Gå til innhold

Hjelp, har fått keylogger og virus (trojan)

Zerpin

Av Zerpin
i IKT-drift og sikkerhet

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
Zerpin

Zerpin

Skrevet
  • Forfatter
Skrevet

HJT logg

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:58:37, on 02.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\NavNT\vptray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\NavNT\defwatch.exe

C:\Programfiler\NavNT\rtvscan.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file)

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134

 

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2.

 

Fra normal modus:

 

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

 

Post følgende logger:

SAS (preferences->statistics/logs)

Smitfraudfix (C:\rapport.txt)

Ny hjt-logg

Lenke til kommentar
Zerpin

Zerpin

Skrevet
  • Forfatter
Skrevet (endret)

SAS logg

 

 

PERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 11/02/2007 at 11:46 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3336

Trace Rules Database Version: 1337

 

Scan type : Complete Scan

Total Scan Time : 00:45:57

 

Memory items scanned : 523

Memory threats detected : 0

Registry items scanned : 5716

Registry threats detected : 15

File items scanned : 34684

File threats detected : 7

 

Adware.Tracking Cookie

C:\Documents and Settings\Jonas\Cookies\jonas@advertising[2].txt

C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonas\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt

 

Trojan.NewDotNet

HKU\.DEFAULT\Software\New.net

HKU\S-1-5-18\Software\New.net

 

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\MSSMGR

HKLM\SOFTWARE\Microsoft\MSSMGR#Data

HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV

HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd

HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

HKLM\SOFTWARE\Microsoft\MSSMGR#LID

C:\VUNDOFIX BACKUPS\SERVICES.DLL.BAD

 

Adware.Toolbar888

HKCR\MyToolBar.MyToolBarObj.1

HKCR\MyToolBar.MyToolBarObj.1\CLSID

HKLM\Software\Classes\MyToolBar.MyToolBarObj.1

HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

 

Trojan.Malware

HKCR\MezziaCodec.Chl

HKCR\MezziaCodec.Chl\CLSID

 

Unclassified.PC MightyMax

HKU\S-1-5-21-796845957-1532298954-725345543-1002\Software\PC MightyMax

 

Trojan.SpySheriff

C:\DOCUMENTS AND SETTINGS\JONAS\HPNUNPYS.EXE

 

 

 

 

 

 

Smitfraudfix logg

 

SmitFraudFix v2.246

 

Scan done at 10:44:16,39, 02.11.2007

Run from C:\Documents and Settings\Jonas\Skrivebord\SmitfraudFix

OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3

HKLM\SYSTEM\CS3\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!Attention, following keys are not inevitably infected!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!Attention, following keys are not inevitably infected!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

 

 

 

*NY* HJT Logg

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:10:09, on 02.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\NavNT\vptray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\NavNT\defwatch.exe

C:\Programfiler\NavNT\rtvscan.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file)

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O13 - WWW Prefix: http://www.serial99.com/?

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160658691765

O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/de/download/NpFp415.dll

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Programfiler\NavNT\defwatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programfiler\NavNT\rtvscan.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 6716 bytes

 

 

 

 

 

Når jeg kjører CounterSpy nå så finner jeg en AFX Windows Rootkit 2003 Backdoor

Endret av Zerpin
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Kjør hjt, sett merke framfor følgendel linjer og klikk Fix checked:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file)

O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O13 - WWW Prefix: http://www.serial99.com/?

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg.

Fortell også hvordan PC-en kjører.

Lenke til kommentar
Zerpin

Zerpin

Skrevet
  • Forfatter
Skrevet (endret)

Combofix Logg

 

 

ComboFix 07-11-01.1 - Jonas 2007-11-02 12:54:41.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.557 [GMT 1:00]

Running from: C:\Documents and Settings\Jonas\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\Fellesfiler\{BC634~1

C:\Programfiler\inetget2

 

.

((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))

.

 

2007-11-02 12:53 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-02 12:12 <DIR> d--hs---- C:\Documents and Settings\Jonas\Siste

2007-11-02 10:58 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-11-02 10:58 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\SUPERAntiSpyware.com

2007-11-02 10:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com

2007-11-02 10:44 1,848 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-02 10:43 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-11-02 10:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-11-02 10:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-02 10:43 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-01 22:24 <DIR> d-------- C:\Programfiler\Trend Micro

2007-11-01 21:32 <DIR> d-------- C:\Programfiler\Yahoo!

2007-11-01 21:32 <DIR> d-------- C:\Programfiler\CCleaner

2007-10-31 15:41 <DIR> d-------- C:\Team17

2007-10-31 15:08 <DIR> d-------- C:\Programfiler\Worms

2007-10-30 16:37 <DIR> d-------- C:\Programfiler\Lavalys

2007-10-30 15:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2007-10-15 21:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-10-15 19:53 <DIR> d-------- C:\Programfiler\ATITool

2007-10-05 21:00 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Sony Setup

2007-10-04 15:43 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2007-10-04 15:43 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll

2007-10-04 14:09 <DIR> d-------- C:\Fraps

2007-10-03 22:33 <DIR> d-------- C:\Programfiler\Vstplugins

2007-10-03 22:33 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Publish Providers

2007-10-03 22:32 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Sony

2007-10-03 22:31 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2007-10-03 22:31 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2007-10-03 22:30 <DIR> d-------- C:\Programfiler\Microsoft SQL Server

2007-10-03 22:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Sony

2007-10-03 22:29 <DIR> d-------- C:\Programfiler\Sony

2007-10-03 22:28 <DIR> d-------- C:\Programfiler\Sony Setup

2007-10-03 21:46 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Viewpoint

2007-10-03 21:45 <DIR> d-------- C:\Programfiler\QuickTime

2007-10-03 21:29 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Azureus

2007-10-03 21:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Azureus

2007-10-03 21:22 <DIR> d-------- C:\Programfiler\Azureus

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-02 09:58 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-11-01 16:12 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP

2007-10-31 15:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-30 15:56 --------- d-----w C:\Documents and Settings\Jonas\Programdata\Skype

2007-10-12 20:34 --------- d-----w C:\Programfiler\SwiftSwitch

2007-10-12 09:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-10-12 09:07 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-10-06 14:24 --------- d-----w C:\Programfiler\DivX

2007-09-30 11:41 --------- d-----w C:\Documents and Settings\Jonas\Programdata\DivX

2007-09-29 14:39 --------- d-----w C:\Documents and Settings\Jonas\Programdata\mIRC

2007-09-29 08:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-09-29 08:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-09-27 14:58 --------- d-----w C:\Documents and Settings\Jonas\Programdata\IGN_DLM

2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll

2007-09-17 14:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-09-17 14:14 22,328 ----a-w C:\Documents and Settings\Jonas\Programdata\PnkBstrK.sys

2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]

"Cmaudio"="cmicnfg.cpl" []

"vptray"="C:\Programfiler\NavNT\vptray.exe" [2001-09-24 07:59]

"RegistryMechanic"="" []

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2007-01-19 20:06]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]

"SunServer"="C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 16:47]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 13:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ALUAlert"=C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonas^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonas^Start-meny^Programmer^Oppstart^Xfire.lnk]

backup=C:\WINDOWS\pss\Xfire.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"D:\Ting Æ Træng\MsgPlus.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Programfiler\Messenger\Msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]

"C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

S3 3Com_A02;3com Driver;C:\WINDOWS\system32\DRIVERS\3C254G50.sys

S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys

S3 StkMini;Syntek DC-112X;C:\WINDOWS\system32\Drivers\StkMini.sys

S3 StkScan;Syntek DC-112X Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys

S3 w3304an5;WN3X0X Wireless Adapter;\??\C:\PROGRA~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS

S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys

S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0443ab46-a608-11da-abc5-806d6172696f}]

\Shell\AutoRun\command - E:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2dc834f-a604-11da-9a83-806d6172696f}]

\Shell\AutoRun\command - D:\MSsetup.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2006-09-21 17:56:46 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-02 12:56:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-11-02 12:57:31

.

--- E O F ---

 

 

 

 

*NY HJT Logg*

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:08:15, on 02.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\NavNT\defwatch.exe

C:\Programfiler\NavNT\rtvscan.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\NavNT\vptray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160658691765

O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/de/download/NpFp415.dll

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Programfiler\NavNT\defwatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programfiler\NavNT\rtvscan.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 6293 bytes

 

 

 

Det virker som PC-en fungerer bra nå.

 

Kan jeg slette programmene som jeg installerte?

 

og Tusen Takk Norbat

Endret av Zerpin
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...