erlundby Skrevet 23. april 2008 Del Skrevet 23. april 2008 Hei jeg som flere andre sliter maks med pop ups. ufattelig slitsomt. Jeg har kjørt både sas og hjt. Mulig jeg trykket for fort på sas når den slettet masse filer bare jeg trykket neste, men her er iallfall begge loggene SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/23/2008 at 02:26 PM Application Version : 4.0.1154 Core Rules Database Version : 3445 Trace Rules Database Version: 1437 Scan type : Complete Scan Total Scan Time : 00:23:11 Memory items scanned : 480 Memory threats detected : 0 Registry items scanned : 4919 Registry threats detected : 16 File items scanned : 13760 File threats detected : 31 Adware.Lop [mpeg heck log link] C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\JOY COAL MPEG HECK\META LITE.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\JOY COAL MPEG HECK\META LITE.EXE Trojan.Smitfraud Variant-Gen/IEDef HKLM\Software\Classes\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}#AppID HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}#LocalizedString HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Elevation HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Elevation#Enabled HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Implemented Categories HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\InprocServer32 HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\InprocServer32#ThreadingModel HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\ProgID HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\TypeLib HKCR\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}\Version C:\WINDOWS\SYSTEM32\SYSDIVX.DLL Adware.Tracking Cookie C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\erik@tradedoubler[1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\erik@adultfriendfinder[1].txt C:\Documents and Settings\Erik\Cookies\erik@888[1].txt C:\Documents and Settings\Erik\Cookies\erik@doubleclick[2].txt C:\Documents and Settings\Erik\Cookies\erik@serving-sys[2].txt C:\Documents and Settings\Erik\Cookies\erik@mediaplex[1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\[email protected][2].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\erik@cassava[1].txt C:\Documents and Settings\Erik\Cookies\erik@fastclick[2].txt C:\Documents and Settings\Erik\Cookies\erik@adtech[2].txt C:\Documents and Settings\Erik\Cookies\erik@apmebf[1].txt C:\Documents and Settings\Erik\Cookies\erik@zedo[2].txt C:\Documents and Settings\Erik\Cookies\erik@pacificpoker[2].txt C:\Documents and Settings\Erik\Cookies\[email protected][2].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\[email protected][2].txt C:\Documents and Settings\Erik\Cookies\[email protected][2].txt C:\Documents and Settings\Erik\Cookies\erik@advertising[1].txt C:\Documents and Settings\Erik\Cookies\erik@new-pcp[1].txt C:\Documents and Settings\Erik\Cookies\erik@partypoker[2].txt C:\Documents and Settings\Erik\Cookies\[email protected][2].txt C:\Documents and Settings\Erik\Cookies\erik@xiti[1].txt C:\Documents and Settings\Erik\Cookies\erik@atdmt[2].txt HJT Logfile of HijackThis v1.99.1 Scan saved at 14:28:54, on 23.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Viewpoint\Common\ViewpointService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Skrivebord\SAS\SUPERAntiSpyware.exe C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Erik\Skrivebord\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O4 - HKLM\..\Run: [soundMAXPnP] "C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [My App] C:\Programfiler\Desktop Clock\Desktop Clock.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Date Barb] C:\DOCUME~1\Erik\PROGRA~1\TRANSS~1\Amok vga.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Skrivebord\SAS\SUPERAntiSpyware.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ASAPHook O20 - Winlogon Notify: !SASWinLogon - C:\Skrivebord\SAS\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe Kan noen hjelpe meg?? Mvh Erik Lenke til kommentar
snippsat Skrevet 23. april 2008 Del Skrevet 23. april 2008 Hei! Hent NoLop legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. post logg C:\NoLop txt. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
erlundby Skrevet 23. april 2008 Forfatter Del Skrevet 23. april 2008 Ingen fil som het nolop.txt men det var en som het nolop.log så jeg poster den NOLOP.LOG NoLop! Log by Skate_Punk_21 Fix running from: C:\Programfiler\Mozilla Firefox [23.04.2008] [14:54:51] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\B1457421914AE5E5.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- Her er også combofix loggen ComboFix 08-04-22.3 - Erik 2008-04-23 15:03:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.569 [GMT 2:00] Running from: C:\Documents and Settings\Erik\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))) . 2008-04-23 14:55 . 2008-04-23 14:57 <DIR> d-------- C:\NoLopBackups 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\SUPERAntiSpyware.com 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-18 17:44 . 