Security Alert:spyware found/pop_up problemer.

[G3]

Fint å høre at PC-en kjører ok.

Vil tro at trojaneren som har vært på ferde har slettet gjenopprettingspunktene. Sørg bare for at systemgjenopprettingen er aktivert slik at funksjonen fungerer. Si i fra om dette ikke er tilfellet.

 

 

Systemgjenopprettingen står på.

 

Kjørte et nytt scan her nå, og denne gangen kjørte den helt ut, tror jeg ...

Hadde vært lærerikt å vite om den ser ok ut.. :

 

ComboFix 07-10-25.4 - Dag 2007-10-26 21:02:59.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.789 [GMT 2:00]

Running from: C:\Documents and Settings\Dag\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))

.

 

2007-10-26 18:18 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-26 15:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-10-26 15:42 <DIR> d-------- C:\Documents and Settings\Dag\Programdata\SUPERAntiSpyware.com

2007-10-26 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-10-26 15:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-10-26 15:26 4,836 --a------ C:\WINDOWS\system32\tmp.reg

2007-10-26 12:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-10-26 12:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-10-26 12:09 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-10-26 12:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-10-26 12:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-10-25 18:14 <DIR> d-------- C:\Programfiler\Trend Micro

2007-10-25 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Lavasoft

2007-10-25 10:29 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2007-10-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2007-10-25 10:29 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2007-10-25 10:29 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2007-10-25 10:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec

2007-10-25 10:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterTrust

2007-10-25 10:29 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2007-10-25 10:29 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2007-10-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2007-10-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2007-10-25 10:29 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2007-10-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2007-10-12 10:12 <DIR> d-------- C:\Programfiler\2BrightSparks

2007-10-12 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\2BrightSparks

2007-10-12 10:12 884,976 --a------ C:\WINDOWS\system32\SNU.dll

2007-10-11 19:34 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-26 18:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2007-10-26 15:39 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-10-24 18:51 --------- d-----w C:\Programfiler\Symantec

2007-10-24 18:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-24 18:50 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-24 18:50 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-24 18:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-22 16:09 --------- d-----w C:\Programfiler\Picasa2

2007-10-19 16:06 69,856 ----a-w C:\WINDOWS\system32\drivers\LxrSge10d.sys

2007-10-19 16:06 49,152 ----a-w C:\WINDOWS\system32\LxrSge10s.exe

2007-10-19 16:06 282,624 ----a-w C:\WINDOWS\LxrSGe11e.dll

2007-10-19 16:06 1,605,632 ----a-w C:\WINDOWS\LxrJDLApp.exe

2007-10-14 14:15 --------- d-----w C:\Programfiler\MSN Messenger

2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-08-20 10:03 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-20 10:03 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-20 10:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-08-20 10:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-08-20 10:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-08-20 10:03 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-20 10:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-08-20 10:03 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-08-20 10:03 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-08-20 10:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-08-20 10:03 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-20 10:03 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-20 10:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-08-20 10:03 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-08-20 10:03 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-08-20 10:03 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-20 10:03 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-20 10:03 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-08-20 10:03 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-20 10:03 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-08-20 10:03 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-08-20 10:03 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-08-20 10:03 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-17 10:24 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-08-17 10:24 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2006-05-21 20:27 57,440 ----a-w C:\Documents and Settings\Dag\Programdata\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-24 22:00]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2003-07-17 14:50]

"CamMonitor"="C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 00:23]

"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55]

"RoxioEngineUtility"="C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]

"RoxioDragToDisc"="C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-27 00:21]

"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]

"PRONoMgr.exe"="C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 15:20]

"Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" []

"RealTray"="C:\Programfiler\Real\RealPlayer\RealPlay.exe" [2004-02-20 18:02]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-12-25 15:41]

"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 12:06]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 14:04]

"LogitechCameraAssistant"="C:\Programfiler\Logitech\Video\CameraAssistant.exe" [2005-09-07 07:33]

"LogitechVideo[inspector]"="C:\Programfiler\Logitech\Video\InstallHelper.exe" [2005-09-07 07:39]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 19:22]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]

"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2006-10-16 17:16]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

"WebCamRT.exe"="" []

"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14]

"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Picasa Media Detector"=C:\Programfiler\Picasa2\PicasaMediaDetector.exe

 

C:\Documents and Settings\Dag\Start-meny\Programmer\Oppstart\

Rainlendar.lnk - C:\Programfiler\Rainlendar\Rainlendar.exe [2004-01-28 20:11:30]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2003-03-24 15:07:50]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-15 13:16:32]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

C:\WINDOWS\System32\LgNotify.dll 2003-03-24 13:26 110592 C:\WINDOWS\system32\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS

S3 CE3;Xircom Ethernet Adapter 10/100-tjeneste;C:\WINDOWS\system32\DRIVERS\ce3n5.sys

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a2ea0b1-6fec-11da-a710-c12b114fcdcc}]

AutoRun\command - F:\JDLightning\Windows\JDLightning.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a2ea0b2-6fec-11da-a710-c12b114fcdcc}]

AutoRun\command - J:\JDLightning\Windows\JDLightning.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990c5441-1378-11dc-aaa9-00042377a13f}]

AutoRun\command - F:\InstallTomTomHOME.exe

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-06-15 18:00:29 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Dag.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

.

[norbat]

Ser fin ut den.

 

Surf trygt

[G3]

Ser fin ut den.

 

Surf trygt

 

 

Da gjør jeg det

 

Og nok en gang ; Tusen hjertelig takk for hjelpen

[norbat]

Bare hyggelig.