spyware hjelp takk, med logg nå

Dingo666 · 14. februar 2008

kan noen sjekke loggene mine og si hva jeg skal slette

ComboFix 08-02-14.2 - Asjad Ali 2008-02-14 15:21:27.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1091 [GMT 1:00]

Running from: C:\Users\Asjad Ali\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DRV\Tuner\Yuan\Resources\_desktop.ini

C:\Program Files\Helper

C:\Program Files\Helper\1202994009.dll

C:\Program Files\MediaVideoCodec

C:\Program Files\MediaVideoCodec\install.ico

C:\Program Files\Video Add-on

C:\Windows\search_res.txt

C:\Windows\system32\x64

C:\Windows\system32\x64\csnp2uvc.dll

C:\Windows\system32\x64\rsnpvc64.dll

C:\Windows\system32\x64\sncduvc.sys

C:\Windows\system32\x64\snp2uvc.sys

C:\Windows\system32\x64\vsnpvc64.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))

.

2008-02-14 14:00 . 2008-02-14 14:00 <DIR> d-------- C:\Program Files\Sotfone

2008-02-14 14:00 . 2008-02-14 14:00 <DIR> d-------- C:\Program Files\NetProject

2008-02-14 13:12 . 2008-02-14 13:14 <DIR> d-------- C:\CLUE

2008-02-13 17:05 . 2008-02-13 17:05 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-13 17:05 . 2008-02-13 17:05 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-13 17:03 . 2008-02-13 17:03 595,456 --a------ C:\Windows\System32\schedsvc.dll

2008-02-13 17:03 . 2008-02-13 17:03 115,200 --a------ C:\Windows\System32\loadperf.dll

2008-02-13 17:03 . 2008-02-13 17:03 39,424 --a------ C:\Windows\System32\lodctr.exe

2008-02-13 17:03 . 2008-02-13 17:03 32,256 --a------ C:\Windows\System32\unlodctr.exe

2008-02-13 17:03 . 2008-02-13 17:03 23,552 --a------ C:\Windows\System32\nshhttp.dll

2008-02-13 17:03 . 2008-02-13 17:03 17,408 --a------ C:\Windows\System32\prflbmsg.dll

2008-02-13 17:01 . 2008-02-13 17:01 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-02-13 17:01 . 2008-02-13 17:01 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe

2008-02-13 17:01 . 2008-02-13 17:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-02-13 17:01 . 2008-02-13 17:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-02-13 17:01 . 2008-02-13 17:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-02-13 17:01 . 2008-02-13 17:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-02-13 17:01 . 2008-02-13 17:01 15,928 --a------ C:\Windows\System32\drivers\pciide.sys

2008-02-13 17:00 . 2008-02-13 17:00 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 17:00 . 2008-02-13 17:00 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-02-13 17:00 . 2008-02-13 17:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-02-13 17:00 . 2008-02-13 17:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys

2008-02-13 17:00 . 2008-02-13 17:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-02-13 17:00 . 2008-02-13 17:00 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-02-13 17:00 . 2008-02-13 17:00 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-02-12 10:45 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys

2008-02-12 10:45 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat

2008-02-12 10:45 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf

2008-02-08 12:48 . 2008-02-12 10:45 <DIR> d-------- C:\Program Files\Norton Internet Security

2008-02-08 12:47 . 2008-02-14 14:30 <DIR> d-------- C:\Users\All Users\Symantec

2008-02-08 12:47 . 2008-02-08 12:58 <DIR> d-------- C:\Program Files\Symantec

2008-02-08 12:47 . 2008-02-14 14:30 <DIR> d-------- C:\PROGRA~2\Symantec

2008-02-08 12:47 . 2008-02-08 12:58 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2008-02-08 12:47 . 2008-02-08 12:58 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2008-02-08 12:47 . 2008-02-08 12:58 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2008-02-08 12:40 . 2008-02-08 12:40 244 --ah----- C:\sqmnoopt01.sqm

2008-02-08 12:40 . 2008-02-08 12:40 232 --ah----- C:\sqmdata01.sqm

2008-02-06 15:03 . 2008-02-06 15:03 <DIR> d-------- C:\Program Files\Common Files\Adobe(5)

2008-01-29 11:30 . 2008-01-29 11:30 <DIR> d-------- C:\Program Files\iTunes

2008-01-29 11:30 . 2008-01-29 11:30 <DIR> d-------- C:\Program Files\iPod

2008-01-29 11:30 . 2008-01-29 11:30 54,156 --ah----- C:\Windows\QTFont.qfn

2008-01-29 11:30 . 2008-01-29 11:30 1,409 --a------ C:\Windows\QTFont.for

2008-01-29 11:28 . 2008-01-29 11:29 <DIR> d-------- C:\Program Files\QuickTime

2008-01-26 21:46 . 2008-01-26 21:47 <DIR> d-------- C:\Users\Asjad Ali\AppData\Roaming\Nokia

2008-01-26 21:46 . 2008-01-26 21:46 <DIR> d-------- C:\Users\Asjad Ali\AppData\Roaming\Datalayer

2008-01-21 21:39 . 2008-01-21 21:39 244 --ah----- C:\sqmnoopt00.sqm

2008-01-21 21:39 . 2008-01-21 21:39 232 --ah----- C:\sqmdata00.sqm

2008-01-14 15:14 . 2008-01-14 15:14 206 --a------ C:\Windows\System32\MRT.INI

2008-01-14 15:10 . 2008-01-14 15:10 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-14 15:10 . 2008-01-14 15:10 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-14 15:10 . 2008-01-14 15:10 11,776 --a------ C:\Windows\System32\sbunattend.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-14 14:06 67,295 ----a-w C:\Users\Asjad Ali\AppData\Roaming\nvModes.dat

2008-02-13 16:04 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-13 16:04 905,400 ----a-w C:\Windows\System32\winresume.exe

2008-02-13 16:04 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-13 16:04 613,888 ----a-w C:\Windows\System32\wpd_ci.dll

2008-02-13 16:04 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-13 16:04 6,656 ----a-w C:\Windows\System32\kbd106.dll

2008-02-13 16:04 558,080 ----a-w C:\Windows\System32\oleaut32.dll

2008-02-13 16:04 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 16:04 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 16:04 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 16:04 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 16:04 35,328 ----a-w C:\Windows\System32\dispci.dll

2008-02-13 16:04 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 16:04 260,096 ----a-w C:\Windows\System32\dpx.dll

2008-02-13 16:04 224,824 ----a-w C:\Windows\System32\clfs.sys

2008-02-13 16:04 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll

2008-02-13 16:04 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 16:04 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll

2008-02-13 16:04 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 16:04 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 16:04 12,800 ----a-w C:\Windows\System32\batt.dll

2008-02-13 16:04 101,888 ----a-w C:\Windows\System32\drvinst.exe

2008-02-13 16:04 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-02-13 16:01 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-02-13 16:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 16:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 16:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 16:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 15:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 15:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 15:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 15:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-13 15:54 --------- d-----w C:\Users\Asjad Ali\AppData\Roaming\uTorrent

2008-02-13 15:30 --------- d-----w C:\Users\Asjad Ali\AppData\Roaming\dvdcss

2008-02-12 09:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-07 15:20 --------- d-----w C:\Program Files\Acer GameZone

2008-02-07 15:15 --------- d-----w C:\Program Files\Yahoo!

2008-02-07 15:14 --------- d-----w C:\Users\Asjad Ali\AppData\Roaming\Yahoo!

2008-02-07 15:14 --------- d-----w C:\PROGRA~2\Yahoo!

2008-02-07 13:42 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-31 22:18 --------- d-----w C:\Users\Asjad Ali\AppData\Roaming\CyberLink

2008-01-31 19:06 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-01-31 19:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-01-14 14:20 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-14 14:20 --------- d-----w C:\Program Files\Windows Mail

2008-01-01 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-01 17:18 --------- d-----w C:\Users\Asjad Ali\AppData\Roaming\PC Suite

2008-01-01 17:17 --------- d-----w C:\Program Files\Nokia

2008-01-01 17:14 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-01-01 17:14 --------- d-----w C:\Program Files\Common Files\Nokia

2008-01-01 17:07 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2007-12-21 14:55 --------- d---a-w C:\PROGRA~2\TEMP

2007-12-13 07:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-13 07:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-13 07:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-11-19 21:28 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2007-11-19 11:44 2,402,832 ----a-w C:\Users\Public\WLinstaller.exe

2007-11-18 11:51 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-15 07:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-15 07:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-15 07:28 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-15 07:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-15 07:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-15 07:28 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-15 07:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-15 07:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-15 07:28 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-15 07:28 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-09-28 17:01 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]

2008-02-14 14:00 14848 --a------ C:\Program Files\Sotfone\1202994012.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

2008-02-14 14:00 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-14 15:10 1232896]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-09 23:01 1006264]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]

"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]

"Acer Tour"="" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 16:39 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 16:39 8470528]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 16:39 81920]

"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 11:35 94208]

"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 10:15 752136]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00 174872]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

"Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [2006-11-30 13:51 178312]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Users\Asjad Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-09 23:31:52 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2007-05-24 12:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]

R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080212.002\IDSvix86.sys [2007-12-04 17:51]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05]

R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-02 14:17]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]

S3 NETw3v32;Intel® PRO/trådløs 3945ABG-kortdriver for Windows Vista, 32-bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]

S3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-08 12:02:53 C:\Windows\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Asjad Ali.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2007-12-01 16:47:43 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 15:24:19

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-14 15:25:14

ComboFix-quarantined-files.txt 2008-02-14 14:25:12

.

2008-02-14 09:24:45 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:36:06, on 14.02.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\NetProject\scit.exe

C:\Program Files\NetProject\sbmntr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\NetProject\scm.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\NetProject\sbsm.exe

C:\Users\ASJADA~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Telenor\Online Start\Telenor.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Program Files\Apoint2K\Apntex.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202994012.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: eNetHook.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 13200 bytes

Endret 14. februar 2008 av Dingo666

r2d290 · 14. februar 2008

hvilke logger?

Dingo666 · 14. februar 2008

hvilke logger?

nå er loggene der

norbat · 14. februar 2008

Ta og kjør en full scan med gratisversjonen til SAS.

Når den er ferdigkjørt, kjører du på nytt Combofix og poster loggen.

Ta også å poste loggen som SAS lager. Den finner du i programmet under Preferences->statistics/logs.

Det burde ikke være så mye igjen etter den runden

Endret 14. februar 2008 av norbat

Dingo666 · 14. februar 2008

Her kommer de nye loggene..

ComboFix 08-02-14.2 - Asjad Ali 2008-02-14 17:25:01.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1007 [GMT 1:00]

Running from: C:\Users\Asjad Ali\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))

.

2008-02-14 16:30 . 2008-02-14 16:30 <DIR> d-------- C:\Users\Asjad Ali\AppData\Roaming\SUPERAntiSpyware.com

2008-02-14 16:30 . 2008-02-14 16:30 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-02-14 16:30 . 2008-02-14 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-02-14 16:30 . 2008-02-14 16:30 <DIR> d-------- C:\PROGRA~2\SUPERAntiSpyware.com

2008-02-14 15:57 . 2008-02-14 15:57 <DIR> d-------- C:\Users\All Users\Yahoo! Companion

2008-02-14 15:57 . 2008-02-14 15:57 <DIR> d-------- C:\PROGRA~2\Yahoo! Companion

2008-02-14 15:52 . 2008-02-14 15:52 <DIR> d-------- C:\Program Files\CCleaner

2008-02-14 15:35 . 2008-02-14 15:35 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-14 14:00 . 2008-02-14 17:21 <DIR> d-------- C:\Program Files\NetProject