16,874 ----a-w C:\WINDOWS\Fonts\ghostwriter.zip 2008-01-29 19:29 13,312 --s-a-w C:\WINDOWS\system32\wuuawkz.dll 2008-01-23 18:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-19 20:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-19 19:17 --------- d-----w C:\Programfiler\CarbonPoker 2008-01-18 17:24 --------- d-----w C:\Documents and Settings\Ulle\Programdata\Apple Computer 2008-01-18 13:12 --------- d-----w C:\Programfiler\World of Warcraft 2008-01-17 21:09 --------- d-----w C:\Programfiler\iTunes 2008-01-17 21:07 --------- d-----w C:\Programfiler\QuickTime 2008-01-02 00:40 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-29 16:26 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2001-11-23 07:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] 2008-02-12 22:32 10240 --a------ C:\Programfiler\NetProject\sbmdl.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Programfiler\NetProject\wamdl.dll [2008-02-10 23:44 76800] [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Steam"="C:\Programfiler\Steam\Steam.exe" [2007-11-30 12:25 1266936] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link Air USB Utility"="C:\Programfiler\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 07:21 2695168] "Cmaudio"="cmicnfg.cpl" [] "SoundMan"="SOUNDMAN.EXE" [2003-05-14 06:20 55296 C:\WINDOWS\SOUNDMAN.EXE] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 17:49 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\Ulle\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] FMZilla.lnk - C:\Programfiler\Free Music Zilla\FMZilla.exe [2007-12-04 22:35:34 626688] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Google Desktop-sidefelt.lnk - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-08 17:49:37 29744] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"= C:\Programfiler\NetProject\sbmntr.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R2 NIOC;NIOC Service;C:\WINDOWS\System32\NIOC.SYS [2002-09-27 17:21] R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 18:44] R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 07:52] S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 17:49] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09] Start Pending2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 11:15] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-12 22:35:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-12 22:37:36 ComboFix-quarantined-files.txt 2008-02-12 21:37:27 ComboFix2.txt 2008-02-12 20:52:51 . 2008-02-04 00:19:56 --- E O F --- Lenke til kommentar
trygvea Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 Hei...har nå gjort det som blir sagt i innledningen, og skal nå poste loggene...er det bare jeg som ikke får det til? Hvis eg bare skrive det i dette vinduet som jeg skriver svaret i sså blir det vel 3 siders inlegg, og det blir vel ikke populært? Hvordan poster eg loggene? Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 DreamHeaven: Om mulig, avinstaller følgende program fra legg til / fjern programmer: Full Tilt Poker Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\wuuawkz.dll Folder:: C:\Programfiler\NetProject C:\Programfiler\Full Tilt Poker Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=- Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 (endret) Hei...har nå gjort det som blir sagt i innledningen, og skal nå poste loggene...er det bare jeg som ikke får det til?Hvis eg bare skrive det i dette vinduet som jeg skriver svaret i sså blir det vel 3 siders inlegg, og det blir vel ikke populært? Hvordan poster eg loggene? Hei trygvea. Det beste er om du oppretter en NY TRÅD (klikk Nytt emne). Deretter kopierer du og limer inn loggene. For å 'skjule' loggene slik: Bruker du SPOILER-taggen. Du finner den lettest om du slår på 'Sidepanel på/av' Endret 11. februar 2008 av norbat Lenke til kommentar
DreamHeaven Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 DreamHeaven: Om mulig, avinstaller følgende program fra legg til / fjern programmer: Full Tilt Poker Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\wuuawkz.dll Folder:: C:\Programfiler\NetProject C:\Programfiler\Full Tilt Poker Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=- Det var nå gjort. Fraråder du meg i å laste ned full tilt poker igjen? Combofix logg: ComboFix 08-02-12.1 - Ulle 2008-02-12 23:01:03.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.117 [GMT 1:00] Running from: C:\Documents and Settings\Ulle\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Ulle\Skrivebord\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\wuuawkz.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\NetProject\sbmdl.dll C:\Programfiler\Full Tilt Poker C:\Programfiler\Full Tilt Poker\Cache\42D4EB830001.dc C:\Programfiler\Full Tilt Poker\Phenyl.dat C:\Programfiler\NetProject\ot.ico C:\Programfiler\NetProject\sbmdl.dll C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\NetProject\sbsm.exe C:\Programfiler\NetProject\sbun.exe C:\Programfiler\NetProject\scit.exe C:\Programfiler\NetProject\scm.exe C:\Programfiler\NetProject\scu.exe C:\Programfiler\NetProject\ts.ico C:\Programfiler\NetProject\uninst.exe C:\Programfiler\NetProject\wamdl.dll C:\Programfiler\NetProject\waun.exe C:\WINDOWS\system32\wuuawkz.dll C:\Programfiler\NetProject . ((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))) . 2008-02-11 20:45 . 2008-02-11 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-11 20:44 . 2008-02-12 21:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-11 20:44 . 2008-02-11 20:44 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\SUPERAntiSpyware.com 2008-02-11 20:42 . 2008-02-12 22:59 <DIR> dr-h----- C:\Documents and Settings\Ulle\Siste 2008-02-11 20:40 . 2008-02-11 20:40 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-11 00:01 . 2008-02-11 00:01 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-02-11 00:01 . 2008-02-11 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-10 23:45 . 2008-02-10 23:49 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-02-08 17:49 . 2008-02-08 17:49 <DIR> d-------- C:\Programfiler\Google 2008-01-30 00:52 . 2008-02-10 19:41 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-29 20:33 . 2008-01-29 20:33 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Leadertech 2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Programfiler\Atari 2008-01-29 20:29 . 2008-01-29 20:29 <DIR> d-------- C:\Programfiler\ffdshow 2008-01-29 20:29 . 2007-04-20 22:13 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-01-29 20:29 . 2007-04-06 19:46 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-01-29 20:27 . 2008-01-29 20:27 <DIR> d-------- C:\Programfiler\4U Computing 2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d-------- C:\Programfiler\iPod 2008-01-17 19:14 . 2008-01-17 19:14 <DIR> d-------- C:\Documents and Settings\Ulle\Programdata\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Programfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-01-16 22:56 . 2008-01-16 22:56 <DIR> d-------- C:\Programfiler\Hotspot Shield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-12 22:06 --------- d-----w C:\Programfiler\Steam 2008-02-12 22:05 --------- d-----w C:\Programfiler\Free Music Zilla 2008-02-12 21:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-11 20:42 --------- d-----w C:\Documents and Settings\Ulle\Programdata\uTorrent 2008-02-11 19:44 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-06 19:41 --------- d-----w C:\Documents and Settings\Ulle\Programdata\OpenOffice.org2 2008-02-05 22:33 16,874 ----a-w C:\WINDOWS\Fonts\ghostwriter.zip 2008-01-19 20:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-19 19:17 --------- d-----w C:\Programfiler\CarbonPoker 2008-01-18 17:24 --------- d-----w C:\Documents and Settings\Ulle\Programdata\Apple Computer 2008-01-18 13:12 --------- d-----w C:\Programfiler\World of Warcraft 2008-01-17 21:09 --------- d-----w C:\Programfiler\iTunes 2008-01-17 21:07 --------- d-----w C:\Programfiler\QuickTime 2008-01-02 00:40 --------- d-----w C:\Programfiler\Electronic Arts 2007-12-29 16:26 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2001-11-23 07:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Steam"="C:\Programfiler\Steam\Steam.exe" [2007-11-30 12:25 1266936] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link Air USB Utility"="C:\Programfiler\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 07:21 2695168] "Cmaudio"="cmicnfg.cpl" [] "SoundMan"="SOUNDMAN.EXE" [2003-05-14 06:20 55296 C:\WINDOWS\SOUNDMAN.EXE] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 17:49 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\Ulle\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] FMZilla.lnk - C:\Programfiler\Free Music Zilla\FMZilla.exe [2007-12-04 22:35:34 626688] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Google Desktop-sidefelt.lnk - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-08 17:49:37 29744] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R2 NIOC;NIOC Service;C:\WINDOWS\System32\NIOC.SYS [2002-09-27 17:21] R2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 11:15] R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 18:44] R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 07:52] S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 17:49] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-12 23:05:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2008-02-12 23:08:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-12 22:08:49 ComboFix2.txt 2008-02-12 21:37:37 ComboFix3.txt 2008-02-12 20:52:51 . 2008-02-04 00:19:56 --- E O F --- Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 (endret) Fix følgende linje med HJT: O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} (mulig det står no file e.l bak) Hvis Full Tilt Poker er denne: http://www.bleepingcomputer.com/uninstall/...Tilt-Poker.html, så ja. Den holder du deg borte fra. Om det egentlig er et helt annet program, så får du vurdere selv. Loggene ser fine ut etter dette. Opplever du fortsatt problemer med malware av noe slag? Hvis ikke kan du avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør) Dette fjerner programmet, backupfiler samt nullstiller systemgjenopprettingen. Endret 11. februar 2008 av norbat Lenke til kommentar
DreamHeaven Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 Fix følgende linje med HJT:O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} (mulig det står no file e.l bak) Hvis Full Tilt Poker er denne: http://www.bleepingcomputer.com/uninstall/...Tilt-Poker.html, så ja. Den holder du deg borte fra. Om det egentlig er et helt annet program, så får du vurdere selv. Loggene ser fine ut etter dette. Opplever du fortsatt problemer med malware av noe slag? Hvis ikke kan du avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør) Dette fjerner programmet, backupfiler samt nullstiller systemgjenopprettingen. Jeg finner ikke "O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}" i HJT. Men jeg merker ikke noe mer problemer med maskinen nå. så jeg tror jeg bare lar det være som det er! med mindre det er noe veldig viktig å fikse Takk for all hjelpen! veldig takknemlig. ps. Full tilt poker er et poker program jeg har lastet ned fra www.fulltiltpoker.com. Lenke til kommentar
norbat Skrevet 11. februar 2008 Forfatter Del Skrevet 11. februar 2008 Du må gjerne spille poker med 'programmet' fra www.fulltiltpoker.com. Men jeg kan ikke gå god for hvor adwarefri dette programmet er. For den saks skyld kan det være et helt kurrant program Surf trygt. Lenke til kommentar
Shoo Skrevet 11. februar 2008 Del Skrevet 11. februar 2008 Ok. Har brukt AVG før, og jeg likte ikke den noe særlig da... Men er så lenge siden det at jeg får vel gi den en sjanse igjen. Er vel ikke så mye jeg kan forlange med denne PC-en, men men... Er det noen spesiell grunn til at man skal avinstallere Combofix da..? Ser at du har nevnt det ved et par anledninger... Lenke til kommentar
norbat Skrevet 12. februar 2008 Forfatter Del Skrevet 12. februar 2008 Shoo: Combofix oppdateres jevnlig, så blir man bedt om å kjøre det igjen, så laster man bare ned på ny Lenke til kommentar
General_Kebab Skrevet 15. februar 2008 Del Skrevet 15. februar 2008 Ingen spor etter Norton , General_Kebab ok tusen takk for all hjelpa. men eit spørsmål til: skal eg berre slette combofix, hijackthis og/eller SUPERAntiSpyware? Lenke til kommentar
jotran Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 Hey Har fått malmware eller hva det enn er av typen netprojecet, kommer sånn meldinger nederst på skjermen til høyre. har kjørt HTJ, og her jeg loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:04:38, on 16.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Programfiler\Sotfone\1203124518.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Programfiler\Helper\1203124515.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Programfiler\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194740828054 O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe -- End of file - 5281 bytes Kan noen hjelpe meg å fjerne dem? =) Lenke til kommentar
r2d290 Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 (endret) Jotran: Jeg har svart deg her Endret 16. februar 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå