rabben11 Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 Når jeg slår av og på maskinen min forandres innkommende e-post-server til et tall: 127.0.0.1 .Dette skjer på alle epostkontoene inne på Outlook Ekspress. Hver gang jeg starter maskinen må jeg inn og forandre servernavn.. Noen som hvet hvorfor?? Lenke til kommentar
norbat Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 Hvilket epostprog. bruker du? Post gjerne en hjt-logg: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Den kan kanskje avsløre noe. Lenke til kommentar
rabben11 Skrevet 30. desember 2007 Forfatter Del Skrevet 30. desember 2007 (endret) Hvilket epostprog. bruker du? Post gjerne en hjt-logg: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Den kan kanskje avsløre noe. Jeg bruker Otlook Express 6 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:06:41, on 30.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\SetPoint\LBTWiz.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programfiler\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Programfiler\Skype\Plugin Manager\SkypePM.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\DOCUME~1\Erik\LOKALE~1\Temp\~e5.0001 C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5070124 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5070124 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5070124 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programfiler\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [salestart] "C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe" dm=http://errorskydd.com ad=http://errorskydd.com sd=http://gehrig.errorskydd.com O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SetPoint.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe -- End of file - 13226 bytes Endret 30. desember 2007 av rabben11 Lenke til kommentar
nomore Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 På et genrelt grunnlag kommer som regel dette av at du har et antivirusprogram som filtrerer eposten din før du mottar/sender. Den serveren som det endres til 127.0.0.1 er adressen til din lokale maskin og som regel betyr dette at når epostprogrammet skal lese/sende epost så kobler den seg til din lokale maskin, antivirusprogrammet reagerer på dette og kobler seg videre. Dette vil være umerkbart for din del og antivirusprogrammet kan søke igjennom eposten før du mottar den. Men det kan også være virus/spyware som sniffer i eposten din Lenke til kommentar
norbat Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 Dette var bare deler av loggen, men det ligger noe rammel der som man bør få fjernet. Kjør derfor gjennom langversjonen i følgende post https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres om legger du her i din egen post. Lenke til kommentar
rabben11 Skrevet 30. desember 2007 Forfatter Del Skrevet 30. desember 2007 Dette var bare deler av loggen, men det ligger noe rammel der som man bør få fjernet. Kjør derfor gjennom langversjonen i følgende post https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres om legger du her i din egen post. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/30/2007 at 02:13 PM Application Version : 3.9.1008 Core Rules Database Version : 3337 Trace Rules Database Version: 1338 Scan type : Complete Scan Total Scan Time : 00:30:34 Memory items scanned : 640 Memory threats detected : 0 Registry items scanned : 6825 Registry threats detected : 0 File items scanned : 38162 File threats detected : 0 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:26, on 2007-12-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\SetPoint\LBTWiz.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Programfiler\Skype\Plugin Manager\SkypePM.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Opera\Opera.exe C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5070124 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5070124 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programfiler\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [salestart] "C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe" dm=http://errorskydd.com ad=http://errorskydd.com sd=http://gehrig.errorskydd.com O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [DelayShred] c:\programfiler\mcafee\mshr\ShrCL.EXE /P7 /q C:\RECYCLER\S-1-5-~1\Dc148.SH! C:\RECYCLER\S-1-5-~1\Dc147.SH! C:\RECYCLER\S-1-5-~1\Dc146.SH! C:\RECYCLER\S-1-5-~1\Dc145.SH! C:\RECYCLER\S-1-5-~1\Dc144.SH! C:\RECYCLER\S-1-5-~1\Dc143.SH! C:\RECYCLER\S-1-5-~1\Dc142.SH! C:\RECYCLER\S-1-5-~1\Dc141.SH! C:\RECYCLER\S-1-5-~1\Dc140.SH! C:\RECYCLER\S-1-5-~1\Dc139.SH! C:\RECYCLER\S-1-5-~1\Dc138.SH! C:\RECYCLER\S-1-5-~1\Dc137.SH! C:\RECYCLER\S-1-5-~1\Dc136.SH! C:\RECYCLER\S-1-5-~1\Dc135.SH! C:\RECYCLER\S-1-5-~1\Dc134.SH! C:\RECYCLER\S-1-5-~1\Dc133.SH! C:\RECYCLER\S-1-5-~1\Dc132.SH! C:\RECYCLER\S-1-5-~1\Dc131.SH! C:\RECYCLER\S-1-5-~1\Dc130.SH! C:\RECYCLER\S-1-5-~1\Dc129.SH! C:\RECYCLER\S-1-5-~1\Dc128.SH! C:\RECYCLER\S-1-5-~1\Dc127.SH! C:\RECYCLER\S-1-5-~1\Dc126.SH! C:\RECYCLER\S-1-5-~1\Dc125.SH! C:\RECYCLER\S-1-5-~1\Dc124.SH! C:\RECYCLER\S-1-5-~1\Dc123.SH! C:\RECYCLER\S-1-5-~1\Dc122.SH! C:\RECYCLER\S-1-5-~1\Dc121.SH! C:\RECYCLER\S-1-5-~1\Dc120.SH! C:\RECYCLER\S-1-5-~1\Dc119.SH! C:\RECYCLER\S- O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SetPoint.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programfiler\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FELLES~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe -- End of file - 13370 bytes %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ComboFix 07-12-21.4 - Erik 2007-12-30 14:18:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.299 [GMT 1:00] Running from: C:\Documents and Settings\Erik\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\fCOe C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\pac.txt . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))) . 2007-12-30 13:41 . 2007-12-30 13:44 <DIR> dr-h----- C:\Documents and Settings\Erik\Siste 2007-12-30 13:32 . 2007-12-30 13:32 <DIR> d-------- C:\WINDOWS\LastGood 2007-12-30 13:03 . 2007-12-30 13:03 <DIR> d-------- C:\Programfiler\Trend Micro 2007-12-29 17:17 . 2007-12-29 17:17 <DIR> d-------- C:\Programfiler\Fellesfiler\ErrorSkydd 2007-12-29 17:17 . 2007-12-30 13:20 <DIR> d-------- C:\Programfiler\ErrorSkydd 2007-12-27 00:07 . 2007-12-27 00:07 <DIR> d-------- C:\Programfiler\AdVantage 2007-12-27 00:07 . 2007-12-27 00:09 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\DAEMON Tools 2007-12-27 00:07 . 2007-12-27 00:07 4,128 --a------ C:\INFCACHE.1 2007-12-27 00:06 . 2007-12-27 00:08 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2007-12-25 12:17 . 2007-12-25 12:17 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-25 12:11 . 2007-12-25 12:11 <DIR> d-------- C:\Programfiler\Activision 2007-12-23 16:53 . 2007-12-23 16:53 653 --a------ C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini 2007-12-15 12:06 . 2007-12-15 16:14 23 --a------ C:\WINDOWS\popcinfot.dat 2007-12-15 12:06 . 2007-12-15 12:06 0 --a------ C:\WINDOWS\popcreg.dat 2007-11-24 11:03 . 2007-11-24 11:03 <DIR> d-------- C:\Programfiler\Audacity 2007-11-21 18:28 . 2007-11-21 18:28 <DIR> d-------- C:\Programfiler\Aschehoug 2007-11-21 18:25 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe 2007-11-19 07:13 . 2007-11-19 07:13 <DIR> d-------- C:\Programfiler\MSXML 4.0 2007-11-18 22:05 . 2007-12-28 21:09 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-18 10:27 . 2007-11-18 10:27 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\Nero 2007-11-18 10:25 . 2007-11-18 10:25 <DIR> d-------- C:\Programfiler\Nero 2007-11-18 10:25 . 2007-11-18 10:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2007-11-18 10:25 . 2007-11-18 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2007-11-18 09:33 . 2007-11-18 09:33 <DIR> d-------- C:\WINDOWS\system32\oTt22e 2007-11-18 09:33 . 2007-12-30 14:20 <DIR> d-------- C:\Temp 2007-11-11 12:19 . 2007-11-11 12:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-11-11 04:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-11 04:59 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-11-11 04:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-11-10 22:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-11-10 22:51 . 2007-11-10 22:51 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2007-11-10 22:46 . 2007-11-10 22:52 <DIR> d-------- C:\Programfiler\Windows Live 2007-11-10 22:46 . 2007-11-10 22:48 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-10 22:45 . 2007-11-10 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-06 22:31 . 2007-11-16 14:22 <DIR> d-------- C:\Documents and Settings\Erik\Contacts 2007-11-06 22:29 . 2007-11-06 22:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-06 22:28 . 2007-11-11 00:23 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-11-04 16:43 . 2007-11-04 16:43 <DIR> d-------- C:\PhotomatixResults01 2007-11-04 16:43 . 2007-11-04 16:43 <DIR> d-------- C:\PhotomatixResults 2007-11-01 19:39 . 2007-11-01 19:39 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 12:49 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype 2007-12-30 12:42 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2007-12-30 12:20 --------- d-----w C:\Programfiler\LogMeIn 2007-12-29 15:27 --------- d-----w C:\Programfiler\Folder Lock 2007-12-29 12:30 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent 2007-12-28 20:36 --------- d-----w C:\Programfiler\Yahoo! 2007-12-28 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\YAHOO 2007-12-26 23:59 --------- d-----w C:\Programfiler\EA GAMES 2007-12-26 23:03 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 11:16 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-24 11:14 --------- d-----w C:\Programfiler\Java 2007-12-23 15:53 --------- d-----w C:\Programfiler\Dell Network Assistant 2007-12-23 15:52 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2007-12-22 16:38 --------- d-----w C:\Programfiler\Opera 2007-12-04 19:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2007-11-18 08:41 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 11:19 --------- d-----w C:\Programfiler\Dell 2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:54 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-06 03:35 95,525 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll 2007-04-02 07:43 746 ----a-w C:\Documents and Settings\Erik\Programdata\wklnhst.dat 2007-03-03 20:14 51,608 ----a-w C:\Documents and Settings\Erik\Programdata\GDIPFONTCACHEV1.DAT 2007-02-05 22:39 11,803 -c--a-w C:\Documents and Settings\Erik\cc_20070205_2339.reg 2006-02-11 10:05 5,844,345 ----a-w C:\Documents and Settings\Erik\nsauditor_setup.exe 2006-02-10 16:26 435,718 ----a-w C:\Documents and Settings\Erik\DnsEye.exe 2006-02-10 16:22 3,138 ----a-w C:\Documents and Settings\Erik\dellater.zip 2006-02-10 16:22 3,138 ----a-w C:\Documents and Settings\Erik\blatant.zip 2002-09-21 20:03 763,703 ----a-w C:\Documents and Settings\Erik\Pakistansk Superstjerne.exe 2001-03-29 18:16 1,282,560 ----a-w C:\Documents and Settings\Erik\StressReliever.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-09-13 12:31] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DelayShred"="c:\programfiler\mcafee\mshr\ShrCL.exe" [2007-01-17 18:02] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-11-09 15:09] "MPFEXE"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41] "UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 18:38 C:\WINDOWS\KHALMNPR.Exe] "Logitech BT Wizard"="LBTWiz.exe" [] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 18:20 C:\WINDOWS\stsystra.exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "Salestart"="C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe" [2007-12-04 14:49] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IETI"="C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe" [] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-06-12 18:29:50] SetPoint.lnk - C:\Programfiler\SetPoint\SetPoint.exe [2007-01-24 01:51:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 2007-07-08 16:24 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2006-04-27 11:30 53248 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2006-07-06 08:15 151552 --a------ C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard] LBTWiz.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] KHALMNPR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programfiler\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 14:03 36975 --a------ C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 08:14] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51] R2 windrvNT;windrvNT;C:\WINDOWS\system32\windrvNT.sys [2007-02-09 23:53] R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 13:00] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] S3 AR5523;USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2004-11-12 03:05] S3 ATHFMWDL;Atheros predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-04 14:28] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 04:39] S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [2006-11-20 15:19] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-15 00:00:01 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe' "2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-30 14:20:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... Lenke til kommentar
norbat Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [salestart] "C:\Programfiler\Fellesfiler\ErrorSkydd\strpmon.exe" dm=http://errorskydd.com ad=http://errorskydd.com sd=http://gehrig.errorskydd.com Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Programfiler\Fellesfiler\ErrorSkydd C:\Programfiler\ErrorSkydd Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Salestart"=- Ut over dette er det ikke noe spesielt å se. Ellers er det slik nomore nevner. Du har en McAfeepakke som inneholder flere program inkl. en Spamkiller, som gjør nettopp det som du opplever med innkommende epostserver. Lenke til kommentar
rabben11 Skrevet 1. januar 2008 Forfatter Del Skrevet 1. januar 2008 Takk skal dere ha.. Justerte litt på Spam-killeren så ble alt i orden. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå