RMX02 Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 (endret) Fint om noen kan se igjennom loggen min.. SAS Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/01/2008 at 12:43 PM Application Version : 4.0.1152 Core Rules Database Version : 3412 Trace Rules Database Version: 1404 Scan type : Complete Scan Total Scan Time : 00:28:43 Memory items scanned : 563 Memory threats detected : 0 Registry items scanned : 6791 Registry threats detected : 1 File items scanned : 26312 File threats detected : 1 Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BA6C6CB6-676C-4DEA-9BDA-3BC4AB075F7C} Adware.Tracking Cookie C:\Documents and Settings\FT\Cookies\f_t@adtech[1].txt ComboFix Log: ComboFix 08-03-01.3 - FT 2008-03-01 13:01:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.450 [GMT 1:00] Running from: C:\Documents and Settings\FT\Lokale innstillinger\Temporary Internet Files\Content.IE5\LYR6QT00\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini2 C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\win.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))) . 2008-03-01 12:11 . 2008-03-01 12:11 <DIR> dr-h----- C:\Documents and Settings\FT\Siste 2008-02-29 22:15 . 2008-02-29 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-29 22:14 . 2008-02-29 22:14 <DIR> d-------- C:\Documents and Settings\FT\Programdata\SUPERAntiSpyware.com 2008-02-29 22:13 . 2008-02-29 22:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-29 16:18 . 2008-02-29 20:34 <DIR> d-------- C:\VundoFix Backups 2008-02-27 19:18 . 2008-02-28 17:27 706 ---hs---- C:\WINDOWS\system32\afafdwmh.ini 2008-02-26 19:14 . 2008-02-26 19:14 294 ---hs---- C:\WINDOWS\system32\oclkptcv.ini 2008-02-21 23:02 . 2008-02-21 23:02 <DIR> d-------- C:\Documents and Settings\FT\Programdata\fretsonfire 2008-02-18 13:23 . 2008-02-29 19:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-18 13:23 . 2008-02-18 13:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Documents and Settings\FT\dwhelper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 12:00 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-02-29 14:10 --------- d-----w C:\Programfiler\Opera 2008-02-28 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\Vso 2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\CopyToDvd 2008-01-24 14:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro 2008-01-23 09:42 --------- d-----w C:\Programfiler\Yahoo! 2008-01-23 09:06 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-01-14 12:22 --------- d-----w C:\Programfiler\Realtek AC97 2008-01-14 12:20 --------- d-----w C:\Programfiler\Unibrain 2008-01-14 12:19 --------- d-----w C:\Programfiler\Intel Desktop Board 2008-01-14 11:51 --------- d-----w C:\Programfiler\Marvell 2008-01-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-01-11 08:56 --------- d-----w C:\Documents and Settings\FT\Programdata\Nero 2008-01-11 08:54 --------- d-----w C:\Programfiler\Fellesfiler\Nero 2008-01-11 08:52 --------- d-----w C:\Programfiler\Nero 2008-01-11 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero 2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\SlipStream 2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\ONSPEED_TOOLBAR 2008-01-10 08:49 --------- d-----w C:\Programfiler\inKline Global 2008-01-09 19:58 --------- d-----w C:\Documents and Settings\FT\Programdata\Skype 2008-01-09 17:05 --------- d-----w C:\Programfiler\QuickTime 2008-01-09 17:03 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-09 16:52 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2008-01-09 16:52 --------- d-----w C:\Documents and Settings\FT\Programdata\skypePM 2008-01-09 16:51 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2008-01-01 20:09 --------- d-----w C:\Programfiler\Image-Line 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-10-12 17:32 53,652,801 ----a-w C:\Programfiler\Clue.rar 2007-01-25 20:07 81,920 ----a-w C:\Documents and Settings\FT\Programdata\ezpinst.exe 2007-01-25 20:07 47,360 ----a-w C:\Documents and Settings\FT\Programdata\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01510adb-07f5-48ec-88c4-6db10bdf34eb}] C:\WINDOWS\system32\etjtbtyo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc] @={9D1F87E7-4D72-41AB-9D57-D101A08F20E5} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Logitech Hardware Abstraction Layer"="C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-10-05 21:11 866584] "StartupMonitor"="C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" [2006-07-10 05:16 183296] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "e0e1b896"="C:\WINDOWS\system32\jpiamwba.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-06-17 21:14:37 671744] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspom] wvuspom.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "LogitechSoftwareUpdate"=C:\Programfiler\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime "iTunesHelper"="L:\iTunes\iTunesHelper.exe" "RAM Idle Professional"=C:\Programfiler\RAM Idle LE\RAM_XP.exe "NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" "PCSuiteTrayApplication"=C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\Steam.exe"= "C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero deleted scenes\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\day of defeat\\hl.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\empires2.exe"= "C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\age2_x1.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "D:\\Team17\\Worms2\\frontend.exe"= "D:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "D:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "D:\\Programfiler\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32] R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25] R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50] R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25] S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2006-11-24 11:06] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-29 21:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-01 12:11:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-28 19:26:54 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - FT.job" HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16, on 2008-03-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\Logitech\system\em_exec.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\FT\Skrivebord\Honda.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=0fa7b5e4874...d8076ddba94e2c0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: {be43fdb0-1bd6-4c88-ce84-5f70bda01510} - {01510adb-07f5-48ec-88c4-6db10bdf34eb} - C:\WINDOWS\system32\etjtbtyo.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: ClueAddIn.IE.ObjectWithSite - {1F6C23D6-854C-497f-9275-439C89CF1F68} - mscoree.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing) O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [startupMonitor] "C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [e0e1b896] rundll32.exe "C:\WINDOWS\system32\jpiamwba.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.mpx.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165485195781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: wvuspom - wvuspom.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 13439 bytes Endret 3. mars 2008 av Morten-T Lenke til kommentar
norbat Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\afafdwmh.ini C:\WINDOWS\system32\oclkptcv.ini Folder:: C:\Programfiler\Fellesfiler\BOONTY Shared Driver:: Boonty Games Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01510adb-07f5-48ec-88c4-6db10bdf34eb}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "e0e1b896"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspom] Post loggen + ny hjt-logg. Lenke til kommentar
RMX02 Skrevet 1. mars 2008 Forfatter Del Skrevet 1. mars 2008 Har gjort det nå. Her er ComboFix Loggen: ComboFix 08-03-01.3 - FT 2008-03-01 14:49:06.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.458 [GMT 1:00] Running from: C:\Documents and Settings\FT\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\FT\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\afafdwmh.ini C:\WINDOWS\system32\oclkptcv.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Fellesfiler\BOONTY Shared C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe C:\WINDOWS\system32\afafdwmh.ini C:\WINDOWS\system32\oclkptcv.ini . ---- Previous Run ------- . C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini2 C:\WINDOWS\system32\stutv.ini2 C:\WINDOWS\win.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm -------\LEGACY_BOONTY_GAMES -------\Boonty Games ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))) . 2008-03-01 13:00 . 2008-03-01 13:12 <DIR> d-------- C:\ComboFix[1] 2008-03-01 12:11 . 2008-03-01 14:45 <DIR> dr-h----- C:\Documents and Settings\FT\Siste 2008-02-29 22:15 . 2008-02-29 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-29 22:14 . 2008-02-29 22:14 <DIR> d-------- C:\Documents and Settings\FT\Programdata\SUPERAntiSpyware.com 2008-02-29 22:13 . 2008-02-29 22:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-29 16:18 . 2008-02-29 20:34 <DIR> d-------- C:\VundoFix Backups 2008-02-21 23:02 . 2008-02-21 23:02 <DIR> d-------- C:\Documents and Settings\FT\Programdata\fretsonfire 2008-02-18 13:23 . 2008-02-29 19:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-18 13:23 . 2008-02-18 13:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Documents and Settings\FT\dwhelper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 13:48 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-02-29 14:10 --------- d-----w C:\Programfiler\Opera 2008-02-28 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-28 18:31 --------- d-----w C:\Programfiler\LimeWire 2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\Vso 2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\CopyToDvd 2008-01-24 14:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro 2008-01-23 09:42 --------- d-----w C:\Programfiler\Yahoo! 2008-01-23 09:06 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-01-14 12:22 --------- d-----w C:\Programfiler\Realtek AC97 2008-01-14 12:20 --------- d-----w C:\Programfiler\Unibrain 2008-01-14 12:19 --------- d-----w C:\Programfiler\Intel Desktop Board 2008-01-14 11:51 --------- d-----w C:\Programfiler\Marvell 2008-01-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-01-11 08:56 --------- d-----w C:\Documents and Settings\FT\Programdata\Nero 2008-01-11 08:54 --------- d-----w C:\Programfiler\Fellesfiler\Nero 2008-01-11 08:52 --------- d-----w C:\Programfiler\Nero 2008-01-11 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero 2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\SlipStream 2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\ONSPEED_TOOLBAR 2008-01-10 08:49 --------- d-----w C:\Programfiler\inKline Global 2008-01-09 19:58 --------- d-----w C:\Documents and Settings\FT\Programdata\Skype 2008-01-09 17:05 --------- d-----w C:\Programfiler\QuickTime 2008-01-09 17:03 --------- d-----w C:\Programfiler\Apple Software Update 2008-01-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-01-09 16:52 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2008-01-09 16:52 --------- d-----w C:\Documents and Settings\FT\Programdata\skypePM 2008-01-09 16:51 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2008-01-01 20:09 --------- d-----w C:\Programfiler\Image-Line 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-10-12 17:32 53,652,801 ----a-w C:\Programfiler\Clue.rar 2007-01-25 20:07 81,920 ----a-w C:\Documents and Settings\FT\Programdata\ezpinst.exe 2007-01-25 20:07 47,360 ----a-w C:\Documents and Settings\FT\Programdata\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc] @={9D1F87E7-4D72-41AB-9D57-D101A08F20E5} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "Logitech Hardware Abstraction Layer"="C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-10-05 21:11 866584] "StartupMonitor"="C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" [2006-07-10 05:16 183296] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-06-17 21:14:37 671744] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "LogitechSoftwareUpdate"=C:\Programfiler\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime "iTunesHelper"="L:\iTunes\iTunesHelper.exe" "RAM Idle Professional"=C:\Programfiler\RAM Idle LE\RAM_XP.exe "NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" "PCSuiteTrayApplication"=C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\Steam.exe"= "C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero deleted scenes\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\day of defeat\\hl.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\empires2.exe"= "C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\age2_x1.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "D:\\Team17\\Worms2\\frontend.exe"= "D:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "D:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "D:\\Programfiler\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32] R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25] R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50] R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-29 21:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-01 13:58:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-02-28 19:26:54 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - FT.job" Lenke til kommentar
RMX02 Skrevet 1. mars 2008 Forfatter Del Skrevet 1. mars 2008 Ny HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03, on 2008-03-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\UAService7.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\FT\Skrivebord\Honda.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=0fa7b5e4874...d8076ddba94e2c0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing) O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [startupMonitor] "C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.mpx.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165485195781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 12653 bytes Lenke til kommentar
norbat Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing) O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing) Hvordan kjører PC-en? Lenke til kommentar
RMX02 Skrevet 1. mars 2008 Forfatter Del Skrevet 1. mars 2008 Ser bra ut nå.. Takk for hjelpen! Lenke til kommentar
norbat Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Avinstaller combofix ved å skrive combofix /u fra kjør-vinduet (Start->Kjør). Dette fjerner programmet, backupfiler, samt nullstiller systemgjenopprettingen. Surf trygt. Lenke til kommentar
r2d290 Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Og deretter, skriv "[LØST]" i starten av emnetittelen din (rediger førsteposten din med full redigering) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå