steinage Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 Kan noen hjelpe meg med å tolke denne her : (har "flust" av feilmeldinger med svchost.exe) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:48:20, on 15.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\P1370Mon.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TomTom HOME\TomTomHOME.exe D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\Program Files\Mamut Teamwork\Mamut Teamwork\Mamut Teamwork.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nelfo.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nelfo.no/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exe O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [PrnSys Executable] D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mamut Teamwork.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe O4 - Global Startup: Phone Connection Monitor.lnk = ? O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://login.nho.no O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 14840 bytes Lenke til kommentar
norbat Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 (endret) Prøv følgende: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' 'Register', til det ikke finner flere feil. Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Endret 17. oktober 2007 av norbat Lenke til kommentar
steinage Skrevet 17. oktober 2007 Forfatter Del Skrevet 17. oktober 2007 (endret) Kjør noen runder med "saker" oppfattet jeg ikke hva var.... sikkert noe i CCleaner... men hva ? Takker for hjelp så langt.... fant mye som ble slettet med Ccleaner. Endret 17. oktober 2007 av steinage Lenke til kommentar
norbat Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 Sorry, i den nye versjonen heter det 'Register'. Lenke til kommentar
steinage Skrevet 17. oktober 2007 Forfatter Del Skrevet 17. oktober 2007 Sorry, i den nye versjonen heter det 'Register'. Da skal jeg vel rette feilene også da.... Kjørte combofix... her er loggen : ComboFix 07-10-17.8 - SAG 2007-10-17 21:51:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT 2:00] Running from: C:\Documents and Settings\SAG\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\SAG\err.log C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\odyEvent.dll . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-17 21:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-17 21:24 <DIR> d-------- C:\Program Files\CCleaner 2007-10-17 19:59 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-17 19:41 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-15 22:31 <DIR> d-------- C:\Program Files\RegistryFix 2007-10-15 18:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\OkiData 2007-10-08 19:43 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Ahead 2007-10-08 19:11 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Download Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 19:50 --------- d-----w C:\Documents and Settings\SAG\Application Data\Skype 2007-10-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-17 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-15 19:59 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-15 17:49 --------- d-----w C:\Program Files\Mamut 2007-10-08 14:31 --------- d-----w C:\Documents and Settings\SAG\Application Data\AdobeUM 2007-09-06 17:02 --------- d-----w C:\Program Files\ELKOmatic 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-03 09:30 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-21 06:03 --------- d-----w C:\Program Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 16:21] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 17:34] "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 C:\WINDOWS\RTHDCPL.EXE] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 02:15] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 10:20] "IndicatorUtility"="C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 11:53] "LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 15:44] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 15:41] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 15:58 C:\WINDOWS\AGRSMMSG.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "AirCardEnabler"="C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2006-01-20 15:24] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44] "P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe" [2006-06-20 02:00] "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52] "PrnSys Executable"="D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2004-05-28 22:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 12:04] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 19:55] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] C:\Documents and Settings\SAG\Start Menu\Programs\Startup\ Mamut Teamwork.lnk - C:\Documents and Settings\SAG\Application Data\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2006-05-23 09:56:05] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe [2006-05-12 09:18:13] R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R2 SSIPDDP;SSIPDDP Parallel port device driver;\??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys S3 P1370Aud;Creative WebCam Audio Control;\??\C:\WINDOWS\system32\Drivers\P1370Aud.sys S3 P1370Aul;PD1370 Lower Filter Driver;\??\C:\WINDOWS\system32\Drivers\P1370Aul.sys S3 P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys . Contents of the 'Scheduled Tasks' folder "2007-10-10 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-17 21:56:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-17 21:59:22 - machine was rebooted . --- E O F --- Lenke til kommentar
steinage Skrevet 17. oktober 2007 Forfatter Del Skrevet 17. oktober 2007 Her er ny LOG fra combofix.... : (Hva forteller denne ?) ComboFix 07-10-17.8 - SAG 2007-10-17 22:11:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.410 [GMT 2:00] Running from: C:\Documents and Settings\SAG\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-17 21:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-17 21:24 <DIR> d-------- C:\Program Files\CCleaner 2007-10-17 19:59 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-17 19:41 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-15 22:31 <DIR> d-------- C:\Program Files\RegistryFix 2007-10-15 18:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\OkiData 2007-10-08 19:43 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Ahead 2007-10-08 19:11 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Download Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 20:12 --------- d-----w C:\Documents and Settings\SAG\Application Data\Skype 2007-10-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-17 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-15 19:59 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-15 17:49 --------- d-----w C:\Program Files\Mamut 2007-10-08 14:31 --------- d-----w C:\Documents and Settings\SAG\Application Data\AdobeUM 2007-09-06 17:02 --------- d-----w C:\Program Files\ELKOmatic 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-03 09:30 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 06:03 --------- d-----w C:\Program Files\Java 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 16:21] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 17:34] "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 C:\WINDOWS\RTHDCPL.EXE] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 02:15] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 10:20] "IndicatorUtility"="C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 11:53] "LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 15:44] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 15:41] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 15:58 C:\WINDOWS\AGRSMMSG.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "AirCardEnabler"="C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2006-01-20 15:24] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44] "P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe" [2006-06-20 02:00] "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52] "PrnSys Executable"="D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2004-05-28 22:47] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 12:04] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 19:55] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] C:\Documents and Settings\SAG\Start Menu\Programs\Startup\ Mamut Teamwork.lnk - C:\Documents and Settings\SAG\Application Data\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2006-05-23 09:56:05] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe [2006-05-12 09:18:13] R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R2 SSIPDDP;SSIPDDP Parallel port device driver;\??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys S3 P1370Aud;Creative WebCam Audio Control;\??\C:\WINDOWS\system32\Drivers\P1370Aud.sys S3 P1370Aul;PD1370 Lower Filter Driver;\??\C:\WINDOWS\system32\Drivers\P1370Aul.sys S3 P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys . Contents of the 'Scheduled Tasks' folder "2007-10-10 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-17 22:13:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-17 22:13:41 C:\ComboFix2.txt ... 2007-10-17 21:59 . --- E O F --- Lenke til kommentar
norbat Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 Loggen ser grei ut. Plages du fortsatt med svchost? Lenke til kommentar
steinage Skrevet 17. oktober 2007 Forfatter Del Skrevet 17. oktober 2007 NEI NÅ er PC-en stabil... ingen feilmeldinger.... t.o.m. de feilene som kom med Generic host process Win32 services er blitt borte... Tror du at problemene er løst nå ??? I så fall takker og bukker jeg så mye... Ha en fin kveld videre Lenke til kommentar
norbat Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 Det hjelper å rydde litt , men om dette er nok til å gjøre PC-en stabil over tid er usikkert. Du får rope ut hvis problemene begynner igjen. Lenke til kommentar
steinage Skrevet 17. oktober 2007 Forfatter Del Skrevet 17. oktober 2007 TAKK.....for det.... Kan noe av disse meldingene over her komme av NOEN direktemeldinger på MSN fra min datter ? (Legger ved en slik melding) MSN til henne "øste" ut slike meldinger..... Vil denne prosessen som jeg har gjort her, rette opp feilene som ligger på min datter's PC også ?? Igjen takknemlig for gode svar....... Lenke til kommentar
norbat Skrevet 17. oktober 2007 Del Skrevet 17. oktober 2007 Hvis din datters msn pøser ut de meldingen du nevner, har hun fått en orm som du kan fjerne ved å gjøre følgende: Last ned, pakk ut og kjør: MSNFix Deretter kjører du en runde med Combofix og poster loggen den lager. Lenke til kommentar
steinage Skrevet 18. oktober 2007 Forfatter Del Skrevet 18. oktober 2007 Ny dag nye muligheter sies det.........!! Ny dag ble bare en fortsettelse av de samme feilmeldingene som nevnt over... (svchost.exe) HVA NÅ..... noen som har gode råd..?? Lenke til kommentar
norbat Skrevet 18. oktober 2007 Del Skrevet 18. oktober 2007 (endret) Ja, hadde en liten mistanke om at det bare var et midlertidig opphold... Det er ingen ting som tyder på at du har noen form for infeksjoner (virus, spyware etc.). Vi kan sjekke om det er noen systemfiler som er i ulage: Klikk: Start->Kjør Skriv: sfc /scannow (mellomrom mellom sfc og / ) Mulig du trenger XP-CD-en. Er det noe spesielt program du bruker når disse svchost meldingen kommer? Endret 18. oktober 2007 av norbat Lenke til kommentar
steinage Skrevet 18. oktober 2007 Forfatter Del Skrevet 18. oktober 2007 Kjørte sfc /scannow uten at noen melding kom..... bare avsluttet når den var ferdig. Ligger det en log en plass ? Svchost.exe meldingene kom med en gang jeg startet PC-en igjen i dag.... stod på i hele natt uten at noen meldinger kom. Avsluttet og reiste på jobb.... og da begynte "moroa" igjen... akkurat som før. Starter som sagt med en gang PC-en starter...og før alle oppgaver er ferdig startet også..... Generic host meldingen kom også.... Den sier noen har sammenheng med HP skriver som jeg har i nettverk hjemme, over D-link trådløs router.... Har du noen forslag til videre feilsøking ? Hadde tidligere i år en sånn "reklamevirus" problem... ble villedet til å foreta en installasjon av et program (windows "like" update... av noe slag...kan finne ut hva det het) Kan det være noe som henger igjen etter det ? Lenke til kommentar
norbat Skrevet 18. oktober 2007 Del Skrevet 18. oktober 2007 (endret) De loggene jeg har sett fra deg, tyder ikke på at det ligger noe igjen (av betydning). Du kunne ha sjekket i 'hendelseslisten' om den sier noe om hva som evt. kan forårsake disse feilmeldingene. Kontrollpanel->Administrative verktøy->Hendelsesliste Det kan også være en ide å avinstallere de programmene du ikke bruker. Videre kan det være greit å sjekke om det finnes oppdaterte drivere til hardwaren (skriver, skjermkort etc.) EDIT: sfc gir sjelden noen melding om den har rettet noe eller ei og det lages ikke noe logg. Endret 18. oktober 2007 av norbat Lenke til kommentar
steinage Skrevet 18. oktober 2007 Forfatter Del Skrevet 18. oktober 2007 HEI igjen.... Driver til HP 7410 all-in-one har jeg forsøkt å oppdatere, men meldingene ble ikke borte. Andre program kan jeg sjekke.... men bruker nok det meste.... legger ved skjermbilde fra EventViewer... eller kan de hentes som tekstfil kanskje ? Lenke til kommentar
norbat Skrevet 18. oktober 2007 Del Skrevet 18. oktober 2007 Hvis du dobbeltklikker på noen av errorene i f.eks. application-lista, så burde det komme litt mer info om hva dette gjelder. Lenke til kommentar
steinage Skrevet 18. oktober 2007 Forfatter Del Skrevet 18. oktober 2007 Her er den øverste feilen.... Lenke til kommentar
norbat Skrevet 18. oktober 2007 Del Skrevet 18. oktober 2007 (endret) Det sa dessverre ikke meg så mye. Er de andre errorene likelydende? Edit: Vi kunne ha sjekke for rootkit: Last ned Rootchk. Kjør programmet og etter noen strakser, vil det dukke opp en logg. Hvis den forteller at den har funnet noe, post gjerne loggen. Endret 18. oktober 2007 av norbat Lenke til kommentar
steinage Skrevet 18. oktober 2007 Forfatter Del Skrevet 18. oktober 2007 SE her.. Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x009f96bc. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. teksten i description ser lik på alle de øverste i hvert fall.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå