nasse222 Skrevet 9. april 2008 Del Skrevet 9. april 2008 (endret) Tok først Combo , så HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:07:27, on 10.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 8200 bytes ------------------------ Combo: ComboFix 08-04-09.5 - HP_Eier 2008-04-10 0:01:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.107 [GMT 2:00] Running from: C:\Documents and Settings\HP_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\D14MEVIY\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\375013\375013.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))) . 2008-04-09 23:54 . 2008-04-09 23:54 <DIR> d-------- C:\Programfiler\Trend Micro 2008-04-09 23:53 . 2008-04-09 23:53 <DIR> d-------- C:\ComboFix 28Mars08 2008-04-09 21:01 . 2008-04-09 21:03 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy2 2008-04-09 20:58 . 2008-04-09 20:58 691,545 --a------ C:\WINDOWS\unins000.exe 2008-04-09 20:58 . 2008-04-09 20:58 2,548 --a------ C:\WINDOWS\unins000.dat 2008-04-09 20:36 . 2008-04-09 20:38 <DIR> d-------- C:\WINDOWS\$regcmp$ 2008-04-09 20:35 . 2008-04-09 20:35 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-04-09 20:35 . 2008-04-09 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-04-09 20:34 . 2008-04-09 20:34 <DIR> d-------- C:\Programfiler\Registry Clean Expert 2008-04-09 20:34 . 2008-04-09 20:34 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\Auslogics 2008-04-09 20:33 . 2008-04-09 20:33 <DIR> d-------- C:\Programfiler\AusLogics Disk Defrag 2008-04-09 20:28 . 2008-04-09 20:31 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\Spyware Terminator 2008-04-09 20:26 . 2008-04-09 20:26 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-04-09 20:25 . 2008-04-09 20:25 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2008-04-09 20:22 . 2008-04-09 20:31 <DIR> d-------- C:\Programfiler\Spyware Terminator 2008-04-09 20:22 . 2008-04-09 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spyware Terminator 2008-04-09 19:44 . 2008-04-09 19:44 <DIR> d-------- C:\Programfiler\Windows Defender 2008-04-09 19:19 . 2008-04-09 19:19 276 --a------ C:\WINDOWS\system32\MRT.INI 2008-04-09 19:16 . 2008-04-09 19:29 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\AVG7 2008-04-09 19:14 . 2008-04-09 19:14 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-04-09 19:13 . 2008-04-09 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-04-09 19:13 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-04-09 19:11 . 2008-04-09 19:23 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-04-09 18:55 . 2008-04-09 18:57 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\SUPERAntiSpyware.com 2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-09 18:50 . 2008-04-09 18:58 <DIR> d-------- C:\Programfiler\NoAdware5.0 2008-04-09 18:49 . 2008-04-09 18:49 <DIR> d-------- C:\Programfiler\ffdshow 2008-04-09 18:49 . 2008-10-02 20:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-04-09 18:49 . 2008-10-02 20:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-04-09 18:49 . 2008-10-02 20:30 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm 2008-04-09 18:49 . 2008-10-02 20:30 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-04-09 16:31 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-04-09 16:31 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-04-09 16:28 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-09 16:28 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-04-09 16:08 . 2008-04-09 19:27 <DIR> d-------- C:\Programfiler\Fellesfiler\AdvancedCleaner 2008-04-04 16:32 . 2008-04-04 16:34 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\RegSweep 2008-04-04 16:31 . 2008-04-04 16:39 <DIR> d-------- C:\Programfiler\RegSweep 2008-04-02 20:43 . 2008-04-02 21:08 <DIR> d-------- C:\Programfiler\MinneSparere 2008-04-02 20:26 . 2008-04-10 00:03 <DIR> d-------- C:\WINDOWS\system32\375013 2008-04-02 20:25 . 2008-04-09 22:03 <DIR> d-------- C:\Programfiler\NetProject 2008-03-29 11:42 . 2008-04-09 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-03-23 23:39 . 2008-03-23 23:39 <DIR> d-------- C:\Programfiler\FBrowserAdvisor 2008-03-22 16:25 . 2008-03-22 16:25 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared 2008-03-22 16:09 . 2008-03-22 16:48 <DIR> d-------- C:\Programfiler\StreamerOne . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 21:51 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-04-09 16:23 --------- d-----w C:\Programfiler\Sonic 2008-04-09 16:23 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-09 16:14 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-04-09 16:13 --------- d-----w C:\Programfiler\Symantec 2008-04-09 15:14 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-04-09 14:58 --------- d-----w C:\Programfiler\Microsoft Works 2008-04-09 14:27 --------- d-----w C:\Programfiler\Google 2008-04-09 14:25 --------- d-----w C:\Programfiler\Cyanide 2008-04-09 14:23 --------- d-----w C:\Programfiler\DivX 2008-04-09 14:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-06 17:38 --------- d-----w C:\Documents and Settings\HP_Eier\Programdata\LimeWire 2008-04-02 18:45 203,792 ----a-w C:\Documents and Settings\HP_Eier\Programdata\setup_no[1].exe 2008-03-29 11:03 6,636 ----a-w C:\Documents and Settings\HP_Eier\Programdata\wklnhst.dat 2008-03-23 23:08 --------- d-----w C:\Programfiler\Java 2008-03-22 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Real 2008-02-20 00:47 --------- d-----w C:\Programfiler\LimeWire . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 05:05 344064] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-09 23:46 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 19:14 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\StreamerOne\\StreamerOne.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= R3 HPKBCCID;HP Keyboard Smart Card Driver;C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys [2006-11-07 04:32] R3 WLD675;3Com 3CRDAG675 Wireless LAN PCI Adapter;C:\WINDOWS\system32\DRIVERS\wld675f.sys [2003-07-10 12:00] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-14 20:44:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-03-12 19:27:50 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml "2008-04-09 21:53:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 00:03:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-10 0:05:10 ComboFix-quarantined-files.txt 2008-04-09 22:05:01 Pre-Run: 152,432,685,056 byte ledig Post-Run: 152,423,268,352 byte ledig . 2008-04-09 17:24:01 --- E O F --- Endret 9. april 2008 av nasse222 Lenke til kommentar
r2d290 Skrevet 10. april 2008 Del Skrevet 10. april 2008 (endret) kjør BARE hijackthis, søk gjennom, sett hake foran følgende linjer, og trykk fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll edit: du har tre forskjellige spyware-programmer: spyware terminator spybot search and destroy superantispyware jeg fårslår at du beholder et (gjerne det siste), og avinstallerer resten med legg til/fjern programmer. Du har både AVG og Norton på maskinen din. Velg et av de. Hvis du alerede har prøvd å avinstallere norton, så har du ikke fått med deg alt. kjør isåfall Norton removal tool. Combofix-loggen får noen andre se på Endret 10. april 2008 av r2d290 Lenke til kommentar
norbat Skrevet 10. april 2008 Del Skrevet 10. april 2008 Avinstaller fra legg til/fjern programmer, hvis mulig: NetProject Minnesparere AdvancedCleaner NoAdware5.0 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\imsins.BAK Folder:: C:\Programfiler\NetProject C:\WINDOWS\system32\375013 C:\Programfiler\MinneSparere C:\Programfiler\Fellesfiler\AdvancedCleaner C:\Programfiler\NoAdware5.0 Post Combofix-loggen + ny hjt-logg. Lenke til kommentar
nasse222 Skrevet 10. april 2008 Forfatter Del Skrevet 10. april 2008 takker for svar, men lynet tok knekken på pcen!!!!! At det går ann Jaja, det kommer sikkert fler spørsmål fra meg etterhvert... Ikke akkurat dagen min idag, spysyke, ryggoperert, nakkesleng etter bilulykke, og mistet lappen etter å ha knust Mercedesen min.. Heja Nårje.. Men takk for svar og hjelp!!! Mvh Nasse-søvnløs. Lenke til kommentar
r2d290 Skrevet 10. april 2008 Del Skrevet 10. april 2008 er det mulig jaja... du får si ifra hvis det blir flere problemer da... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå