1915 Skrevet 12. april 2008 Del Skrevet 12. april 2008 (endret) jeg blir ikke kvitt poppup. jeg har nettopp formatert maskinen. men jeg blir ikke kvitt poppup ;O noen som kan hjelpe meg med å bli kvitt det ? =) hijackthis log: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:54:22, on 12.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Documents and Settings\laptop\Mine dokumenter\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adbutlers.com/www/index.php?/ca...tion/go/cid/31/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4951BB5B-4028-41B8-8A2A-0FE83CD46F53}: NameServer = 10.0.0.138 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6338 bytes combofix log Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-11.8 - laptop 2008-04-12 16:59:31.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.557 [GMT 2:00] Running from: C:\Documents and Settings\laptop\Mine dokumenter\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))) . 2008-04-12 13:54 . 2008-04-12 13:54 <DIR> dr-h----- C:\Documents and Settings\laptop\Siste 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\SUPERAntiSpyware.com 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-11 19:04 . 2008-04-11 19:04 <DIR> d-------- C:\WINDOWS\Sun 2008-04-08 21:56 . 2008-04-08 21:56 244 --ah----- C:\sqmnoopt08.sqm 2008-04-08 21:56 . 2008-04-08 21:56 232 --ah----- C:\sqmdata08.sqm 2008-04-08 20:12 . 2008-04-08 20:12 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\vlc 2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programfiler\iTunes 2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programfiler\iPod 2008-04-08 20:00 . 2008-04-12 12:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-08 20:00 . 2008-04-08 20:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-08 18:56 . 2008-04-08 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!a 2008-04-08 18:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-08 18:54 . 2008-04-08 18:54 382 --a------ C:\WINDOWS\ODBC.INI 2008-04-08 18:52 . 2008-04-08 18:52 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-08 18:51 . 2008-04-08 18:52 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-08 18:51 . 2008-04-08 18:51 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-04-08 18:50 . 2008-04-09 17:23 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\Ahead 2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Programfiler\Nero 2008-04-08 18:48 . 2008-04-08 18:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-04-08 18:47 . 2008-04-08 18:56 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2008-04-08 18:45 . 2008-04-08 18:45 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-04-08 18:45 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-08 18:43 . 2008-04-08 18:43 <DIR> dr-h----- C:\MSOCache 2008-04-08 18:41 . 2008-04-08 18:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-08 18:41 . 2008-04-08 18:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-08 18:40 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-04-08 18:40 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-04-08 18:40 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-04-08 18:40 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll 2008-04-08 18:39 . 2008-04-12 02:02 <DIR> d-------- C:\Programfiler\LogMeIn 2008-04-08 18:39 . 2008-04-08 19:52 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\Proxy burn 2008-04-08 18:39 . 2008-04-08 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log 2008-04-08 18:39 . 2008-04-08 18:40 1,024 --a------ C:\.rnd 2008-04-08 18:38 . 2008-04-08 19:51 <DIR> d-------- C:\Programfiler\Messenger Plus! Live 2008-04-08 18:38 . 2008-04-08 18:38 <DIR> d-------- C:\Programfiler\DVDFab Decrypter 3 2008-04-08 18:38 . 2008-04-08 18:38 <DIR> d-------- C:\Programfiler\Circle Developement 2008-04-08 18:37 . 2008-04-08 18:37 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-04-08 18:36 . 2008-04-08 18:36 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer 2008-04-08 18:34 . 2008-04-12 13:53 <DIR> d-------- C:\Downloads 2008-04-08 18:33 . 2008-04-08 18:33 <DIR> d-------- C:\Programfiler\uTorrent 2008-04-08 18:33 . 2008-04-12 16:59 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\uTorrent 2008-04-08 18:31 . 2008-04-08 19:26 <DIR> d-------- C:\Programfiler\Winamp 2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\Programfiler\Guitar Pro 4 2008-04-08 18:31 . 2008-04-08 19:25 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\Winamp 2008-04-08 18:30 . 2008-04-08 18:30 <DIR> d-------- C:\Programfiler\Audacity 2008-04-08 18:14 . 2008-04-08 18:16 <DIR> d-------- C:\Guitar Pro Tabs 2008-04-08 18:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-08 18:09 . 2008-04-08 18:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-08 18:01 . 2008-04-08 18:22 <DIR> d-------- C:\That 70s show 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 14:59 --------- d-----w C:\Programfiler\ESET 2008-04-12 10:30 --------- d-----w C:\Programfiler\Steam 2008-04-08 18:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-04-08 17:59 --------- d-----w C:\Programfiler\QuickTime 2008-04-08 17:52 --------- d-----w C:\Programfiler\Apple Software Update 2008-04-08 17:51 --------- d-----w C:\Programfiler\Proxy burn 2008-04-08 17:03 --------- d-----w C:\Programfiler\Yahoo! 2008-04-08 16:09 --------- d-----w C:\Programfiler\Java 2008-04-08 15:55 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-04-08 15:55 --------- d-----w C:\Programfiler\DAEMON Tools 2008-04-08 15:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-04-08 15:53 --------- d-----w C:\Documents and Settings\laptop\Programdata\Apple Computer 2008-04-08 15:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7517.sys 2008-04-08 15:52 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-08 15:52 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-04-08 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-04-08 15:50 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-04-08 15:50 299,392 ----a-w C:\WINDOWS\system32\imon.dll 2008-04-08 15:50 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-08 15:50 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-04-08 15:49 --------- d-----w C:\Programfiler\Windows Live 2008-04-08 15:49 --------- d-----w C:\Programfiler\CCleaner 2008-04-08 15:47 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-04-08 15:46 --------- d-----w C:\Programfiler\VideoLAN 2008-04-08 15:44 --------- d-----w C:\Programfiler\CONEXANT 2008-04-08 15:44 --------- d-----w C:\Programfiler\Broadcom 2008-04-08 15:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-08 15:43 --------- d-----w C:\Programfiler\NetWaiting 2008-04-08 15:43 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-08 15:41 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-04-08 15:34 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-08 15:32 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-08 15:32 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-02-18 09:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll 2007-08-09 11:08 8,784 ----a-w C:\Programfiler\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 11:10 245,408 ----a-w C:\Programfiler\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-04-08 19:28 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016] "nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-04-08 17:50 950664] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkipTime] --a------ 2008-04-08 19:51 422400 C:\DOCUME~1\laptop\PROGRA~1\PROXYB~1\barb bat spam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater] --a------ 2006-02-26 01:41 118485 C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vc log bows face] C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log\Seek beep.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-12 15:00:08 C:\WINDOWS\Tasks\AA873F0E9198B97E.job" - c:\docume~1\laptop\progra~1\proxyb~1\baitblue1.exe "2008-04-11 18:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 17:01:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-12 17:01:54 ComboFix-quarantined-files.txt 2008-04-12 15:01:49 Pre-Run: 46,869,090,304 byte ledig Post-Run: 46,857,981,952 byte ledig Endret 14. april 2008 av Danielsm Lenke til kommentar
snippsat Skrevet 12. april 2008 Del Skrevet 12. april 2008 Kopiere fet tekst->lim inn i notisblokk. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet,Post logg c:\combofix.txt File:: C:\sqmnoopt08.sqm C:\sqmdata08.sqm C:\WINDOWS\Tasks\AA873F0E9198B97E.job Avinstalere alt med "Messenger Plus" Bruk ikke "plus" bruk vanlig Messenger. Kjenner du til denne filen? c:\docume~1\laptop\progra~1\proxyb~1\baitblue1.exe Kan scanne her Jotti Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Kjør en runde med SAS. Se om dette hjelper. Lenke til kommentar
norbat Skrevet 12. april 2008 Del Skrevet 12. april 2008 (endret) (Problemet ditt er at du har installert Messenger Plus! Live inkl. sponsorprogrammet. Denne fører med seg Lop.com adware. Messenger Plus! er rimelig flink til å rydde opp etter seg, om du avinstallerer det.) Endret 12. april 2008 av norbat Lenke til kommentar
1915 Skrevet 13. april 2008 Forfatter Del Skrevet 13. april 2008 sånn. har fjernet msgplus live. og jort det han sa med combofix jeg kjører ccleaner flere ganger daglig ny log: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-11.8 - laptop 2008-04-13 12:22:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.491 [GMT 2:00] Running from: C:\Documents and Settings\laptop\Mine dokumenter\ComboFix.exe Command switches used :: C:\Documents and Settings\laptop\Skrivebord\CFScript.txt.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\sqmdata08.sqm C:\sqmnoopt08.sqm C:\WINDOWS\Tasks\AA873F0E9198B97E.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata08.sqm C:\sqmnoopt08.sqm . ((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))) . 2008-04-13 12:21 . 2008-04-13 12:21 <DIR> dr-h----- C:\Documents and Settings\laptop\Siste 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\SUPERAntiSpyware.com 2008-04-12 00:40 . 2008-04-12 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-11 19:04 . 2008-04-11 19:04 <DIR> d-------- C:\WINDOWS\Sun 2008-04-08 20:12 . 2008-04-08 20:12 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\vlc 2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programfiler\iTunes 2008-04-08 20:00 . 2008-04-08 20:00 <DIR> d-------- C:\Programfiler\iPod 2008-04-08 20:00 . 2008-04-12 12:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-08 20:00 . 2008-04-08 20:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-08 18:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-08 18:54 . 2008-04-08 18:54 382 --a------ C:\WINDOWS\ODBC.INI 2008-04-08 18:52 . 2008-04-08 18:52 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-08 18:51 . 2008-04-08 18:52 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-08 18:51 . 2008-04-08 18:51 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-04-08 18:50 . 2008-04-09 17:23 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\Ahead 2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Programfiler\Nero 2008-04-08 18:48 . 2008-04-08 18:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-04-08 18:47 . 2008-04-08 18:56 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2008-04-08 18:45 . 2008-04-08 18:45 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-04-08 18:45 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-08 18:43 . 2008-04-08 18:43 <DIR> dr-h----- C:\MSOCache 2008-04-08 18:41 . 2008-04-08 18:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-08 18:41 . 2008-04-08 18:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-08 18:40 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-04-08 18:40 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-04-08 18:40 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-04-08 18:40 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll 2008-04-08 18:39 . 2008-04-13 07:46 <DIR> d-------- C:\Programfiler\LogMeIn 2008-04-08 18:39 . 2008-04-13 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log 2008-04-08 18:39 . 2008-04-08 18:40 1,024 --a------ C:\.rnd 2008-04-08 18:38 . 2008-04-08 18:38 <DIR> d-------- C:\Programfiler\DVDFab Decrypter 3 2008-04-08 18:37 . 2008-04-08 18:37 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-04-08 18:36 . 2008-04-08 18:36 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer 2008-04-08 18:34 . 2008-04-12 13:53 <DIR> d-------- C:\Downloads 2008-04-08 18:33 . 2008-04-08 18:33 <DIR> d-------- C:\Programfiler\uTorrent 2008-04-08 18:33 . 2008-04-13 12:24 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\uTorrent 2008-04-08 18:31 . 2008-04-08 19:26 <DIR> d-------- C:\Programfiler\Winamp 2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\Programfiler\Guitar Pro 4 2008-04-08 18:31 . 2008-04-08 19:25 <DIR> d-------- C:\Documents and Settings\laptop\Programdata\Winamp 2008-04-08 18:30 . 2008-04-08 18:30 <DIR> d-------- C:\Programfiler\Audacity 2008-04-08 18:14 . 2008-04-08 18:16 <DIR> d-------- C:\Guitar Pro Tabs 2008-04-08 18:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-08 18:09 . 2008-04-08 18:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-08 18:01 . 2008-04-08 18:22 <DIR> d-------- C:\That 70s show 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 14:59 --------- d-----w C:\Programfiler\ESET 2008-04-12 10:30 --------- d-----w C:\Programfiler\Steam 2008-04-08 18:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-04-08 17:59 --------- d-----w C:\Programfiler\QuickTime 2008-04-08 17:52 --------- d-----w C:\Programfiler\Apple Software Update 2008-04-08 17:03 --------- d-----w C:\Programfiler\Yahoo! 2008-04-08 16:09 --------- d-----w C:\Programfiler\Java 2008-04-08 15:55 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-04-08 15:55 --------- d-----w C:\Programfiler\DAEMON Tools 2008-04-08 15:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-04-08 15:53 --------- d-----w C:\Documents and Settings\laptop\Programdata\Apple Computer 2008-04-08 15:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7517.sys 2008-04-08 15:52 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-08 15:52 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-04-08 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-04-08 15:50 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-04-08 15:50 299,392 ----a-w C:\WINDOWS\system32\imon.dll 2008-04-08 15:50 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-08 15:50 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-04-08 15:49 --------- d-----w C:\Programfiler\Windows Live 2008-04-08 15:49 --------- d-----w C:\Programfiler\CCleaner 2008-04-08 15:47 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-04-08 15:46 --------- d-----w C:\Programfiler\VideoLAN 2008-04-08 15:44 --------- d-----w C:\Programfiler\CONEXANT 2008-04-08 15:44 --------- d-----w C:\Programfiler\Broadcom 2008-04-08 15:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-08 15:43 --------- d-----w C:\Programfiler\NetWaiting 2008-04-08 15:43 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-08 15:41 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-04-08 15:34 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-08 15:32 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-08 15:32 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-02-18 09:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll 2007-08-09 11:08 8,784 ----a-w C:\Programfiler\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 11:10 245,408 ----a-w C:\Programfiler\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-04-08 19:28 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016] "nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-04-08 17:50 950664] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkipTime] C:\DOCUME~1\laptop\PROGRA~1\PROXYB~1\barb bat spam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater] --a------ 2006-02-26 01:41 118485 C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vc log bows face] C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log\Seek beep.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-11 18:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 12:24:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-13 12:24:38 ComboFix-quarantined-files.txt 2008-04-13 10:24:33 ComboFix2.txt 2008-04-12 15:01:54 Pre-Run: 46,794,629,120 byte ledig Post-Run: 46,785,794,048 byte ledig Lenke til kommentar
norbat Skrevet 13. april 2008 Del Skrevet 13. april 2008 Opprett en ny CFScript-fil med følgende innhold og dra fila over combofix-iconet igjen>: Folder:: C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkipTime] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vc log bows face] Trenger ingen nye logger. Kjører PC-en ok? Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (Start->Kjør) Hvis du anser problemet som løst, redigerer du emnetittelen ved å skrive [LØST] framfor tittelen. Du redigerer emnetittelen ved å redigere 1.posten din. Surf trygt. Lenke til kommentar
1915 Skrevet 13. april 2008 Forfatter Del Skrevet 13. april 2008 det funket takker for svar. den kjører normalt nå Lenke til kommentar
r2d290 Skrevet 13. april 2008 Del Skrevet 13. april 2008 Fint Da kan du endre emnetittelen din, ved å redigere førsteposten din og velge "full redigering". Så kan du skrive: [LØST] i starten av emnetittelen din. Dette vil gjøre det mer oversiktlig på forumet... Lenke til kommentar
1915 Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 (endret) jeg får popupp på stasjonær pcn min også. så her kommer det logg : hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 07:49:28, on 14.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\programfiler\powerstrip\pstrip.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\msiexec.exe E:\Progs\VirusProg\hijackthis_sfx\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knightstar.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rockstargames.com/register/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [acebolt] C:\DOCUME~1\Daniel\PROGRA~1\BAGSTY~1\Bias Readme.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe combofixlog: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-13.2 - Daniel 2008-04-14 7:51:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2529 [GMT 2:00] Running from: C:\Documents and Settings\Daniel\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Scare.dll . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-11 19:15 . 2008-04-14 07:48 <DIR> dr-h----- C:\Documents and Settings\Daniel\Siste 2008-04-10 15:12 . 2008-04-10 15:12 <DIR> d-------- C:\Programfiler\Microsoft Games 2008-04-09 20:33 . 2008-04-09 20:33 244 --ah----- C:\sqmnoopt04.sqm 2008-04-09 20:33 . 2008-04-09 20:33 232 --ah----- C:\sqmdata04.sqm 2008-04-08 15:33 . 2008-04-08 15:33 244 --ah----- C:\sqmnoopt03.sqm 2008-04-08 15:33 . 2008-04-08 15:33 232 --ah----- C:\sqmdata03.sqm 2008-04-08 06:45 . 2008-04-08 06:45 244 --ah----- C:\sqmnoopt02.sqm 2008-04-08 06:45 . 2008-04-08 06:45 232 --ah----- C:\sqmdata02.sqm 2008-04-07 16:39 . 2008-04-07 16:39 <DIR> d-------- C:\Programfiler\iPod 2008-04-07 16:39 . 2008-04-13 13:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-07 16:39 . 2008-04-07 16:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-07 16:38 . 2008-04-07 16:39 <DIR> d-------- C:\Programfiler\QuickTime 2008-04-06 15:07 . 2008-04-06 15:07 244 --ah----- C:\sqmnoopt01.sqm 2008-04-06 15:07 . 2008-04-06 15:07 232 --ah----- C:\sqmdata01.sqm 2008-04-01 08:10 . 2008-04-01 08:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-04-01 08:08 . 2008-04-01 08:08 <DIR> d-------- C:\Programfiler\Yahoo! 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-26 15:04 . 2008-03-26 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-26 15:03 . 2008-03-26 15:05 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-26 15:03 . 2008-03-26 15:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-26 15:03 . 2008-03-26 15:03 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\SUPERAntiSpyware.com 2008-03-25 22:36 . 2008-03-25 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2008-03-25 22:18 . 2008-03-25 22:18 <DIR> d-------- C:\Programfiler\Messenger Plus! Live 2008-03-25 22:18 . 2008-03-25 22:18 <DIR> d-------- C:\Programfiler\Circle Developement 2008-03-25 22:18 . 2008-03-25 22:18 <DIR> d-------- C:\Programfiler\BAGSTYPELIVE 2008-03-25 22:18 . 2008-03-25 22:18 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\BAGSTYPELIVE 2008-03-25 22:18 . 2008-03-25 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\close poke frag ooze 2008-03-25 21:53 . 2008-04-10 13:59 <DIR> d-------- C:\Programfiler\Minefield 2008-03-25 18:49 . 2008-03-25 18:49 <DIR> d-------- C:\Programfiler\Windows Live 2008-03-25 18:40 . 2008-03-25 18:40 <DIR> d-------- C:\Documents and Settings\Daniel\.config 2008-03-25 18:35 . 2008-03-25 18:36 <DIR> d-------- C:\Documents and Settings\Daniel\Contacts 2008-03-25 17:27 . 2008-03-25 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-03-25 17:11 . 2008-03-25 17:11 <DIR> d-------- C:\Programfiler\Sony Ericsson 2008-03-20 20:40 . 2008-03-20 20:40 <DIR> d-------- C:\Programfiler\BearShare 2008-03-20 20:40 . 2008-03-20 20:44 <DIR> d-------- C:\My Downloads 2008-03-19 18:46 . 2008-03-19 18:51 317 --a------ C:\WINDOWS\game.ini 2008-03-19 18:45 . 2008-03-19 18:48 <DIR> d-------- C:\Programfiler\Activision 2008-03-19 18:44 . 2008-03-19 18:44 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-03-19 16:58 . 2008-03-19 16:58 <DIR> d-------- C:\WINDOWS\system32\runtime 2008-03-19 16:58 . 2008-03-19 16:58 <DIR> d-------- C:\Programfiler\WallpaperScreensavers.net 2008-03-19 16:58 . 2008-03-19 16:58 4,983,401 --a------ C:\WINDOWS\system32\FxStream.scr 2008-03-19 16:57 . 2008-03-19 16:58 <DIR> d-------- C:\Programfiler\MouseRunner.com 2008-03-19 16:57 . 2008-03-19 16:57 913,144 --a------ C:\WINDOWS\system32\FxRed.scr 2008-03-19 16:53 . 2008-03-19 16:53 <DIR> d-------- C:\Programfiler\ScreenScare Blood 2008-03-19 16:50 . 2008-03-19 16:50 <DIR> d-------- C:\Programfiler\3D-Relax 2008-03-19 16:50 . 2005-12-23 13:23 827,392 --a------ C:\WINDOWS\system32\Flash.ocx 2008-03-19 16:50 . 2008-03-28 11:45 4,830 --a------ C:\log.html 2008-03-19 16:47 . 2008-03-19 16:47 18,432 --a------ C:\WINDOWS\ss3unstl.exe 2008-03-19 13:09 . 2008-03-20 02:02 <DIR> d-------- C:\Programfiler\PowerStrip 2008-03-19 02:47 . 2008-03-19 02:47 <DIR> d-------- C:\Programfiler\Desktop Sidebar 2008-03-19 02:47 . 2008-03-19 03:04 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\Desktop Sidebar 2008-03-18 22:18 . 2008-03-18 22:18 <DIR> d-------- C:\Documents and Settings\Daniel\Bluetooth Software 2008-03-18 21:23 . 2008-03-18 21:23 45,504 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-03-18 21:19 . 2008-03-18 21:19 <DIR> d-------- C:\Programfiler\Safari 2008-03-18 18:40 . 2008-03-27 11:45 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2008-03-18 18:33 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-18 18:28 . 2008-03-18 18:28 <DIR> d-------- C:\Programfiler\Eidos 2008-03-18 16:01 . 2008-03-18 16:01 1,078 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 05:51 --------- d-----w C:\Programfiler\ESET 2008-04-14 05:50 --------- d-----w C:\Documents and Settings\Daniel\Programdata\uTorrent 2008-04-13 22:22 --------- d-----w C:\Programfiler\LogMeIn 2008-04-13 11:18 --------- d-----w C:\Programfiler\Steam 2008-04-10 13:16 --------- d-----w C:\Programfiler\Winamp 2008-04-10 13:16 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Winamp 2008-04-10 12:33 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-04-10 11:35 --------- d-----w C:\Documents and Settings\Daniel\Programdata\dvdcss 2008-04-07 14:39 --------- d-----w C:\Programfiler\iTunes 2008-04-07 14:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-03-28 10:31 --------- d-----w C:\Programfiler\uTorrent 2008-03-21 13:57 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-19 16:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-19 01:06 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-03-18 20:17 --------- d-----w C:\Programfiler\Creative 2008-03-18 19:22 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Apple Computer 2008-03-18 16:40 2,106,368 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-03-18 16:40 1,973,248 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-03-13 18:54 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Creative 2008-03-13 18:26 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-03-13 13:26 --------- d-----w C:\Programfiler\YouTube Downloader 2008-03-13 12:58 --------- d-----w C:\Programfiler\Rockstar Games 2008-03-10 17:22 --------- d-----w C:\Programfiler\Bonjour 2008-03-10 17:18 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2008-03-10 17:02 --------- d-----w C:\Programfiler\Apple Software Update 2008-03-10 07:39 --------- d-----w C:\Documents and Settings\Daniel\Programdata\vlc 2008-03-10 06:48 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Ahead 2008-03-06 17:47 --------- d-----w C:\Programfiler\Logitech 2008-03-06 17:47 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-03-06 17:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2008-03-06 17:38 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-03-06 17:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-03-06 17:36 --------- d-----w C:\Programfiler\Java 2008-03-06 17:35 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2008-03-06 17:34 --------- d-----w C:\Programfiler\Nero 2008-03-06 17:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero 2008-03-06 17:33 --------- d-----w C:\Programfiler\Microsoft.NET 2008-03-06 17:33 --------- d-----w C:\Programfiler\Microsoft Works 2008-03-06 17:33 --------- d-----w C:\Programfiler\DVDFab Decrypter 3 2008-03-06 17:29 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-03-06 17:29 --------- d-----w C:\Programfiler\DAEMON Tools 2008-03-06 17:23 --------- d-----w C:\Programfiler\Guitar Pro 4 2008-03-06 17:22 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3085.sys 2008-03-06 17:22 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-06 17:22 --------- d-----w C:\Programfiler\VideoLAN 2008-03-06 17:20 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-03-06 17:20 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Thunderbird 2008-03-06 17:20 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Talkback 2008-03-06 17:19 --------- d-----w C:\Programfiler\ImgBurn 2008-03-06 17:19 --------- d-----w C:\Programfiler\CCleaner 2008-03-06 17:13 --------- d-----w C:\Programfiler\Audacity 2008-03-06 17:12 --------- d-----w C:\Programfiler\DAMN NFO Viewer 2008-03-06 17:04 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-03-06 17:04 299,392 ----a-w C:\WINDOWS\system32\imon.dll 2008-03-06 17:04 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-03-06 16:52 --------- d-----w C:\Programfiler\Realtek 2008-03-06 16:50 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-03-06 16:45 --------- d-----w C:\Programfiler\microsoft frontpage 2008-03-06 16:44 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-03-06 16:43 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll 2007-08-09 12:08 8,784 ----a-w C:\Programfiler\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 12:10 245,408 ----a-w C:\Programfiler\mozilla firefox\plugins\unicows.dll . ------- Sigcheck ------- 2004-08-04 01:14 2017280 6e719a66940b6efd6b8ac6e91f3424c3 C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe 2008-03-18 18:40 1973248 d574ca70ce8dfc9b9102a3fd73297e1e C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 00:58 2150400 4524bcacce72e9a9ff70f947a972d52e C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe 2008-03-18 18:40 2106368 9c4adce747c00e76c5a26379f70a6272 C:\WINDOWS\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 14:49 153136] "Steam"="c:\programfiler\steam\steam.exe" [2008-03-28 11:47 1271032] "uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2008-03-19 00:05 219952] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 02:15 1667584] "acebolt"="C:\DOCUME~1\Daniel\PROGRA~1\BAGSTY~1\Bias Readme.exe" [2008-03-25 22:18 432640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 18:22 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 02:04 2879488 C:\WINDOWS\SkyTel.exe] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-03-06 19:04 950664] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-11-09 14:10 1126400] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048] "PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2005-06-28 21:15 642560] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acebolt] --a------ 2008-03-25 22:18 432640 C:\DOCUME~1\Daniel\PROGRA~1\BAGSTY~1\Bias Readme.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] --------- 2005-10-27 12:00 299008 C:\Programfiler\Creative\Shared Files\CamTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 19:53 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-05-23 11:12 1314816 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater] --a------ 2006-02-26 01:41 118485 C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService] --a------ 2005-12-23 13:23 69632 C:\Programfiler\3D-Relax\The Scary Screensaver Trial\\trioService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09] R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2004-11-09 23:32] S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-14 05:00:00 C:\WINDOWS\Tasks\A243AEB290F0232E.job" - c:\docume~1\daniel\progra~1\bagsty~1\Axis test memo.exe "2008-04-07 09:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 07:52:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-14 7:53:01 ComboFix-quarantined-files.txt 2008-04-14 05:52:59 Pre-Run: 108,605,784,064 byte ledig Post-Run: 108,594,163,712 byte ledig Endret 14. april 2008 av Danielsm Lenke til kommentar
norbat Skrevet 14. april 2008 Del Skrevet 14. april 2008 Og her finnes også Messenger Plus!, antakelig med sponsorprogrammet inkludert. 1. Avinstaller MSN Plus! 2. Kjør Combofix igjen og legg ut loggen, så ser vi hva som ligger igjen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå