5-7 Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 (endret) Har hatt noen slektninger på besøk, og da har min bærbar blitt lånt bort. Har ingen anelse om hva de har gjort på den. Plutselig begynte NAV å scanne utgående e-mails til [email protected] eller noe, uten at noe e-post program var åpent. Har derfor en liten mistanke om at noe kan være galt, og ber derfor ekspertene sjekke loggen min. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:54, on 15.01.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\userinit.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Users\Martin\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Acer\WR_PopUp\WarReg_PopUp.exe C:\Acer\AcerTour\Reminder.exe C:\Users\Martin\Desktop\HiJackThis.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\csrss.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winlogon] C:\Windows\csrss.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL eNetHook.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12425 bytes Ser også i oppgavebehandling at jeg har to prosesser som heter "csrss.exe", den ene er en kjøretidsprosess for klientserver, den andre står det ikke noe info om. Mistenksomt.. Endret 15. januar 2008 av 5-7 Lenke til kommentar
norbat Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 C:\Windows\csrss.exe <- Trojan Du kan stoppe prosessen og slette fila Kjør HJT, sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [winlogon] C:\Windows\csrss.exe Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det er noe mer som bør gjøres. Lenke til kommentar
5-7 Skrevet 15. januar 2008 Forfatter Del Skrevet 15. januar 2008 ComboFix 08-01-15.4 - Martin 2008-01-15 16:03:21.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.996 [GMT 1:00] Running from: C:\Users\Martin\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\csrss.exe C:\Windows\setup.exe . ((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))) . 2008-01-15 16:01 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-14 15:45 . 2008-01-14 15:45 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-14 15:45 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe 2008-01-14 15:45 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx 2008-01-14 15:45 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr 2008-01-14 15:45 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-01-14 15:45 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys 2008-01-14 15:45 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys 2008-01-13 13:28 . 2008-01-13 13:28 268 --ah----- C:\sqmdata12.sqm 2008-01-13 13:28 . 2008-01-13 13:28 244 --ah----- C:\sqmnoopt12.sqm 2008-01-11 22:39 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll 2008-01-11 22:04 . 2008-01-14 20:55 107,832 --a------ C:\Windows\System32\PnkBstrB.exe 2008-01-11 22:04 . 2008-01-11 22:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-01-11 22:04 . 2008-01-14 20:56 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2008-01-11 17:54 . 2008-01-15 15:30 <DIR> d-------- C:\Users\Martin\AppData\Roaming\Xfire 2008-01-11 17:54 . 2008-01-15 15:30 <DIR> d-------- C:\Users\All Users\Xfire 2008-01-11 17:54 . 2008-01-15 15:30 <DIR> d-------- C:\ProgramData\Xfire 2008-01-11 17:54 . 2008-01-15 15:31 <DIR> d-------- C:\Program Files\Xfire 2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\Windows\System32\xfcodec.dll 2008-01-09 17:21 . 2008-01-09 17:21 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 17:21 . 2008-01-09 17:21 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 17:21 . 2008-01-09 17:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 17:21 . 2008-01-09 17:21 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 17:21 . 2008-01-09 17:21 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 17:20 . 2008-01-09 17:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 17:20 . 2008-01-09 17:20 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 17:19 . 2008-01-09 17:19 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 17:19 . 2008-01-09 17:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 17:19 . 2008-01-09 17:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 17:19 . 2008-01-09 17:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 17:19 . 2008-01-09 17:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 17:19 . 2008-01-09 17:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 17:19 . 2008-01-09 17:19 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-09 17:19 . 2008-01-09 17:19 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-07 16:49 . 2008-01-07 16:49 <DIR> d-------- C:\Program Files\Common Files\EasyInfo 2008-01-07 16:33 . 2008-01-11 19:16 <DIR> d-------- C:\Program Files\EA GAMES 2008-01-04 16:11 . 2008-01-04 16:11 <DIR> d-------- C:\Temp 2008-01-04 16:10 . 2008-01-04 16:10 <DIR> d-------- C:\Program Files\Xilisoft 2008-01-01 23:33 . 2008-01-11 17:01 <DIR> d-------- C:\Users\Martin\Ikoner 2008-01-01 23:29 . 2008-01-01 23:31 <DIR> d-------- C:\Program Files\RocketDock 2008-01-01 23:19 . 2008-01-01 23:16 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-01-01 05:09 . 2008-01-05 14:22 <DIR> d-------- C:\Users\Martin\Limewire 2008-01-01 05:08 . 2008-01-05 14:23 <DIR> d-------- C:\Users\Martin\Incomplete 2008-01-01 05:08 . 2008-01-05 14:23 <DIR> d-------- C:\Users\Martin\AppData\Roaming\LimeWire 2008-01-01 05:07 . 2008-01-01 05:07 <DIR> d-------- C:\Program Files\LimeWire 2008-01-01 03:18 . 2008-01-15 15:28 65,536 --------- C:\Windows\System32\Ikeext.etl 2007-12-31 21:39 . 2007-12-31 21:41 <DIR> d--h----- C:\Windows\msdownld.tmp 2007-12-30 03:55 . 2007-12-30 03:55 <DIR> d-------- C:\Converted Music 2007-12-30 03:51 . 2007-12-30 03:51 131,072 --a------ C:\Windows\System32\SpoonUninstall.exe 2007-12-29 14:46 . 2007-12-29 14:46 268 --ah----- C:\sqmdata11.sqm 2007-12-29 14:46 . 2007-12-29 14:46 244 --ah----- C:\sqmnoopt11.sqm 2007-12-28 09:24 . 2007-12-28 09:24 20 --a------ C:\Windows\mafosav.INI 2007-12-28 09:23 . 2007-12-28 11:22 <DIR> d-------- C:\Program Files\Mario Forever 2007-12-26 01:37 . 2007-12-26 02:27 <DIR> d-------- C:\Users\Martin\AppData\Roaming\Azureus 2007-12-26 01:37 . 2007-12-26 01:37 <DIR> d-------- C:\Users\All Users\Azureus 2007-12-26 01:37 . 2007-12-26 01:37 <DIR> d-------- C:\ProgramData\Azureus 2007-12-23 17:36 . 2007-12-23 17:36 <DIR> d--h----- C:\Users\All Users\CanonBJ 2007-12-23 17:36 . 2007-12-23 17:36 <DIR> d--h----- C:\ProgramData\CanonBJ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 14:32 --------- d-----w C:\Users\Martin\AppData\Roaming\Skype 2008-01-15 14:31 --------- d-----w C:\Users\Martin\AppData\Roaming\OpenOffice.org2 2008-01-15 14:30 --------- d-----w C:\Program Files\Steam 2008-01-15 14:28 32,192 ----a-w C:\Users\Martin\AppData\Roaming\nvModes.dat 2008-01-14 14:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-14 14:33 --------- d-----w C:\ProgramData\Symantec 2008-01-14 14:33 --------- d-----w C:\Program Files\Symantec 2008-01-11 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-11 16:30 --------- d-----w C:\Program Files\Common Files\Steam 2008-01-09 22:09 --------- d-----w C:\Users\Martin\AppData\Roaming\teamspeak2 2008-01-09 16:24 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 16:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-09 16:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-09 16:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-09 16:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-09 16:19 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-02 13:48 --------- d-----w C:\Users\Martin\AppData\Roaming\U3 2008-01-01 14:43 --------- d-----w C:\Program Files\Launch Manager 2007-12-30 00:56 --------- d-----w C:\Program Files\DivX 2007-12-30 00:53 --------- d-----w C:\Users\Martin\AppData\Roaming\DivX 2007-12-22 11:58 --------- d-----w C:\Program Files\Opera 2007-12-13 06:17 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-13 06:16 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-13 06:16 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-13 06:15 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-13 06:15 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-13 06:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-13 06:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-13 06:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 06:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 06:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 06:14 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-13 06:12 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-13 06:12 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-11 19:46 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2007-12-11 19:46 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2007-12-11 19:45 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2007-12-11 19:45 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2007-12-11 19:44 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2007-12-11 19:44 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2007-12-11 19:44 81,920 ----a-w C:\Windows\System32\dpl100.dll 2007-12-11 19:44 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2007-12-11 19:44 682,496 ----a-w C:\Windows\System32\DivX.dll 2007-12-11 19:44 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2007-12-11 19:44 57,344 ----a-w C:\Windows\System32\dpv11.dll 2007-12-11 19:44 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2007-12-11 19:44 344,064 ----a-w C:\Windows\System32\dpus11.dll 2007-12-11 19:44 294,912 ----a-w C:\Windows\System32\dpu11.dll 2007-12-11 19:44 294,912 ----a-w C:\Windows\System32\dpu10.dll 2007-12-11 19:44 196,608 ----a-w C:\Windows\System32\dtu100.dll 2007-12-11 19:44 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2007-12-11 19:43 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2007-12-08 17:33 --------- d-----w C:\ProgramData\NtiDvdCopy 2007-12-05 16:10 --------- d-----w C:\Users\Martin\AppData\Roaming\mIRC 2007-11-29 18:38 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2007-11-29 18:33 --------- d-----w C:\Users\Martin\AppData\Roaming\vlc 2007-11-29 18:32 --------- d-----w C:\Program Files\VideoLAN 2007-11-29 18:29 --------- d---a-w C:\ProgramData\TEMP 2007-11-21 18:23 81,920 ----a-w C:\Windows\System32\frapsvid.dll 2007-11-20 19:38 --------- d-----w C:\Program Files\Java 2007-11-18 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-17 16:51 --------- d-----w C:\Program Files\iTunes 2007-11-17 16:51 --------- d-----w C:\Program Files\iPod 2007-11-17 16:50 --------- d-----w C:\Program Files\QuickTime 2007-11-14 22:02 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-14 22:02 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-14 22:02 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-14 22:02 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-14 22:02 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-14 22:02 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-14 22:02 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-14 22:02 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-14 22:02 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-14 22:02 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-10-22 02:39 267,272 ----a-w C:\Windows\System32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\Windows\System32\X3DAudio1_2.dll 2007-08-31 12:38 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "Steam"="c:\program files\steam\steam.exe" [2007-11-30 15:01 1266936] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-01 17:37 171448] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-25 18:02 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 06:09 865840] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-04 05:36 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-04 05:35 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-04 05:36 81920] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-04-26 16:54 1286144] "Acer Tour"="" [] "PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 17:51 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872] "IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 16:49 33048] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-04 05:23 502544] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 10:16 206952] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 19:08 335872] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 16:37 1838592] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552] C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-06-08 06:28:14] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-11 01:29:50] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-07-24 17:49:37] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-18 13:59:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL eNetHook.dll R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 00:11] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 16:43] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 16:43] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05] R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 21:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 01:49] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 08:03] R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 23:14] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 17:35] R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-11 07:39] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 08:09] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 20:46] S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 07:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 07:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-15 16:06:40 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-15 16:07:40 ComboFix-quarantined-files.txt 2008-01-15 15:07:37 . 2008-01-09 16:21:38 --- E O F --- Tusen takk for raskt svar! Lenke til kommentar
norbat Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 Du bør i tillegg scanne gjennom med et antispywareprog. Kan anbefale gratisversjonen til SAS Har du 2 antivirusprogram (avast, norton) på PC-en bør du fjerne det ene. Er det bare noen rester av Norton som ligger der, kan du bruke Norton Removal Tool til å fjerne resten. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Har NAV roet seg? Lenke til kommentar
5-7 Skrevet 15. januar 2008 Forfatter Del Skrevet 15. januar 2008 Tror nok kanskje det ligger noen rester av norton der ja, installerte nylig avast, da mitt "abonnement" på norton gikk ut. Har du noen anbefalinger på gratis, men bra, antivirus? Lenke til kommentar
norbat Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 Avast skal holde bra, det. Lenke til kommentar
5-7 Skrevet 15. januar 2008 Forfatter Del Skrevet 15. januar 2008 Ok, da holder jeg meg til det, hvertfall til jeg får kjøpt noe nytt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå