r2d290 Skrevet 16. februar 2008 Del Skrevet 16. februar 2008 (endret) En bekjent drev å spredde rundt sånn facebook-link på msn for noen uker siden. Hun har ikke opplevd noen problem med den, så lurte på om det er noe som vises i loggen? oprativsystem: win vista hjt-logg (før jeg har gjort noen forandringer) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:51, on 16.02.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11109 bytes sas-logg Application Version : 3.9.1008 Core Rules Database Version : 3404 Trace Rules Database Version: 1396 Scan type : Complete Scan Total Scan Time : 01:06:42 Memory items scanned : 831 Memory threats detected : 0 Registry items scanned : 7395 Registry threats detected : 0 File items scanned : 67810 File threats detected : 39 Adware.Tracking Cookie C:\Users\Maji\AppData\Roaming\Microsoft\Windows\Cookies\Low\maji@adtech[1].txt C:\Users\Maji\AppData\Roaming\Microsoft\Windows\Cookies\Low\maji@atdmt[1].txt C:\Users\Maji\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Maji\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@2o7[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@adtech[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@advertising[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@atdmt[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@doubleclick[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@hitbox[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@imrworldwide[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@mediaplex[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@specificclick[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@statcounter[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\thor@tradedoubler[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@2o7[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@advertising[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@atdmt[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@doubleclick[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@imrworldwide[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@mediaplex[1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@specificclick[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@statcounter[2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Cookies\thor@tradedoubler[2].txt combofix logg ComboFix 08-02-17.2 - Maji 2008-02-17 11:13:38.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.172 [GMT 1:00] Running from: C:\Users\Maji\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 10:09 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-02-16 23:16 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-16 23:16 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-16 23:16 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-16 23:16 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-16 23:16 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-16 23:16 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-16 23:16 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-16 23:16 --------- d-----w C:\ProgramData\Microsoft Help 2008-02-16 23:15 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-16 23:15 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-16 23:15 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-16 23:15 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-16 23:15 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-16 23:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-16 23:14 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-16 23:14 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-16 23:14 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-16 23:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-16 23:14 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-16 23:11 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-16 23:11 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-16 23:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-16 23:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-16 23:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-02-16 21:50 --------- d-----w C:\Users\Maji\AppData\Roaming\SUPERAntiSpyware.com 2008-02-16 21:50 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-02-16 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-16 21:36 --------- d-----w C:\Program Files\Trend Micro 2008-02-16 21:32 --------- d-----w C:\Program Files\CCleaner 2008-02-14 02:05 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 02:05 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-11 20:46 --------- d-----w C:\Users\Maji\AppData\Roaming\LimeWire 2008-02-01 20:13 --------- d-----w C:\Program Files\iTunes 2008-02-01 20:13 --------- d-----w C:\Program Files\iPod 2008-02-01 20:09 --------- d-----w C:\Program Files\QuickTime 2008-01-18 20:02 --------- d-----w C:\Users\Maji\AppData\Roaming\Apple Computer 2008-01-10 16:24 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-10 16:24 --------- d-----w C:\Program Files\Windows Mail 2008-01-10 16:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-10 16:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-10 16:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2007-12-29 23:10 58,760 ----a-w C:\symlcsv1.exe 2007-12-23 15:40 --------- d-----w C:\Users\Maji\AppData\Roaming\MyPhoneExplorer 2007-12-23 15:40 --------- d-----w C:\Program Files\MyPhoneExplorer 2007-12-15 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-15 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-15 02:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-08-31 01:12 174 --sha-w C:\Program Files\desktop.ini 2007-05-23 19:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-05-23 19:43 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-05-23 19:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 17:12 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2004-11-18 03:50 258048] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-26 12:39 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 07:45 815104] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-07 17:35 227328] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 10:00 18944] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12 488984] "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43 252704] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13 774168] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070925.001\IDSvix86.sys [2007-09-13 15:49] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 16:37] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46] R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 16:28] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 13:40] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 14:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 14:54] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-16 23:00:02 C:\Windows\Tasks\Recovery DVD Creator.job" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe "2008-02-16 22:41:03 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-02-16 23:00:02 C:\Windows\Tasks\Utvidet garanti.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 11:19:55 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-17 11:22:15 . 2008-02-16 23:20:15 --- E O F --- trenger jeg å kjøre sas og/eller no annet? Endret 17. februar 2008 av r2d290 Lenke til kommentar
r2d290 Skrevet 17. februar 2008 Forfatter Del Skrevet 17. februar 2008 combofix lagt til. kan noen ta en titt? Lenke til kommentar
snippsat Skrevet 17. februar 2008 Del Skrevet 17. februar 2008 Loggene ser fine ut,jeg finner ikke noe grums. Så fungerer pc greit kan dette gjøres. Fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå