r2d290 Skrevet 3. mars 2008 Del Skrevet 3. mars 2008 (endret) hallo. Kan dere hjelpe meg med å se over disse loggene? (skal kjøre combofix og ccleaner senere idag.) sas SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/02/2008 at 08:51 PM Application Version : 4.0.1154 Core Rules Database Version : 3412 Trace Rules Database Version: 1404 Scan type : Complete Scan Total Scan Time : 01:21:43 Memory items scanned : 407 Memory threats detected : 0 Registry items scanned : 5602 Registry threats detected : 0 File items scanned : 38009 File threats detected : 376 Adware.Tracking Cookie Trojan.VXGame-Variant/D D:\DC++\DIV.PROG\HAIKERENS.GUIDE.TIL.DVDR.V2.2\1.INSTALL.CINEMA.CRAFT.ENCODER.SP.V2.70.02.10\CINEMA.CRAFT.ENCODER.SP.V2.70.02.10.WINALL.CRACKED-BLIZZARD\CRACKS\B-CCESP2700210AP-PATCH.EXE D:\DC++\DIV.PROG\HAIKERENS.GUIDE.TIL.DVDR.V2.2\1.INSTALL.CINEMA.CRAFT.ENCODER.SP.V2.70.02.10\CINEMA.CRAFT.ENCODER.SP.V2.70.02.10.WINALL.CRACKED-BLIZZARD\CRACKS\B-CCESP2700210SA-PATCH.EXE Trojan.Unclassifed/Loader-Suspicious D:\DC++\DIV.PROG\SPYKILLER 2003 AND SPYHUNTER 2003 AND CRACK\SPYKILLER.2003.1.0.LOADER CRACK\LOADER.EXE Adware.HotBar/ShopperReports (Low Risk) F:\SYSTEM VOLUME INFORMATION\_RESTORE{781CF76D-E01C-43A2-895F-B2962D0AD5FA}\RP70\A0009617.DLL Adware.HotBar (Low Risk) F:\SYSTEM VOLUME INFORMATION\_RESTORE{781CF76D-E01C-43A2-895F-B2962D0AD5FA}\RP70\A0009749.DLL Trace.Known Threat Sources C:\Documents and Settings\Administrator\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HU3G9YZ\zangomessenger_med[1].gif C:\Documents and Settings\Administrator\Lokale innstillinger\Temporary Internet Files\Content.IE5\WDE3CP2R\Spacer[6].gif hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:15:51, on 03.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\MYSECR~1\MSFMON.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Registry Clean Expert\RCHelper.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\No-IP\DUC20.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Programfiler\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Programfiler\Registry Clean Expert\RCHelper.exe" /startup O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: No-IP DUC.lnk = C:\Programfiler\No-IP\DUC20.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.arcadetown.com/swf/cosmicbugs/r64loader.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rabenordberg.spaces.live.com//Photo...ad/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140890031967 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195980987796 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedingfrenz...outLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11623 bytes Endret 3. mars 2008 av r2d290 Lenke til kommentar
norbat Skrevet 3. mars 2008 Del Skrevet 3. mars 2008 Crack-filer er ikke særlig lurt å laste ned Post gjerne combofix-loggen når du har fått kjørt den. Lenke til kommentar
r2d290 Skrevet 3. mars 2008 Forfatter Del Skrevet 3. mars 2008 (endret) (Er ikke min pc, så ikke gi meg et dårlig rykte. Hjelper bare en venn) ComboFix 08-03-03.12 - Kjell Li 2008-03-03 18:50:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.139 [GMT 1:00] Running from: C:\Documents and Settings\Kjell Li\Skrivebord\ComboFix\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Programdata\install.dat C:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx.dat c:\documents and settings\kjell li\lokale innstillinger\programdata\tnytrfdx.exe c:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx_nav.dat c:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx_navps.dat C:\Documents and Settings\Kjell Li\Programdata\inst.exe C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Conditions générales.lnk C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Confidentialité.lnk C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Website.lnk . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-03 18:42 . 2008-03-03 18:42 <DIR> dr-h----- C:\Documents and Settings\Kjell Li\Siste 2008-03-03 18:41 . 2008-03-03 18:41 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\Documents and Settings\Kjell Li\Programdata\SUPERAntiSpyware.com 2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\SUPERAntiSpyware.com 2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-16 10:51 . 2006-02-25 17:35 <DIR> dr------- C:\Documents and Settings\Marius\Start-meny 2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\Skrivere 2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d-------- C:\Documents and Settings\Marius\Skrivebord 2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr-h----- C:\Documents and Settings\Marius\Siste 2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr-h----- C:\Documents and Settings\Marius\Programdata 2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr------- C:\Documents and Settings\Marius\Mine dokumenter 2008-02-16 10:51 . 2006-02-25 17:44 <DIR> d--h----- C:\Documents and Settings\Marius\Maler 2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\Lokale innstillinger 2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr------- C:\Documents and Settings\Marius\Favoritter 2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\AndrMask 2008-02-15 22:57 . 2008-02-25 19:49 <DIR> d-------- C:\Programfiler\XoftSpySE 2008-02-14 19:31 . 2008-02-14 19:31 1,766,824 --a------ C:\WINDOWS\system32\Star Wars Battlefront SS.scr 2008-02-09 17:19 . 2008-02-09 17:19 <DIR> d-------- C:\Programfiler\ConvertXtoDVD 2008-02-09 17:19 . 2008-02-09 17:19 <DIR> d-------- C:\Programfiler\common 2008-02-09 17:19 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-02-09 17:19 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-02-09 17:19 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-02-09 17:19 . 2008-02-09 17:19 47,360 --a------ C:\Documents and Settings\Kjell Li\Programdata\pcouffin.sys 2008-02-04 22:55 . 2008-02-04 22:55 66 --a------ C:\WINDOWS\#1 Video Converter.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 18:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-15 21:56 --------- d-----w C:\Documents and Settings\Kjell Li\Programdata\uTorrent 2008-02-15 21:23 --------- d-----w C:\Programfiler\WonderlandAdventures_at 2008-02-15 21:22 --------- d-----w C:\Programfiler\Cartoon Network 2008-02-10 11:58 --------- d-----w C:\Documents and Settings\Kjell Li\Programdata\Vso 2008-02-09 16:19 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-02-07 22:39 --------- d-----w C:\Programfiler\ESET 2008-02-04 21:51 --------- d-----w C:\Programfiler\VSO 2008-01-15 14:46 --------- d-----w C:\Programfiler\Registry Clean Expert 2008-01-15 11:53 --------- d-----w C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Spybot - Search & Destroy 2008-01-15 10:24 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-01-11 16:28 --------- d-----w C:\Programfiler\Google 2006-08-29 12:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2006-03-24 21:23 774,144 ----a-w C:\Programfiler\RngInterstitial.dll 2005-03-21 18:02 892 ----a-w C:\Programfiler\pcsetup.log 2004-01-08 23:00 58,368 ----a-w C:\Documents and Settings\[bruker]\detect.exe 2003-12-09 19:03 49,152 ----a-w C:\Documents and Settings\[bruker]\update.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "InternetCalls"="C:\Programfiler\InternetCalls.com\InternetCalls\InternetCalls.exe" [2007-04-19 11:35 7116352] "RegClean Expert Scheduler"="C:\Programfiler\Registry Clean Expert\RCHelper.exe" [2007-10-15 21:39 601336] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-04-27 11:54 77824] "Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2005-05-18 13:54 917504] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-03 00:05 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-03-10 15:56 180269] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608] "MSF_Monitor"="C:\PROGRA~1\MYSECR~1\MSFMON.exe" [2007-01-24 23:00 99920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\[bruker]\Start-meny\Programmer\Oppstart\ PowerReg Scheduler V3.exe [2004-04-06 15:09:58 225280] C:\Documents and Settings\Kjell Li\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-11 13:43:41 113664] No-IP DUC.lnk - C:\Programfiler\No-IP\DUC20.exe [2005-03-05 13:20:53 1148416] C:\DOCUME~1\ALLUSE~1.WIN\START-~1\PROGRA~1\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] --a------ 2006-05-07 17:49 3139164 C:\Programfiler\ICQLite\ICQLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot "nwiz"=nwiz.exe /install [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\ICQLite\\ICQLite.exe"= "C:\\Programfiler\\B2BPOKER\\Unibet Poker\\jre\\bin\\javaw.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\Freaky Freezeday\\Freezeday.exe"= "C:\\Programfiler\\MerOmPoker\\jre\\bin\\javaw.exe"= "C:\\Programfiler\\FlashFXP\\flashfxp.exe"= "D:\\DC++\\Div.Prog\\mirc\\mirc32.exe"= "C:\\Programfiler\\uTorrent\\utorrent.exe"= "C:\\Documents and Settings\\Kjell Li\\Skrivebord\\tronds rot\\TvKoo\\TvNoo.exe"= "C:\\Documents and Settings\\Kjell Li\\Skrivebord\\tronds rot\\TvKoo\\viviplay.exe"= "D:\\Trond\\Parabol\\dream\\DB controlCenter\\DCC.exe"= "C:\\Programfiler\\Windows Media Player\\wmplayer.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Documents and Settings\\Kjell Li\\Skrivebord\\utorrent.exe"= "D:\\Trond\\Parabol\\dream\\DremUp\\dreamUp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39] R2 MSF32;MSF32;C:\Programfiler\MySecretFolder XP\MSF32.SYS [2007-01-24 23:00] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 19:21:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe . ************************************************************************** . Completion time: 2008-03-03 19:29:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-03 18:29:23 . 2008-02-13 17:38:01 --- E O F --- Endret 3. mars 2008 av r2d290 Lenke til kommentar
norbat Skrevet 3. mars 2008 Del Skrevet 3. mars 2008 Du kunne ha sjekket følgende to filer på http://virusscan.jotti.org/ C:\Documents and Settings\[bruker]\detect.exe C:\Documents and Settings\[bruker]\update.exe Ut over dette er det ikke så mye å se. Lenke til kommentar
r2d290 Skrevet 3. mars 2008 Forfatter Del Skrevet 3. mars 2008 ok, takk Tror problemene har begynt å rette seg opp. Han har ikke fått noe etter at han kjørte sas og combofix. Skal få sjekket de linjene, og kommer tilbake dersom det skulle komme igjen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå