Spyware program, SUPERAntispyware?

[lasse_hansen87]

Hei sann!

 

Jeg bruker SUPERAntispyware 4.0 Pro...

Og lurer på å kjøpe Spyware Doctor, men er det noe vits??

Ettersom jeg har SUPERAntispyware??

Går disse evt sammen utenatt det blir problemer?

[snippsat]

lurer på å kjøpe Spyware Doctor

Nei spar de pengene og bruk SUPERAntispyware.

 

Skulle du ha mistanke om noe,kan du poste en HijackThis logg her.

Da vil du bli guidet og få fjernet alt,selv de vansklige fjernes greit.

Med bruk av litt vektøy som ikke er så allment kjent.

Endret 3. mars 2008 av SNIPPSAT

[Opelduude]

Hei sann!

 

Jeg bruker SUPERAntispyware 4.0 Pro...

Og lurer på å kjøpe Spyware Doctor, men er det noe vits??

Ettersom jeg har SUPERAntispyware??

Går disse evt sammen utenatt det blir problemer?

 

Tror ikke du trenger mer enn et antivirus program. Jeg har Avg free edition og laster ned superantispyware når jeg tar en grundig skjekk på pc-en.

[lasse_hansen87]

da sparer vi de pengene.. tenkte bare å være helt sikker.. Men du/dere mener SUPERAntispyware er bra nok??

 

Hvordan får jeg laget en HijackThis logg for så å legge den inn her?

[snippsat]

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

 

Men du/dere mener SUPERAntispyware er bra nok??

SUPERAntispyware er en av de beste der ute og den vi anbefaler og bruke.

Endret 3. mars 2008 av SNIPPSAT

[lasse_hansen87]

okay, skal gjøre det nå..

[lasse_hansen87]

her er alt jeg fikk opp i notisblokka:

 

HijackThis loggLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:38:54, on 03.03.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Norton 360\ScanStub.exe

C:\Users\Malin og Lasse\Desktop\HijackThis logg\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 7860 bytes

 

 

gjorde jeg riktig?

[snippsat]

Loggen ser bra ut den.

 

Kjør en runde med combofix,denne kan si litt mere.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

Restart og en ny HijackThis logg.

[lasse_hansen87]

ComboFix:

 

ComboFix 08-03-03.16 - Sjefen 03.03.2008 23:48:29.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.919 [GMT 1:00]

Running from: C:\Users\Malin og Lasse\Desktop\ComboFix\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))

.

 

2008-03-03 22:47 . 03.03.2008 22:47 <DIR> d-------- C:\Users\Sjefen\AppData\Roaming\SUPERAntiSpyware.com

2008-03-03 22:46 . 03.03.2008 22:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-29 19:17 . 29.02.2008 19:17 <DIR> d-------- C:\Windows\PCHEALTH

2008-02-29 19:15 . 29.02.2008 19:17 <DIR> d-------- C:\Program Files\Windows Live

2008-02-29 19:15 . 29.02.2008 19:17 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-29 19:14 . 29.02.2008 19:14 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-02-29 19:14 . 29.02.2008 19:14 <DIR> d-------- C:\ProgramData\WLInstaller

2008-02-27 12:18 . 27.02.2008 12:19 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-02-14 02:23 . 14.02.2008 02:23 <DIR> d-------- C:\Users\All Users\FLEXnet

2008-02-14 02:23 . 14.02.2008 02:23 <DIR> d-------- C:\ProgramData\FLEXnet

2008-02-14 02:17 . 17.02.2008 22:32 <DIR> d-------- C:\Users\All Users\Adobe

2008-02-14 02:17 . 14.02.2008 02:17 <DIR> d-------- C:\Program Files\Bonjour

2008-02-14 02:11 . 14.02.2008 02:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-02-14 02:09 . 17.02.2008 22:32 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-02-13 14:25 . 13.02.2008 14:25 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-13 14:25 . 13.02.2008 14:25 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-13 14:22 . 13.02.2008 14:22 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-02-13 14:22 . 13.02.2008 14:22 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe

2008-02-13 14:22 . 13.02.2008 14:22 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-02-13 14:22 . 13.02.2008 14:22 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-02-13 14:22 . 13.02.2008 14:22 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-02-13 14:22 . 13.02.2008 14:22 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-02-13 14:22 . 13.02.2008 14:22 17,464 --a------ C:\Windows\System32\drivers\intelide.sys

2008-02-13 14:22 . 13.02.2008 14:22 15,928 --a------ C:\Windows\System32\drivers\pciide.sys

2008-02-13 14:21 . 13.02.2008 14:21 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 14:21 . 13.02.2008 14:21 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-02-13 14:21 . 13.02.2008 14:21 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-02-13 14:21 . 13.02.2008 14:21 216,632 --a------ C:\Windows\System32\drivers\netio.sys

2008-02-13 14:21 . 13.02.2008 14:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-02-13 14:21 . 13.02.2008 14:21 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-02-13 14:21 . 13.02.2008 14:21 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-02-13 14:18 . 13.02.2008 14:18 1,244,672 --a------ C:\Windows\System32\mcmde.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-03 22:27 --------- d-----w C:\Users\Malin og Lasse\AppData\Roaming\uTorrent

2008-03-03 21:56 --------- d-----w C:\ProgramData\Symantec

2008-03-03 21:47 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-03-03 21:35 --------- d-----w C:\ProgramData\NVIDIA

2008-02-22 08:16 --------- d-----w C:\Program Files\Opera

2008-02-13 13:21 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 13:21 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 13:21 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 13:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 13:19 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 13:19 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 13:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 13:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-12 11:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-05 15:00 --------- d-----w C:\Program Files\Norton 360

2008-01-30 23:36 --------- d-----w C:\Users\Sjefen\AppData\Roaming\uTorrent

2008-01-30 23:33 --------- d-----w C:\Program Files\uTorrent

2008-01-25 12:41 --------- d-----w C:\Users\Malin og Lasse\AppData\Roaming\Apple Computer

2008-01-25 11:38 --------- d-----w C:\Users\Sjefen\AppData\Roaming\Apple Computer

2008-01-25 11:38 --------- d-----w C:\ProgramData\Apple Computer

2008-01-25 11:38 --------- d-----w C:\Program Files\QuickTime

2008-01-25 11:38 --------- d-----w C:\Program Files\iTunes

2008-01-25 11:38 --------- d-----w C:\Program Files\iPod

2008-01-25 11:36 --------- d-----w C:\Program Files\Common Files\Apple

2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-01-11 19:08 --------- d-----w C:\Program Files\Java

2008-01-11 19:07 --------- d-----w C:\Program Files\Common Files\Java

2008-01-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-08 19:26 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-08 19:26 --------- d-----w C:\Program Files\Windows Mail

2008-01-08 19:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-01-08 19:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-01-08 19:23 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-12-12 00:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-12 00:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-12 00:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-11 17:52 356,352 ----a-w C:\Windows\System32\NVUNINST.EXE

2007-12-05 16:07 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2007-12-05 16:06 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2007-12-05 15:40 509,952 ----a-w C:\Windows\CapiCom.dll

2007-11-30 21:10 22,328 ----a-w C:\Users\Sjefen\AppData\Roaming\PnkBstrK.sys

2007-11-29 16:40 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08.01.2008 20:23 1232896]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [23.10.2007 14:18 202024]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03.03.2008 22:43 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [29.11.2007 17:33 1006264]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19.01.2007 11:49 49152]

"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [20.08.2007 15:58 1671168]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14.03.2007 19:10 116328]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12.03.2007 10:22 517768]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11.04.2007 15:32 56080 C:\Windows\KHALMNPR.Exe]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01.03.2007 14:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20.09.2007 08:51 1836328]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11 132496]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 15:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16 39792]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [11.12.2007 17:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11.12.2007 17:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11.12.2007 17:06 81920]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-29 18:27:29 692224]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{08ED6A4F-AD51-4ADB-BAD1-DB009B689F23}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{75E617EC-D3CF-4EC9-9D46-7A83E5CC3452}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{5D53B59F-7B67-4B46-84BC-2128F7F32283}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{BE8D6C38-A657-42D6-B08E-9A52C4CB76E2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{0E474796-A590-489C-8BBA-277E182F6875}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{32D2FE45-C01C-4D1C-B98F-8C42B3351DD8}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{740729E1-9EC2-4204-B047-02C85DBCE86E}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"{78D67122-E6F7-4863-A78A-2ACFB6DA7D01}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"{F2FEF399-278A-483A-A61C-AC3780153121}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{53A3E401-3239-4D4F-B9F6-3FD4E4004B40}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{FF2036D4-EE48-472E-8E23-A2604325F769}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{40544AE8-7E77-40D1-8381-BBAAA00EC302}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{0CF113D1-F11D-4F2A-AFA0-8C9588E9AA23}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [13.02.2008 17:18]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [16.08.2007 13:49]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [09.01.2007 23:32]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [21.12.2007 19:18]

 

*Newly Created Service* - COMHOST

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-03 23:49:37

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 03.03.2008 23:50:10

.

2008-02-29 12:02:19 --- E O F ---

 

 

så restartet jeg og tok denne:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:53:58, on 03.03.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Opera\Opera.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Users\Malin og Lasse\Desktop\HijackThis logg\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 7488 bytes

[lasse_hansen87]

Gjorde jeg riktig?

 

Pcèn funker helt fint, så det er sagt...

[snippsat]

Ja dette så jo bra ut loggene er rene

 

Så norton har gjort en bra jobb og kombinasjon med SUPERAntispyware holder dette fint.

 

Til oppryddning og register rensing anbefales CCleaner

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

Endret 3. mars 2008 av SNIPPSAT

[lasse_hansen87]

Hvordan får jeg opp kjør-vinduet i Vista??

Bruker forresten CCleaner... Godt og høre at loggene var rene..

[lasse_hansen87]

fant det nå... men får bare beskjed om at den ikke finner combofix, jeg sletta mappa på skrivebordet og loggen som lagret seg manuelt jeg =O

Hva gjør jeg da??

[snippsat]

Trykk Win + R skulle vel virke.

Lim innn fet tekst combofix /u

 

Og får du gjenopprettet mappen gjør du det.

Eller så så gjør du det dette.

 

Kontrollpanel->system->systemgjenoppretting[slå av systemgjenoppretting ->restart]-*-[slå på systemgjenoppretting igjen]

Endret 3. mars 2008 av SNIPPSAT

[lasse_hansen87]

har limet det inn, det funker ikke...

får bare beskjed om at den ikke finner combofix, jeg sletta mappa på skrivebordet og loggen som lagret seg manuelt jeg =O

Hva gjør jeg da??

 

Søppelkassen er tømt.. og får ikke gjennopprettet

 

hva skjer om jeg gjør det da? hørtes skummelt ut.. hehe

Endret 3. mars 2008 av lasse958

[snippsat]

Gjøre det siste jeg postet over så er det greit

[lasse_hansen87]

Kan jeg ikke bare slette Systemgjenopprettings point da?

 

Mulig jeg er dum, men finner ikke der jeg kan slå det av. hehe

[lasse_hansen87]

Da fant jeg ut av det se, og da vet det gjort..

En siste ting, hvorfor bruker SUPERAntispyware brått så lang tid på å starte opp i førsten??

Gjorde brått det nå etter jeg oppgraderte fra versjon 3.9 til 4.0

[snippsat]

Ikke sikker på åssen det er i vista.

 

Men har flere triks.

 

Start->kjør

Lim inn fet tekst %systemroot%\system32\restore\rstrui.exe

 

Så kan du lage et gjennoppretting tidpunkt for i dag.

 

Får du ikke dette til ikke tenke mere på det.

Pcen din var ren så om du setter den tilbake med systemgjennoppretting er det greit.

 

hvorfor bruker SUPERAntispyware brått så lang tid på å starte opp i førsten??

He ingen anelse

Endret 3. mars 2008 av SNIPPSAT

[lasse_hansen87]

men uansett, tusen takk for all hjelp.. Du var til STOR hjelp!