2008-04-18 17:44 <DIR> d---s---- C:\Documents and Settings\Erik\UserData 2008-04-10 00:18 . 2008-04-10 00:18 <DIR> d-------- C:\Programfiler\Safari 2008-04-10 00:17 . 2008-04-10 00:17 <DIR> d-------- C:\Programfiler\iPod 2008-04-06 05:14 . 2008-04-06 23:11 <DIR> d-------- C:\Programfiler\PokerStars 2008-04-06 05:06 . 2008-04-06 23:12 <DIR> d-------- C:\Programfiler\Full Tilt Poker 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-23 12:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Joy coal mpeg heck 2008-04-23 12:00 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-22 16:51 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent 2008-04-09 22:22 --------- d-----w C:\Documents and Settings\Erik\Programdata\Apple Computer 2008-04-09 22:17 --------- d-----w C:\Programfiler\iTunes 2008-04-09 22:16 --------- d-----w C:\Programfiler\QuickTime 2008-04-06 03:06 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-26 21:09 --------- d-----w C:\Programfiler\SmartDraw 2008 2008-03-26 21:04 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-03-26 21:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-03-16 23:32 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype 2008-03-16 23:02 --------- d-----w C:\Documents and Settings\Erik\Programdata\skypePM 2008-03-12 05:16 --------- d-----w C:\Programfiler\Java 2008-02-24 16:08 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-16 09:36 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Date Barb"="C:\DOCUME~1\Erik\PROGRA~1\TRANSS~1\Amok vga.exe" [2008-02-14 15:56 402432] "SUPERAntiSpyware"="C:\Skrivebord\SAS\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 22:40 339968] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-01-14 14:21 233534] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "CognizanceTS"="rundll32.exe" [2004-08-04 14:00 33280 C:\WINDOWS\system32\rundll32.exe] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 19:44 184320] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-11-17 00:52 917504] "My App"="C:\Programfiler\Desktop Clock\Desktop Clock.exe" [ ] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2005-05-31 15:29:16 577597] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-11-05 11:37:27 184320] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Skrivebord\SAS\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Skrivebord\SAS\SASWINLO.dll 2007-04-19 12:41 294912 C:\Skrivebord\SAS\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2004-11-10 02:19 38912 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Programfiler\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-09-02 14:30] S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-06-03 22:38] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Contents of the 'Scheduled Tasks' folder "2008-03-19 07:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 15:07:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????6?1?7?4??????? ?d?B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 181 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\HPQ\IAM\Bin\asghost.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTStackServer.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\ESET\nod32krn.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-04-23 15:10:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-23 13:10:31 Pre-Run: 1,769,336,832 byte ledig Post-Run: 2,201,767,936 byte ledig 131 --- E O F --- 2008-04-08 22:35:56 Hei!Hent NoLop legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. post logg C:\NoLop txt. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
snippsat Skrevet 23. april 2008 Del Skrevet 23. april 2008 Kjør kun hjt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [Date Barb] C:\DOCUME~1\Erik\PROGRA~1\TRANSS~1\Amok vga.exe O20 - AppInit_DLLs: ASAPHook Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Etter dette bruker du pcen og gir tilbakemeldinig om problemet er borte. Husk og slå på popblocker bruker du IE. Lenke til kommentar
erlundby Skrevet 23. april 2008 Forfatter Del Skrevet 23. april 2008 Kjør kun hjt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [Date Barb] C:\DOCUME~1\Erik\PROGRA~1\TRANSS~1\Amok vga.exe O20 - AppInit_DLLs: ASAPHook Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Etter dette bruker du pcen og gir tilbakemeldinig om problemet er borte. Husk og slå på popblocker bruker du IE. Jeg så på loggen til hjt og fant hverken O2 - BHO filen eller O20 - Appint. Er det noe jeg gjør feil eller trenger jeg ikke å bry meg om de da? Du skriver og at jeg kun skal kjøre HJT, men skal jeg som du skriver litt lenger ned også kjøre ccleaner? Tusen takk for all hjelp så langt Erik Lenke til kommentar
snippsat Skrevet 23. april 2008 Del Skrevet 23. april 2008 (endret) Finner du ikke linjene er det greit. Når du er ferdig med hjt,kjører du ccleaner. Da bruker du pcen og ser om problemet er borte. Endret 23. april 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå