Ravenlord Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 (endret) HJT Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 08:37:50, on 15.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programfiler\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TEMP\UWEEC4.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\Logitech\iTouch\iTouch.exe C:\Programfiler\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\system32\WLTRAY.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\UltraVNC\vncviewer.exe C:\Documents and Settings\ksn\Skrivebord\jacky.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\MSN Messenger\usnsvc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bruk Firefox og linux. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Programfiler\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: UltraVNC Viewer.lnk = C:\Programfiler\UltraVNC\vncviewer.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://tor/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://tor/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://tor/officescan/console/ClientInstall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://tor/officescan/console/html/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://tor/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://tor/officescan/console/html/AtxConsole.cab O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - http://tor/officescan/console/html/AtxPie.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxx.intern O17 - HKLM\Software\..\Telephony: DomainName = xxxxx.intern O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxx.intern O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxx.intern O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Programfiler\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9441 bytes Combofix ComboFix 07-10-12.4 - KSN 2007-10-15 10:42:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1023 [GMT 2:00] Running from: C:\Documents and Settings\ksn\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))) . 2007-10-15 10:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 08:53 <DIR> d-------- C:\Documents and Settings\ksn\Programdata\HouseCall 6.6 2007-10-15 08:53 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-10-15 06:30 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2007-10-15 06:29 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2007-10-15 06:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2007-10-15 06:29 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2007-10-15 06:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2007-10-15 06:29 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2007-10-15 06:29 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2007-10-15 06:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2007-10-15 06:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2007-10-15 06:29 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2007-10-15 06:29 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2007-10-14 21:04 <DIR> d-------- C:\Programfiler\Lavasoft 2007-10-14 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-10-14 20:39 <DIR> d-------- C:\WINDOWS\pss 2007-10-14 19:30 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-10-14 19:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-10-14 19:30 <DIR> d-------- C:\Documents and Settings\ksn\Programdata\SUPERAntiSpyware.com 2007-10-14 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-10-12 22:07 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-10-12 21:57 <DIR> d-------- C:\Documents and Settings\ksn\Programdata\vlc 2007-10-12 21:47 <DIR> d-------- C:\Programfiler\VideoLAN 2007-10-09 14:34 <DIR> d-------- C:\Documents and Settings\ksn\Programdata\Skype 2007-10-09 14:32 <DIR> d-------- C:\Programfiler\Skype 2007-10-09 14:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2007-10-09 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype 2007-10-03 13:32 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-10-03 13:32 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-10-03 13:32 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-10-03 13:32 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-10-01 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2007-09-25 12:54 <DIR> d-------- C:\serverscheck_databases 2007-09-25 12:54 <DIR> d-------- C:\Programfiler\ServersCheck_Monitoring 2007-09-20 12:04 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-09-20 10:10 <DIR> d-------- C:\Programfiler\Blender Foundation 2007-09-19 09:19 <DIR> d-------- C:\Programfiler\Celestia 2007-09-18 14:07 <DIR> d-------- C:\SWSetup . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 06:36 --------- d-----w C:\Programfiler\Google 2007-10-15 04:32 --------- d-----w C:\Programfiler\Immortal Defense 2007-10-15 04:32 --------- d-----w C:\Documents and Settings\ksn\Programdata\uTorrent 2007-10-15 04:32 --------- d-----w C:\Documents and Settings\ksn\Programdata\Azureus 2007-10-14 22:00 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2007-10-14 17:46 --------- d-----w C:\Documents and Settings\ksn\Programdata\GlarySoft 2007-10-14 17:41 --------- d-----w C:\Programfiler\SpywareBlaster 2007-10-14 09:54 --------- d-----w C:\Programfiler\Java 2007-10-13 06:18 --------- d-----w C:\Programfiler\Windows Desktop Search 2007-10-10 06:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-10-05 08:09 --------- d-----w C:\Programfiler\UltraVNC 2007-10-04 09:29 --------- d-----w C:\Programfiler\Joost 2007-10-01 07:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2007-10-01 06:21 --------- d-----w C:\Programfiler\Last.fm 2007-09-11 06:08 --------- d-----w C:\Programfiler\SiteAdvisor 2007-09-11 06:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor 2007-09-10 11:13 --------- d-----w C:\Programfiler\Wondershare 2007-09-10 07:31 --------- d-----w C:\Programfiler\Nokia 2007-09-10 07:31 --------- d-----w C:\Programfiler\Fellesfiler\Nokia 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2005-12-30 10:53:45 8 --sha-r C:\WINDOWS\neoqaz2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 21:05] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45] "OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33] "Matrox PowerDesk SE"="C:\Programfiler\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2007-04-18 16:29] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 17:42] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 08:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-09-13 13:31] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2007-07-12 13:56:52] UltraVNC Viewer.lnk - C:\Programfiler\UltraVNC\vncviewer.exe [2007-05-03 11:45:47] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PCSuiteTrayApplication"=C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" R2 Matrox Centering Service;Matrox Centering Service;"C:\Programfiler\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe" R2 ntrtscan;OfficeScanNT RealTime Scan;"C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe" R2 tmlisten;OfficeScanNT Listener;"C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe" R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Programfiler\Trend Micro\OfficeScan Client\TmPreFlt.sys S3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500);C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys *Newly Created Service* - TMCOMM . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 10:44:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-15 10:46:58 . --- E O F --- Ber om å få den sjekket pga Superantispyware fant en SMGALNYB.DLL fil i temp mappa som den klassifiserte som unknown trojan origin. Ser ikke noe skummelt selv i loggen men det hjelper ofte med et par ekstra øyne. Var og en raa5c6.exe fil som kjørte. Lokaliserte den i registeret til "Search assistant". Housecall fant "Tspy_small" og "adaware_memwatcher" Ingen av de 2 er farlige de ligger antagelig igjen etter noe som er fjernet tidliger siden ingen andre program reagerer. Vet heller ikke om det er false positive. Endret 15. oktober 2007 av Ravenlord Lenke til kommentar
norbat Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Du kunne ha sjekke fila C:\WINDOWS\TEMP\UWEEC4.EXE på følgende nettsted: http://virusscan.jotti.org/ Eller så kan det være like greit å tømme temp-mappa Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå