adservio Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Min datter har fått trojaner og malware på maskinen sin å det krever mer kunnskap enn jeg har, er der noen som kan se igjennom denne hijackthis logfilen for meg? På for hånd takk Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:44:28, on 25.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\PowerKey.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSDCtrl.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Launch Manager\ChkMail.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.online.no/at/sikkerhet/nav.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programfiler\Netcraft Toolbar\nctb.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [ERScw] "C:\Programfiler\Fellesfiler\ErrorSafe\ERScw.exe" -c O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [smartDefrag] "C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ChkMail] "C:\Programfiler\Launch Manager\ChkMail.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-2170510609-2826725583-3278818175-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Linda') O4 - HKUS\S-1-5-21-2170510609-2826725583-3278818175-1005\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime (User 'Linda') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Linda\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://CD-en.drivecleaner.com/installdrivecleanerstart_no.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe Lenke til kommentar
r2d290 Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Ja der var det litt grums kan du kjøre gjennom guiden (LANGVERSONEN) til norbat https://www.diskusjon.no/index.php?showtopic=691246 ? loggene det blir spurt etter, poster du i denne tråden Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 heijeg prøver å kjøre SAS men den har stått stille på en fil i over 30 min nå...hva gjør jeg når ikke den vil gå videre??? Lenke til kommentar
snippsat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Sikkert en fil som er låst eller noe annet sas har problemer med. Forsett bare,logge vi trenger nå er fra combofix. Så kan vi rydde opp litt,og du kan prøve sas senere. Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 Her er combofix. ComboFix 08-03-25.1 - Lise 2008-03-25 20:21:51.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.133 [GMT 1:00] Running from: C:\Documents and Settings\Lise\Lokale innstillinger\Temporary Internet Files\Content.IE5\AEOGT01K\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Linda\err.log C:\Documents and Settings\Linda\Programdata\DriveCleaner 2006 Free C:\Documents and Settings\Linda\Programdata\DriveCleaner 2006 Free\Logs\update.log C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006 C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\Activate.log C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\update.log C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\wa6Support.log C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\winav.log C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\PGE.dat C:\Documents and Settings\Lise\err.log C:\Documents and Settings\Lise\Programdata\DriveCleaner 2006 Free C:\Documents and Settings\Lise\Programdata\DriveCleaner 2006 Free\Logs\update.log C:\Programfiler\FunWebProducts C:\Programfiler\FunWebProducts\ScreenSaver\Images\00809E06.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\00B5A1CD.urr C:\Programfiler\FunWebProducts\Shared\Cache\AvatarSmallBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Programfiler\internet explorer\msimg32.dll C:\Programfiler\MyWebSearch C:\Programfiler\MyWebSearch\bar\1.bin\F3BROVLY.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3IMSTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SHLLVW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\m3Skin.DLL C:\Programfiler\MyWebSearch\bar\1.bin\m3SkPlay.exe C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Programfiler\MyWebSearch\bar\Cache\00051A65.bin C:\Programfiler\MyWebSearch\bar\Cache\00051C69.bin C:\Programfiler\MyWebSearch\bar\Cache\00051E2E.bin C:\Programfiler\MyWebSearch\bar\Cache\00051F86.bin C:\Programfiler\MyWebSearch\bar\Cache\00063710.bin C:\Programfiler\MyWebSearch\bar\Cache\00063971.bin C:\Programfiler\MyWebSearch\bar\Cache\00063C50.bin C:\Programfiler\MyWebSearch\bar\Cache\00063EF0.bin C:\Programfiler\MyWebSearch\bar\Cache\00064113.bin C:\Programfiler\MyWebSearch\bar\Cache\000E2B90 C:\Programfiler\MyWebSearch\bar\Cache\000EAC2A C:\Programfiler\MyWebSearch\bar\Cache\001A6B1F C:\Programfiler\MyWebSearch\bar\Cache\00408AC4 C:\Programfiler\MyWebSearch\bar\Cache\0040DFE9 C:\Programfiler\MyWebSearch\bar\Cache\007BF6CD C:\Programfiler\MyWebSearch\bar\Cache\0265119E C:\Programfiler\MyWebSearch\bar\Cache\files.ini C:\Programfiler\MyWebSearch\bar\History\search2 C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\WINDOWS\system32\autorun.ini C:\WINDOWS\system32\f3PSSavr.scr . ((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))) . 2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Documents and Settings\Lise\Programdata\SUPERAntiSpyware.com 2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-25 18:23 . 2008-03-25 18:23 <DIR> dr-h----- C:\Documents and Settings\Lise\Siste 2008-03-25 15:21 . 2008-03-25 15:21 <DIR> d-------- C:\Documents and Settings\Linda\Programdata\Grisoft 2008-03-24 16:48 . 2008-03-24 16:48 <DIR> d-------- C:\Programfiler\Lavasoft 2008-03-24 16:48 . 2008-03-24 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-24 16:46 . 2008-03-24 16:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-24 16:41 . 2008-03-24 16:41 112 --a------ C:\WINDOWS\ChkMail.Ini 2008-03-24 02:08 . 2008-03-24 02:08 <DIR> d-------- C:\Programfiler\Netcraft Toolbar 2008-03-24 00:10 . 2008-03-24 00:10 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-24 00:00 . 2008-03-24 00:00 <DIR> d-------- C:\Programfiler\IObit 2008-03-23 23:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-23 23:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-23 23:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-23 23:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-23 23:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-23 23:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-23 23:17 . 2008-03-23 23:17 <DIR> d-------- C:\Programfiler\Alwil Software 2008-03-23 23:17 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-23 23:17 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\Lise\Programdata\Grisoft 2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-23 21:37 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-23 21:16 . 2008-03-23 21:16 <DIR> d--hs---- C:\FOUND.019 2008-03-23 13:21 . 2008-03-23 13:21 <DIR> d--hs---- C:\FOUND.018 2008-03-12 19:38 . 2008-03-12 19:38 <DIR> d--hs---- C:\FOUND.017 2008-03-11 16:45 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-03-11 16:45 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2008-03-09 10:58 . 2008-03-09 10:58 <DIR> d--hs---- C:\FOUND.016 2008-03-05 19:37 . 2008-03-05 19:37 <DIR> d--hs---- C:\FOUND.015 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-02 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-03-02 18:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-03-02 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-03-02 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-04-19 10:53 774,144 ----a-w C:\Programfiler\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712] "ChkMail"="C:\Programfiler\Launch Manager\ChkMail.exe" [2005-02-25 16:18 49152] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18 212992] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11 2889728] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05 385024] "HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152] "Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760] "ERScw"="C:\Programfiler\Fellesfiler\ErrorSafe\ERScw.exe" [ ] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 14:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 14:17 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SmartDefrag"="C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-07 23:29 2743552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\Programfiler\\eMule\\emule.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:eMule "4672:UDP"= 4672:UDP:eMule R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys [] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2007-02-08 13:30] S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58] S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00] *Newly Created Service* - AAWSERVICE *Newly Created Service* - COMHOST *Newly Created Service* - INT15.SYS *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2008-03-25 19:25:28 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2007-08-17 15:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-24 21:20:22 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Lise.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK: "2008-03-23 23:01:52 C:\WINDOWS\Tasks\SmartDefrag.job" - C:\Programfiler\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 20:29:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-25 20:30:52 ComboFix-quarantined-files.txt 2008-03-25 19:30:46 . 2008-03-13 09:21:41 --- E O F --- Lenke til kommentar
norbat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Kunne du ha forsøkt og kjørt SAS igjen nå, og sett om den fikk scanne ferdig? Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 Hei igjen SAS stoppet ved samme fila,scanningen fant ikke så mange threats nå,men den kommer ikke videre. Jeg får heller ikke avsluttet scanningen. virker som alt er låst... Lenke til kommentar
snippsat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Ser du filnavet bruker du denne på filen. http://ccollomb.free.fr/unlocker Lenke til kommentar
norbat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Ja, hvilken fil er det SAS stopper på? Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 den stopper på c:/document and settings/lise/send to/min K300i... jeg prøvde å finne den uten hell, men prøver på nytt, er litt redd for å gjøre feil,med den unlockeren...har du en teskje forklaring?? er ikke så veldig flink Lenke til kommentar
snippsat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 (endret) K300i er det mobilen din. Er nok noe software til den som stopper. Start->min datamskin verktøy->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Du skal nå se all filer på pcen. Install unlocker. Gå til c:/document and settings/lise/send to/min K300i Velg fil eller folder"høyere klikk og unlocker" Endret 25. mars 2008 av SNIPPSAT Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 velger jeg slett?? Lenke til kommentar
norbat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 (endret) Hvis K300i-mappa med innhold er noe som brukes, så tror jeg man skal tenke seg om før man begynner å slette noe derfra. At SAS 'låser' seg når den kommer til denne mappa, betyr ikke at det er malware For å fortsette med rensingen av PC-en, så gjør du følgende: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Driver:: esff Boonty Games Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ERScw"=- Du trenger ikke å poste noen ny combofix-logg, da den heretter vil se grei ut. Da det tydeligvis oppstår noe tull når SAS kjører scan mot k300i-mappa, så skal vi kjøre et annet antispywareprogram som forhåpentligvis får kjørt gjennom scannen: Last ned MAM til skrivebordet. Kjør fila og installer programmet. La programmet oppdatere seg og velg å kjør en quick scan. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Show Results-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Remove Selected -knappen for å fjerne malwaren som evt. ble funnet. Når MAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste. Endret 25. mars 2008 av norbat Lenke til kommentar
adservio Skrevet 25. mars 2008 Forfatter Del Skrevet 25. mars 2008 men holder det å ha kjørt unlocker, mappa blir ikke brukt. Lenke til kommentar
norbat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 Hvis k300i ikke blir brukt opp mot PC-en, kan du se om det ligger noe program fra sony ericsson i legg til / fjern programmer. Avinstaller der i så fall derfra først for å se om ikke avinstalleringsprogrammet rydder opp etter seg. Uansett, se tidligere post om et alternativt prog. for scan for malware. Lenke til kommentar
Gjest medlem-105082 Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 (endret) Hvis SAS sitter fast på en fil, så prøv å skru av "Direct Disk Access" under "Preferences->Scanning Control". Kan være det hjelper. Er verdt er forsøk. Endret 25. mars 2008 av medlem-105082 Lenke til kommentar
snippsat Skrevet 25. mars 2008 Del Skrevet 25. mars 2008 men holder det å ha kjørt unlocker, mappa blir ikke brukt Kommer det ingen låshandterer,kan du bare flytte folder til en annen disk så lenge. Eller så følger råd fra norbat og uberninja. Lenke til kommentar
adservio Skrevet 26. mars 2008 Forfatter Del Skrevet 26. mars 2008 endelig her er SAS logfile maskinen er så treg og låser seg. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/26/2008 at 09:35 AM Application Version : 4.0.1154 Core Rules Database Version : 3424 Trace Rules Database Version: 1404 Scan type : Complete Scan Total Scan Time : 00:32:30 Memory items scanned : 357 Memory threats detected : 0 Registry items scanned : 4877 Registry threats detected : 5 File items scanned : 48090 File threats detected : 6 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL Adware.Tracking Cookie C:\Documents and Settings\Lise\Cookies\lise@adtech[1].txt C:\Documents and Settings\Lise\Cookies\[email protected][1].txt C:\Documents and Settings\Lise\Cookies\lise@mediaplex[1].txt C:\Documents and Settings\Lise\Cookies\lise@tribalfusion[1].txt C:\Documents and Settings\Lise\Cookies\lise@tradedoubler[1].txt Lenke til kommentar
adservio Skrevet 26. mars 2008 Forfatter Del Skrevet 26. mars 2008 og her er den Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27, on 2008-03-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.online.no/at/sikkerhet/nav.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programfiler\Netcraft Toolbar\nctb.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [smartDefrag] "C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ChkMail] "C:\Programfiler\Launch Manager\ChkMail.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Linda\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 12741 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå