kjetilm Skrevet 21. november 2007 Del Skrevet 21. november 2007 Her er HJT loggen fra en venn. Jeg har fått han til å gå gjennom Langversonen til norbat. Med ccleaner slettet han utrolige 11G Grunnen til at han gjør dette er litt ustabilt nett (Som ikke er usatbil til vanlig) men her er HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:58, on 21.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safc.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [webcamXP] "C:\Program Files\webcamXP\webcamXP.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Gamers\Local Settings\Temp\{E6F19D0C-149A-4040-B512-BE5CDB05783F}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Gamers\Local Settings\Temp\VIES3C16\Setup.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk136YYNO O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gamers\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://84.205.61.22/SysCamInst.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://150.134.221.62/activex/AxisCamControl.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10499 bytes Jeg regner med at disse skal fjernes, men jeg har mest lyst til at noen med bedre kunnskap ser gjennom først: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk136YYNO O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...InitialSetup1.0 .0.15.cab Vedder på at det er mere men Takker på forhand (Takker eterpå å) Lenke til kommentar
norbat Skrevet 21. november 2007 Del Skrevet 21. november 2007 (endret) Se om vedkommende kan avinstallere MyWebSearch fra legg til / fjern programmer. Kan også kjøre en full scan med SAS (gratisversjonen) Post gjerne SAS-loggen + ny hjt-logg. (De du mener skal fjernes skal alle bort, ja , men se om ikke det blir litt mer ryddig i loggen ved å kjøre gjennom det over før evt. sletting fra hjt) Endret 21. november 2007 av norbat Lenke til kommentar
kjetilm Skrevet 21. november 2007 Forfatter Del Skrevet 21. november 2007 Se om vedkommende kan avinstallere MyWebSearch fra legg til / fjern programmer. Kan også kjøre en full scan med SAS (gratisversjonen) Post gjerne SAS-loggen + ny hjt-logg. (De du mener skal fjernes skal alle bort, ja , men se om ikke det blir litt mer ryddig i loggen ved å kjøre gjennom det over før evt. sletting fra hjt) ok tusen takk igjen norbat (You are my hero) men en ting. hva er egentlig ALCMTR.EXE (noe i den duren) Det anbefales å fjernes med HJT og fra windows filene. Det har jeg gjort nå nettopp på mn egen maskin. Men er det ikke noe til Realtek Audio? Hvorfor skal det fjernes? Men uasnet skal legge ut mere når vennen min har gjort dette Takk igjen Lenke til kommentar
norbat Skrevet 21. november 2007 Del Skrevet 21. november 2007 Hei, Jo, ALCMTR.EXE er knyttet til Realtek AC97 Audio. Man bør ikke slette selve fila fra PC-en, kun fjern den fra oppstarten slik at den ikke kjører i tide og utide. Fila brukes til å samle inn data fra brukeren (noen ganger ok, andre ganger ikke ok) Litt mer info: http://www.bleepingcomputer.com/startups/ALCMTR.EXE-240.html Lenke til kommentar
kjetilm Skrevet 23. november 2007 Forfatter Del Skrevet 23. november 2007 (endret) hmm Han fant ingen ting med superatispyware. Jeg ba han om å sende en nt HJT logg og da var det ikke noen feil på den Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:26, on 23.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\NetWaiting\netWaiting.exe C:\program files\valve\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\system\SplinterCell4.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -- End of file - 1996 bytes Jeg synes også at HJT loggen var noksa liten? Men han søkte med noe han kalte Adware Tracking code og Adware WhenU elns. Da fant han 2 stk. Endret 23. november 2007 av kjetilm Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Det er visst bare den øverste delen av hjt-loggen som vises. Lenke til kommentar
kjetilm Skrevet 26. november 2007 Forfatter Del Skrevet 26. november 2007 Det er visst bare den øverste delen av hjt-loggen som vises. Ja jeg vet. det kommer ikke mere Lenke til kommentar
norbat Skrevet 26. november 2007 Del Skrevet 26. november 2007 Ok, En dobbeltsjekk: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
kjetilm Skrevet 7. desember 2007 Forfatter Del Skrevet 7. desember 2007 (endret) sorry Kommer med logg asap Endret 7. desember 2007 av kjetilm Lenke til kommentar
kjetilm Skrevet 7. desember 2007 Forfatter Del Skrevet 7. desember 2007 Her er den : tror alt er der ComboFix 07-12-07.3 - Gamers 2007-12-07 22:52:33.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.494 [GMT 1:00] Running from: C:\Documents and Settings\Gamers\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\sfsync02.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SFSYNC02 -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))) . 2007-12-04 17:00 . 2007-12-04 17:00<DIR>d--------C:\Program Files\DivX 2007-11-30 15:56 . 2007-11-30 16:58<DIR>d--------C:\Program Files\Cheat Engine 2007-11-26 00:59 . 2007-11-26 00:59<DIR>d--------C:\Program Files\Orbatel 2007-11-26 00:54 . 2007-11-26 00:54<DIR>d--------C:\Program Files\Chama Digital Media 2007-11-25 16:17 . 2003-02-26 15:5536,864-ra------C:\WINDOWS\system32\AthUnIns.exe 2007-11-25 04:50 . 2007-11-25 04:536,116--a------C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-11-25 04:28 . 2007-11-25 04:526,912,054--a------C:\WINDOWS\BricoPack Wallpaper.bmp 2007-11-25 04:28 . 2007-11-25 04:5355,018--a------C:\WINDOWS\BricoPackUninst.cmd 2007-11-25 04:25 . 2007-11-25 04:49<DIR>d--------C:\WINDOWS\BricoPacks 2007-11-23 16:25 . 2007-11-23 16:25<DIR>d--------C:\Program Files\Ubisoft 2007-11-22 18:38 . 2007-12-06 19:10<DIR>d--------C:\Program Files\SUPERAntiSpyware 2007-11-22 18:38 . 2007-11-22 18:38<DIR>d--------C:\Documents and Settings\Gamers\Application Data\SUPERAntiSpyware.com 2007-11-22 18:38 . 2007-11-22 18:38<DIR>d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-22 16:11 . 2007-12-06 19:22<DIR>d--------C:\WINDOWS\Downloaded Installations 2007-11-22 16:11 . 2007-12-06 19:21<DIR>d--------C:\Documents and Settings\All Users\Application Data 2007-11-22 16:11 . 2007-12-06 19:21<DIR>d--------C:\Documents and Settings\All Users\Application Data\Altova 2007-11-20 19:31 . 2007-11-20 19:31<DIR>d--------C:\Program Files\Trend Micro 2007-11-19 17:28 . 2007-11-19 17:29<DIR>d--------C:\Program Files\CCleaner 2007-11-19 17:10 . 2007-11-19 17:10<DIR>d--------C:\Program Files\TeamViewer3 2007-11-19 17:10 . 2007-11-19 17:10<DIR>d--------C:\Documents and Settings\Gamers\temp 2007-11-18 01:50 . 2007-12-06 19:13<DIR>d--------C:\PacSteamT 2007-11-17 23:45 . 2007-11-17 23:45<DIR>d--------C:\Program Files\Ventrilo 2007-11-17 23:45 . 2007-11-22 18:38<DIR>d--------C:\Program Files\Common Files\Wise Installation Wizard 2007-11-16 16:27 . 2007-11-16 16:31<DIR>d--------C:\Program Files\VentSrv 2007-11-14 16:50 . 2007-11-14 16:50<DIR>d--------C:\Program Files\ImTOO 2007-11-11 22:32 . 2007-11-11 22:32<DIR>d--------C:\Documents and Settings\Gamers\Application Data\Comodo 2007-11-11 22:32 . 2007-11-11 22:32<DIR>d--------C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-11 03:01 . 2007-11-11 03:01<DIR>d--------C:\Program Files\MSXML 6.0 2007-11-10 18:37 . 2006-09-21 15:25211--a------C:\boot.ini.comodofirewall 2007-11-10 15:07 . 2007-11-10 15:07<DIR>d--------C:\Documents and Settings\Gamers\Application Data\Publish Providers 2007-11-10 15:02 . 2002-12-17 16:2333,340---------C:\WINDOWS\system32\dbmsqlgc.dll 2007-11-10 15:02 . 2002-10-20 14:0524,576---------C:\WINDOWS\system32\dbmsgnet.dll 2007-11-10 15:01 . 2007-11-10 15:01<DIR>d--------C:\Program Files\Microsoft SQL Server 2007-11-10 15:01 . 2007-11-10 15:06<DIR>d--------C:\Documents and Settings\Gamers\Application Data\Sony 2007-11-10 13:40 . 2007-11-10 13:40<DIR>d--------C:\Program Files\Neat Video for Sony Vegas 2007-11-09 21:10 . 2007-11-09 21:1069,632--a------C:\WINDOWS\AutoUpdateWin31.dll 2007-11-09 21:10 . 2007-11-09 21:1045,056--a------C:\WINDOWS\AutoUpdateWin32.exe 2007-11-09 21:10 . 2007-11-09 21:1032,768--a------C (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-07 21:59---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2007-12-06 19:32---------d-----wC:\Documents and Settings\Gamers\Application Data\dvdcss 2007-12-06 18:18---------d-----wC:\Program Files\Common Files\Symantec Shared 2007-12-06 18:17---------d--h--wC:\Program Files\InstallShield Installation Information 2007-12-06 18:12---------d-----wC:\Program Files\Google 2007-12-05 11:33---------d-----wC:\Documents and Settings\Gamers\Application Data\AdobeUM 2007-11-25 21:38---------d-s---wC:\Program Files\Xfire 2007-11-25 20:13---------d-----wC:\Documents and Settings\Gamers\Application Data\Xfire 2007-11-25 19:12---------d-----wC:\Program Files\Java 2007-11-23 14:47---------d-----wC:\Program Files\MSN Messenger 2007-11-19 16:34---------d-----wC:\Documents and Settings\Gamers\Application Data\TeamViewer 2007-11-17 18:26---------d-----wC:\Program Files\Common Files\Sonic Shared 2007-11-16 15:12---------d-----wC:\Documents and Settings\Gamers\Application Data\Ventrilo 2007-11-15 21:16---------d-----wC:\Program Files\mIRC 2007-11-07 20:51---------d-----wC:\Documents and Settings\All Users\Application Data\Symantec 2007-11-07 18:41---------d-----wC:\Program Files\Norton Internet Security 2007-11-07 18:31---------d-----wC:\Documents and Settings\All Users\Application Data\Telenor 2007-11-06 15:52---------d-----wC:\Documents and Settings\Gamers\Application Data\Hamachi 2007-11-05 16:041,276----a-wC:\Documents and Settings\Gamers\Application Data\wklnhst.dat 2007-10-28 17:25---------d-----wC:\Program Files\DynDNS Updater 2007-10-21 16:56---------d-----wC:\Documents and Settings\Gamers\Application Data\Kana Solution 2007-10-21 09:50---------d-----wC:\Program Files\PremiumSoft 2007-10-21 09:45---------d-----wC:\Program Files\MySQL 2007-10-10 12:38---------d-----wC:\Program Files\Teams ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 13:50] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "webcamXP"="C:\Program Files\webcamXP\webcamXP.exe" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-03-22 02:03 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-03-22 02:03 C:\WINDOWS\system32\nvhotkey.dll] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-04 13:29] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-04-06 14:58] "DAEMON Tools"="C:\Program Files\DAEMON Tools\ [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-29 00:32:20] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-09-08 20:06:01] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys S3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 22:59:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-07 23:01:40 - machine was rebooted . --- E O F --- Lenke til kommentar
norbat Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 Ser greit ut dette. Plages vedkommende fortsatt med ustabil nettilgang? Lenke til kommentar
kjetilm Skrevet 8. desember 2007 Forfatter Del Skrevet 8. desember 2007 Nei. Det har blitt bedre. Nå har han problemer med driveren til lyden. Han må opdatere den hver gang han skal bruke mic, f.eks Lenke til kommentar
norbat Skrevet 15. desember 2007 Del Skrevet 15. desember 2007 Be vedkommende om å slette følgende to filer, hvis de fortsatt er tilstede. C:\WINDOWS\AutoUpdateWin31.dll C:\WINDOWS\AutoUpdateWin32.exe Er det fortsatt problemer med 'lyd'? Lenke til kommentar
kjetilm Skrevet 15. desember 2007 Forfatter Del Skrevet 15. desember 2007 Jeg tror han har fått fikset det. noe tull med tilkoblingen. Men jeg skal si dette til han hvis det oppstår problemer. Tusen takk fir hjelpen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå