r2d290 Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 (endret) hallo kan noen se gjennom om alt er som det skal her? jeg kan vel hvertfall fikse den "no name" linja, men er det no mer? Logfile of HijackThis v1.99.1 Scan saved at 17:12, on 2008-01-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\FSGK32.EXE C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FCH32.EXE C:\Programfiler\Synergy\synergys.exe D:\Programmer\RealVNC\VNC4\WinVNC4.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsqh.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FAMEH32.EXE C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fssm32.exe C:\Programfiler\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsus.exe C:\Programfiler\TortoiseSVN\bin\TSVNCache.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsav32.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\fsguidll.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe D:\Programmer\RealVNC\VNC4\winvnc4.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe D:\PROGRA~1\FIREFOX\FIREFOX.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Eirik N\Skrivebord\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Run VNC Server.lnk = D:\Programmer\RealVNC\VNC4\winvnc4.exe O4 - Startup: Skype.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Synergy Server - Unknown owner - C:\Programfiler\Synergy\synergys.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing) edit: glemte å legge til hjt-log Endret 23. januar 2008 av r2d290 Lenke til kommentar
Programvare Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 (endret) Bortsett fra at du glemte å poste hijackthis-logg ser det ganske greit ut edit: Der ja Endret 23. januar 2008 av Vintermåne Lenke til kommentar
r2d290 Skrevet 23. januar 2008 Forfatter Del Skrevet 23. januar 2008 legger til en combofix også. Hvis det hjelper for noe... ComboFix 08-01-23.2 - Eirik N 2008-01-23 16:37:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.235 [GMT 1:00] Running from: C:\Documents and Settings\Eirik N\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Eirik N\Programdata\STEM32~1 C:\Documents and Settings\Eirik N\Programdata\STEM32~1\??stem32\ C:\Documents and Settings\Eirik N\Programdata\STEM32~1\rundll32.exe E:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://javadl.sun.com . ((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))) . 2008-01-23 16:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-23 16:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-22 20:30 . 2008-01-23 16:32 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-22 20:23 . 2008-01-22 20:23 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-13 17:58 . 2008-01-13 17:58 <DIR> d-------- C:\Programfiler\Bonjour 2008-01-13 17:47 . 2008-01-13 17:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-01-13 16:42 . 2008-01-13 16:42 <DIR> d-------- C:\Programfiler\PowerISO 2008-01-08 16:28 . 2008-01-08 16:28 <DIR> d-------- C:\Programfiler\Aspyr 2007-12-30 03:01 . 2007-12-30 03:01 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2007-12-29 04:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-29 04:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-29 04:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-28 12:02 . 2007-12-28 12:02 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2007-12-28 11:55 . 2007-12-28 12:00 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-12-28 11:54 . 2007-12-28 12:00 <DIR> d-------- C:\Programfiler\Windows Live 2007-12-26 15:28 . 2007-12-26 15:29 <DIR> d-------- C:\Programfiler\The Tournament Director 2 2007-12-26 13:01 . 2007-12-26 13:33 <DIR> d-------- C:\Programfiler\The Tournament Director 2007-12-23 17:06 . 2007-04-03 12:59 100,360 -ra------ C:\WINDOWS\system32\drivers\s616mgmt.sys 2007-12-23 17:06 . 2007-04-03 12:59 99,080 -ra------ C:\WINDOWS\system32\drivers\s616unic.sys 2007-12-23 17:06 . 2007-04-03 12:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys 2007-12-23 17:06 . 2007-04-03 12:59 23,176 -ra------ C:\WINDOWS\system32\drivers\s616nd5.sys 2007-12-23 17:06 . 2007-04-03 12:59 11,016 -ra------ C:\WINDOWS\system32\drivers\s616cr.sys 2007-12-23 17:05 . 2007-04-03 12:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys 2007-12-23 17:05 . 2007-04-03 12:59 83,208 -ra------ C:\WINDOWS\system32\drivers\s616bus.sys 2007-12-23 17:05 . 2007-04-03 12:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys 2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616whnt.sys 2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616wh.sys 2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys 2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys 2007-12-23 16:48 . 2007-12-23 16:59 <DIR> d-------- C:\Programfiler\MyPhoneExplorer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-23 15:36 --------- d-----w C:\Programfiler\Java 2008-01-22 19:30 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-13 16:58 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-19 21:25 --------- d-----w C:\Programfiler\Canal Digital Sikkerhetspakken 2007-12-19 10:30 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys 2007-12-19 10:30 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys 2007-12-18 14:37 --------- d-----w C:\Programfiler\Synergy 2007-12-18 14:25 --------- d-----w C:\Programfiler\NSIS 2007-11-27 19:55 --------- d-----w C:\Programfiler\Winamp 2007-11-24 21:25 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-24 21:25 --------- d-----w C:\Programfiler\Google 2007-11-24 20:55 --------- d-----w C:\Programfiler\Skype 2007-11-24 20:55 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2007-11-24 14:03 --------- d-----w C:\Programfiler\Creative 2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 12:04 68856] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 12:42 7331840] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-15 12:42 86016] "nwiz"="nwiz.exe" [2005-12-15 12:42 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 13:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 09:04 761945] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-06-29 13:48 233534] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016] "F-Secure Manager"="C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.exe" [2007-04-26 18:12 183208] "F-Secure TNB"="C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 07:16 528384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360] C:\Documents and Settings\Eirik N\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] Run VNC Server.lnk - D:\Programmer\RealVNC\VNC4\winvnc4.exe [2007-01-29 18:47:39 852984] Skype.lnk - C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico [2007-11-24 21:55:36 94334] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2005-08-16 10:56:00 577597] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] Source= C:\background\pics\1440\jessicaAlba1440x900.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source= C:\background\index.html FriendlyName= [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 17fe R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-12-19 11:30] R1 F-Secure HIPS;F-Secure HIPS;C:\Programfiler\Canal Digital Sikkerhetspakken\HIPS\fshs.sys [2007-04-26 18:11] R2 Synergy Server;Synergy Server;C:\Programfiler\Synergy\synergys.exe [2006-04-02 21:20] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0126b5eb-89eb-11dc-9a22-0016d4028363}] \Shell\AutoRun\command - H:\wd_windows_tools\setup.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-22 20:59:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 16:48:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe???????????L????|?????? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Programfiler\Synergy\synrgyhk.dll . Lenke til kommentar
Programvare Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 Ser da greit ut det der. Combofix tok med seg noen filer. Du kan trykke fix checked på følgende i hjt: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Kjører du Ccleaner? Lenke til kommentar
r2d290 Skrevet 23. januar 2008 Forfatter Del Skrevet 23. januar 2008 Kjører du Ccleaner? Gjorde det i går... Er det noe galt siden du spør om det, eller var det bare et kontroll-spørsmål? Hva mente du med at combofix tok med seg noen filer? At den fikset en del bra? Lenke til kommentar
Programvare Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 Ja, Combofix slettet noe som ikke skulle være der. Ccleaner-spørsmålet var bare kontroll Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå