grungewhore Skrevet 14. april 2008 Del Skrevet 14. april 2008 (endret) Har klart å få noe greier på maskinen min som har disable task manager, å legger til en fake "warning" i taskbarn min, hva er dette og hvordan blir jeg kvitt det? Fant noe greier i legg til/fjern programmer som jeg ikke kan kjennes med, og som ikke kunne fjernes.. WebVideo support het det. Endret 14. april 2008 av grungewhore Lenke til kommentar
snippsat Skrevet 14. april 2008 Del Skrevet 14. april 2008 Hei! Vil se noen logger,så fixer vi det. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 Hijack This: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:19:56, on 14.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Application Data\xsxolkvy\lmdabsxi.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Quick Launch Button\QLButton.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Ideazon\ZEngine\Zboard.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\BisonCam\BisonMnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\zmvifuhe.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QLButton] C:\Program Files\Quick Launch Button\QLButton.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [bisonMnt] C:\WINDOWS\BisonCam\BisonMnt.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [202151fc] rundll32.exe "C:\WINDOWS\system32\uwiouyne.dll",b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [xpctcklv] C:\WINDOWS\system32\zmvifuhe.exe O4 - HKLM\..\Policies\Explorer\Run: [prfO2WmyGY] C:\Documents and Settings\All Users\Application Data\xsxolkvy\lmdabsxi.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Gamesurround Muse Pocket.lnk = C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7673 bytes Combo Fix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-13.3 - grungewhore 2008-04-14 19:23:42.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1126 [GMT 2:00] Running from: C:\Documents and Settings\grungewhore\Desktop\combofix\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PC-Cleaner C:\WINDOWS\system32\enyuoiwu.ini C:\WINDOWS\system32\mlJBQKAP.dll C:\WINDOWS\system32\mlJYsSlM.dll C:\WINDOWS\system32\MlSsYJlm.ini C:\WINDOWS\system32\MlSsYJlm.ini2 C:\WINDOWS\system32\uwiouyne.dll C:\WINDOWS\system32\X86 C:\WINDOWS\system32\X86\License.rtf C:\WINDOWS\system32\X86\Readme.txt C:\WINDOWS\system32\X86\setup.exe F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-14 19:19 . 2008-04-14 19:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-14 18:50 . 2008-04-14 18:50 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-14 18:50 . 2008-04-14 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-14 02:24 . 2008-04-14 01:32 229,376 --a------ C:\WINDOWS\ogxtsepr.dll 2008-04-14 02:24 . 2008-04-14 01:33 81,920 --a------ C:\WINDOWS\spnkfwad.exe 2008-04-14 02:23 . 2008-04-14 02:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\xsxolkvy 2008-04-14 02:23 . 2008-04-14 02:23 98,304 --a------ C:\WINDOWS\system32\zmvifuhe.exe 2008-04-13 17:23 . 2008-04-13 17:23 <DIR> d-------- C:\Documents and Settings\grungewhore\Application Data\Warsow 2008-04-07 23:20 . 2008-04-07 23:21 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 16:38 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-06 16:38 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-04 12:12 . 2008-04-04 12:12 <DIR> d-------- C:\Program Files\iTunes 2008-04-04 12:12 . 2008-04-04 12:12 <DIR> d-------- C:\Program Files\iPod 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 17:32 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\Skype 2008-04-14 17:01 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\uTorrent 2008-04-14 16:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-14 15:34 --------- d-----w C:\Program Files\PC Wizard 2008 2008-04-14 15:30 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer 2008-04-14 15:30 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-14 14:51 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\skypePM 2008-04-11 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-08 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2008-04-08 19:29 --------- d-----w C:\Program Files\NCH Swift Sound 2008-04-07 13:46 --------- d-----w C:\Program Files\Opera 2008-04-04 10:11 --------- d-----w C:\Program Files\QuickTime 2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2008-03-27 17:14 --------- d-----w C:\Program Files\Java 2008-03-26 20:07 --------- d-----w C:\Program Files\MediaMonkey 2008-03-25 04:05 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\Apple Computer 2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 06:50 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-06 18:08 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\dvdcss 2008-03-02 22:33 --------- d-----w C:\Program Files\NCH Software 2008-03-02 22:33 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\NCH Swift Sound 2008-03-02 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-03-02 03:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-02 03:01 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 04:04 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount 2008-02-16 13:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-02-18 22:41 1694208] "xpctcklv"="C:\WINDOWS\system32\zmvifuhe.exe" [2008-04-14 02:23 98304] "puaznuwe"="C:\WINDOWS\system32\buxydkrc.exe" [2008-04-14 19:33 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-27 01:52 8523776] "nwiz"="nwiz.exe" [2007-11-27 01:52 1626112 C:\WINDOWS\system32\nwiz.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11 692316] "QLButton"="C:\Program Files\Quick Launch Button\QLButton.exe" [2005-01-06 13:53 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl] "Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-04-03 19:46 57344] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384] "BisonMnt"="C:\WINDOWS\BisonCam\BisonMnt.exe" [2005-04-13 12:25 176128] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-27 01:52 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2007-02-18 23:38 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-08-20 11:17:55 1385400] Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe [2007-08-03 23:13:24 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "prfO2WmyGY"= C:\Documents and Settings\All Users\Application Data\xsxolkvy\lmdabsxi.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-03-20 10:49] R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 10:49] R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2004-04-26 09:49] . Contents of the 'Scheduled Tasks' folder "2008-04-11 07:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . Lenke til kommentar
snippsat Skrevet 14. april 2008 Del Skrevet 14. april 2008 Kopiere fet tekst->lim inn i notisblokk. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet,Post logg c:\combofix.txt File:: C:\WINDOWS\ogxtsepr.dll C:\WINDOWS\spnkfwad.exe C:\WINDOWS\system32\zmvifuhe.exe Folder:: C:\Documents and Settings\All Users\Application Data\xsxolkvy Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "xpctcklv"=- "puaznuwe"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "prfO2WmyGY"=- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Restart og en ny HijackThis logg. Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 (endret) Takk Endret 14. april 2008 av grungewhore Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-13.3 - grungewhore 2008-04-14 20:11:20.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1419 [GMT 2:00] Running from: C:\Documents and Settings\grungewhore\Desktop\combofix\ComboFix.exe Command switches used :: C:\Documents and Settings\grungewhore\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\ogxtsepr.dll C:\WINDOWS\spnkfwad.exe C:\WINDOWS\system32\zmvifuhe.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\xsxolkvy C:\Documents and Settings\All Users\Application Data\xsxolkvy\lmdabsxi.exe C:\WINDOWS\ogxtsepr.dll C:\WINDOWS\spnkfwad.exe C:\WINDOWS\system32\zmvifuhe.exe . ---- Previous Run ------- . C:\Program Files\PC-Cleaner C:\WINDOWS\system32\enyuoiwu.ini C:\WINDOWS\system32\mlJBQKAP.dll C:\WINDOWS\system32\mlJYsSlM.dll C:\WINDOWS\system32\MlSsYJlm.ini C:\WINDOWS\system32\MlSsYJlm.ini2 C:\WINDOWS\system32\uwiouyne.dll C:\WINDOWS\system32\X86 C:\WINDOWS\system32\X86\License.rtf C:\WINDOWS\system32\X86\Readme.txt C:\WINDOWS\system32\X86\setup.exe F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-14 19:33 . 2008-04-14 19:33 90,112 --a------ C:\WINDOWS\system32\buxydkrc.exe 2008-04-14 19:19 . 2008-04-14 19:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-14 18:50 . 2008-04-14 18:50 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-14 18:50 . 2008-04-14 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-13 17:23 . 2008-04-13 17:23 <DIR> d-------- C:\Documents and Settings\grungewhore\Application Data\Warsow 2008-04-07 23:20 . 2008-04-07 23:21 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 16:38 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-06 16:38 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-04 12:12 . 2008-04-04 12:12 <DIR> d-------- C:\Program Files\iTunes 2008-04-04 12:12 . 2008-04-04 12:12 <DIR> d-------- C:\Program Files\iPod 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 17:49 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\Skype 2008-04-14 17:33 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\skypePM 2008-04-14 17:01 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\uTorrent 2008-04-14 16:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-14 15:34 --------- d-----w C:\Program Files\PC Wizard 2008 2008-04-14 15:30 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer 2008-04-14 15:30 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-11 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-08 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2008-04-08 19:29 --------- d-----w C:\Program Files\NCH Swift Sound 2008-04-07 13:46 --------- d-----w C:\Program Files\Opera 2008-04-04 10:11 --------- d-----w C:\Program Files\QuickTime 2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2008-03-27 17:14 --------- d-----w C:\Program Files\Java 2008-03-26 20:07 --------- d-----w C:\Program Files\MediaMonkey 2008-03-25 04:05 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\Apple Computer 2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 06:50 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-06 18:08 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\dvdcss 2008-03-02 22:33 --------- d-----w C:\Program Files\NCH Software 2008-03-02 22:33 --------- d-----w C:\Documents and Settings\grungewhore\Application Data\NCH Swift Sound 2008-03-02 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-03-02 03:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-02 03:01 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 04:04 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount 2008-02-16 13:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-02-18 22:41 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-27 01:52 8523776] "nwiz"="nwiz.exe" [2007-11-27 01:52 1626112 C:\WINDOWS\system32\nwiz.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11 692316] "QLButton"="C:\Program Files\Quick Launch Button\QLButton.exe" [2005-01-06 13:53 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl] "Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-04-03 19:46 57344] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384] "BisonMnt"="C:\WINDOWS\BisonCam\BisonMnt.exe" [2005-04-13 12:25 176128] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-27 01:52 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2007-02-18 23:38 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-08-20 11:17:55 1385400] Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe [2007-08-03 23:13:24 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-03-20 10:49] R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 10:49] R3 MPUSens;MPUSens;C:\WINDOWS\system32\drivers\MPUSens.sys [2004-04-26 09:49] . Contents of the 'Scheduled Tasks' folder "2008-04-11 07:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 20:12:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-14 20:12:57 ComboFix-quarantined-files.txt 2008-04-14 18:12:55 Pre-Run: 3,461,906,432 bytes free Post-Run: 3,448,745,984 bytes free . 2008-04-14 01:12:31 --- E O F --- Lenke til kommentar
snippsat Skrevet 14. april 2008 Del Skrevet 14. april 2008 (endret) Lag et CFScript.txt med fet tekst samme som over. Trenger ikke combofix logg. C:\WINDOWS\system32\buxydkrc.exe Bare forsett med resten. Endret 14. april 2008 av SNIPPSAT Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 04/14/2008 at 08:51 PM Application Version : 4.0.1154 Core Rules Database Version : 3437 Trace Rules Database Version: 1429 Scan type : Complete Scan Total Scan Time : 00:30:03 Memory items scanned : 531 Memory threats detected : 0 Registry items scanned : 5083 Registry threats detected : 0 File items scanned : 15057 File threats detected : 9 Trojan.Unclassified-Packed/Suspicious C:\PROGRAM FILES\ACE MEGA CODECS PACK\UTILITIES\ABCAVI TAG EDITOR\ABCAVIIT.DLL C:\PROGRAM FILES\ACE MEGA CODECS PACK\UTILITIES\AVI CODECS\ABCAVI TAG EDITOR\ABCAVIIT.DLL Adware.WhenU C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP262\A0050915.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP262\A0050916.EXE Trojan.Vundo-Variant/F C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP264\A0050948.DLL Adware.Vundo-Variant/Small-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP264\A0050949.DLL Trojan.Unclassified/Multi-Dropper (Packed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP265\A0052033.EXE Trojan.Unclassified/Multi-Dropper C:\SYSTEM VOLUME INFORMATION\_RESTORE{86523B64-35F2-4A74-AE13-25AC89B8F602}\RP265\A0052036.EXE C:\WINDOWS\SYSTEM32\BUXYDKRC.EXE Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 Hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:03:10, on 14.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Quick Launch Button\QLButton.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Ideazon\ZEngine\Zboard.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\BisonCam\BisonMnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QLButton] C:\Program Files\Quick Launch Button\QLButton.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [bisonMnt] C:\WINDOWS\BisonCam\BisonMnt.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Gamesurround Muse Pocket.lnk = C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7858 bytes Lenke til kommentar
snippsat Skrevet 14. april 2008 Del Skrevet 14. april 2008 Da ser det bra ut Du får bruke den litt kjører den greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf Trygt. Lenke til kommentar
grungewhore Skrevet 14. april 2008 Forfatter Del Skrevet 14. april 2008 Takk for all hjelp:) får vel se om jeg finner en bedre løsning en avast. Lenke til kommentar
snippsat Skrevet 14. april 2008 Del Skrevet 14. april 2008 Kjør dette bra og gratis. Avira+Online Armor(Free edition) Lenke til kommentar
r2d290 Skrevet 14. april 2008 Del Skrevet 14. april 2008 Fortsetter maskinen bra, kan du endre emnetittelen din: Rediger førsteinlegg med FULL REDIGERING, og skriv: [LØST] Foran emnetittelen din. Dette vil gjøre det mer ryddig på forumet Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå