khbergli Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Trenger hjelp til min bærbare maskin. For ca 2 uker siden ble den utrolig treg. Har kjørt, CCleaner, Superantispyware, AVG virus + Tuneup utilities. Kan ikke si at jeg merker stor forskjell. Ikke helt sikker på hvordan jeg fikk teksten som skult, så beklager.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21, on 2008-03-30 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\WindowsMobile\wmdc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\System32\atwtusb.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\conime.exe C:\Windows\system32\CF28738.exe C:\Windows\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\ComboFix\pv.cfexe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [atwtusb] atwtusb.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifff.dll,#1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://access.easyjetairline.com/vdesk/cac...,2008,0122,2002 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://access.easyjetairline.com/vdesk/ter...llerControl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12327 bytes Lenke til kommentar
snippsat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Hei! Ja du har kjørt combofix før, Ikke avinstalert tenker jeg. Ja samme det vi får rydde opp. Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 30. mars 2008 av SNIPPSAT Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifff.dll,#1 Har du tidligere kjørt Combofix? Kunne du ha slettet mappa C:\ComboFix\pv.cfexe for deretter å ha lastet ned combofix på ny: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Edit: Ble dobbeltpost dette Endret 30. mars 2008 av norbat Lenke til kommentar
khbergli Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Har fulgt rådene fra dere begge nå... Fjernet den linjen i hijackthis.. kjørt en full search med SAS... og lastet ny combifix, og kjørt denne.. Legger ut nye logger av SAS og combifix.. Om dere forteller meg hvordan jeg får lagt loggene i små "linker" istede.. så skal jeg gjøre det, men nå kommer loggene etterhverandre... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/30/2008 at 06:49 PM Application Version : 4.0.1154 Core Rules Database Version : 3427 Trace Rules Database Version: 1419 Scan type : Complete Scan Total Scan Time : 01:14:42 Memory items scanned : 706 Memory threats detected : 0 Registry items scanned : 8158 Registry threats detected : 0 File items scanned : 20723 File threats detected : 15 Adware.Tracking Cookie C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@adtech[1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@tradedoubler[1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@atdmt[2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@doubleclick[1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@revsci[1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@adviva[2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@adrevolver[2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@mediaplex[1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\kenneth@imrworldwide[2].txt C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt ComboFix 08-03-30.2 - Kenneth 2008-03-30 18:55:17.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.1061 [GMT 2:00] Running from: C:\Users\Kenneth\Desktop\ComboFix.exe * Created a new restore point . TimedOut: progfile.dat ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 15:33 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-30 15:29 13,119 ----a-w C:\Users\Kenneth\AppData\Roaming\nvModes.dat 2008-03-30 12:48 --------- d-----w C:\Users\Kenneth\AppData\Roaming\AVG7 2008-03-29 18:12 --------- d-----w C:\Users\Kenneth\AppData\Roaming\SUPERAntiSpyware.com 2008-03-29 18:12 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-29 18:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-29 18:07 --------- d-----w C:\Program Files\CCleaner 2008-03-29 18:00 --------- d-----w C:\Program Files\Trend Micro 2008-03-29 17:54 --------- d-----w C:\Users\Kenneth\AppData\Roaming\Skype 2008-03-29 17:39 --------- d-----w C:\Users\Kenneth\AppData\Roaming\skypePM 2008-03-26 19:04 --------- d-----w C:\ProgramData\daTax 2008-03-26 12:57 --------- d-----w C:\Program Files\daTax 2008-03-24 23:07 --------- d-----w C:\Users\Kenneth\AppData\Roaming\uTorrent 2008-03-24 12:47 174 --sha-w C:\Program Files\desktop.ini 2008-03-24 12:39 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-24 12:39 --------- d-----w C:\Program Files\Windows Mail 2008-03-24 12:39 --------- d-----w C:\Program Files\Windows Calendar 2008-03-22 22:44 38,400 ----a-w C:\Windows\System32\rqrpppq.dll 2008-03-21 18:56 --------- d--h--w C:\Program Files\Opera 2008-03-14 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-11 19:34 --------- d-----w C:\Users\Kenneth\AppData\Roaming\TomTom 2008-03-11 19:33 --------- d-----w C:\Program Files\TomTom HOME 2 2008-03-11 19:32 --------- d-----w C:\Program Files\TomTom HOME 2008-03-07 12:03 --------- d-----w C:\ProgramData\TomTom 2008-03-03 04:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll 2008-03-03 03:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys 2008-03-01 08:14 --------- d-----w C:\ProgramData\Lavasoft 2008-03-01 07:59 --------- d-----w C:\Program Files\Lavasoft 2008-02-29 23:39 102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys 2008-02-17 13:05 --------- d-----w C:\Users\Kenneth\AppData\Roaming\HP 2008-02-17 13:05 --------- d-----w C:\ProgramData\HP 2008-02-14 18:54 --------- d-----w C:\Program Files\SIW 2008-01-30 12:38 --------- d-----w C:\Program Files\Yahoo! 2008-01-25 01:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll 2007-12-20 18:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-20 18:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-20 18:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-20 18:23 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-20 18:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-20 18:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-20 18:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-20 18:20 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-20 18:20 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2007-12-06 16:21 50,688 ----a-w C:\Windows\System32\wbhelp2.dll 2007-11-23 16:53 0 ----a-w C:\Users\Kenneth\AppData\Roaming\sdsce.dll 2007-11-23 14:19 32 ----a-w C:\Users\All Users\ezsid.dat 2007-11-23 14:19 32 ----a-w C:\ProgramData\ezsid.dat 2007-12-06 16:21 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-24 15:47 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 22:58 77824] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:54 579072] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-24 15:06 1481984] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 12:26 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 12:26 7770112] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 12:26 81920] "atwtusb"="atwtusb.exe" [2007-05-15 17:21 323232 C:\WINDOWS\System32\atwtusb.exe] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 11:52 505368] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 11:53 780312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-24 15:02 219136] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-11-24 15:02 9216 C:\WINDOWS\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\Windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{57F4FF3F-FA0F-4757-91B3-7A63FCA0088E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{EC1C817D-139E-4C45-9059-D1C0EBA21C9C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{3A4F4055-10BB-45A0-8AC6-156B0C240589}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7B2080A9-3329-4019-9DC2-11841FD6F9A2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CF7C237D-675F-4BA2-B37C-5B1305FFF134}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{50CF6F00-B719-4379-BDF0-CEE724B9F69B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3D682D24-22AB-4EAB-A576-AA94623FBB4A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DE885CF-D160-4435-85F7-010FF8E707FC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{BD151E3A-B89C-428D-95D0-D8ACB71E2A0E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C59D3E51-78EE-4A54-94CD-542B84771C8F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{BE2633DF-6842-4071-8A02-A20945168EF0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{7358DE34-DEB7-4AC7-A287-FC7CA1D0C721}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{0F30D968-91B8-4423-BC7D-BE832DED49E7}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{EF04C882-6470-423A-80BB-0ED3A4BD009E}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{F7FE6B3A-DE69-4FE3-B684-EB83C0D7B7BD}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{33FE3134-9110-4B3E-B0A7-C7A870686EFC}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "{F1E10CAC-93B5-4A7A-8431-C0334EC3EF26}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5D13F7B8-913A-4C53-8086-293C56FD0C8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{BE1EF9A8-25E1-4474-B3E6-5D4475741D95}"= UDP:C:\Users\Kenneth\AppData\Roaming\Facebook\facebook.exe:Facebook "{A3D51674-95BD-4FB8-A172-30A9CDC3A836}"= TCP:C:\Users\Kenneth\AppData\Roaming\Facebook\facebook.exe:Facebook "TCP Query User{E6598595-7F8F-4C0C-8404-8E7EC9F3C3CA}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{3AB49310-F95E-42EF-9072-3FA5EF63E7F1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{FA8CDD55-D476-463C-9B28-60B35F3CB61A}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{7E528EE3-76BB-43E9-B70E-B63D629AA540}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2007-11-24 15:06] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2007-11-24 15:06] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 10:44] S1 aiptektp;Pen Pad;C:\Windows\system32\DRIVERS\aiptektp.sys [2006-06-06 10:51] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-02-08 16:18:04 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 19:16:31 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-30 19:19:22 ComboFix-quarantined-files.txt 2008-03-30 17:19:12 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-03-24 11:18:04 --- E O F --- Takker for hjelpen... Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Se om du får slettet følgende fil via utforskeren: C:\Windows\System32\rqrpppq.dll Fortell hvordan PC-en kjører. Lenke til kommentar
khbergli Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 (endret) akkurat i det jeg skulle slette den fra folderen kom AVG meg i forkjøpet. Satte den i karantene, så jeg gikk inn og slettet karantene listen.. Maskinen virker klart kvikkere en tidligere i dag.. men den er ikke som den var for 2 uker siden.. jeg får kanskje se ann hvordan den oppfører seg.. Men uten tvil en bedring. Maskinen jobber ikke konstant lenger heller, så det ser lovende ut. Noe mer jeg burde gjøre? Fant den noen virus eller andre skumle saker?? forresten, iexplorer.exe kjører fortsatt med neste på 100% prosessor Endret 30. mars 2008 av khbergli Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Loggen ser heretter fin ut. Du kan godt kjøre en runde med CCleaner. Du kan også avinstallere combofix ved å skrive combofix /u fra kjør-feltet (start->kjør) Det fjerner programet, backups + nullstiller systemgjenopprettingen. I IE: Verktøy->Alternativ for Internett->Avansert Velg: Tilbakestill... Endret 30. mars 2008 av norbat Lenke til kommentar
khbergli Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Supert, takk for hjelpen. Bare sifra om du får problemer med din maskin engang.. :-) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå