Gjest Slettet+oiasdf79 Skrevet 27. april 2008 Del Skrevet 27. april 2008 (endret) Hadde noen giddet å se igjennom denne Combofix-loggen for meg?.. ComboFix 08-04-24.1 - Eier 2008-04-27 15:33:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.185 [GMT 2:00] Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\VirusHeat 4.3 C:\Programfiler\VirusHeat 4.3\blacklist.txt C:\Programfiler\VirusHeat 4.3\Lang\English.ini C:\Programfiler\VirusHeat 4.3\msvcp71.dll C:\Programfiler\VirusHeat 4.3\msvcr71.dll C:\Programfiler\VirusHeat 4.3\uninst.exe C:\Programfiler\VirusHeat 4.3\vht.dat C:\Programfiler\VirusHeat 4.3\VirusHeat 4.3.url C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dcggain.dll C:\WINDOWS\system32\dvdjjxid.dll C:\WINDOWS\system32\EKnXxGgh.ini C:\WINDOWS\system32\EKnXxGgh.ini2 C:\WINDOWS\system32\fecgpcbg.dll C:\WINDOWS\system32\hgGxXnKE.dll C:\WINDOWS\system32\kctooraw.dll C:\WINDOWS\system32\kdfpf.exe C:\WINDOWS\system32\loclsdqf.dll C:\WINDOWS\system32\pmnllkKB.dll C:\WINDOWS\system32\qiguaqfx.ini C:\WINDOWS\system32\sbkkflom.dll C:\WINDOWS\system32\xfqaugiq.dll C:\WINDOWS\system32\xspaeaps.dll . ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))) . 2008-04-19 18:16 . 2008-04-26 10:54 1,505,439 ---hs---- C:\WINDOWS\system32\bjvoyqxx.ini 2008-04-19 18:11 . 2008-04-27 15:15 109,734 --a------ C:\WINDOWS\BM4bddf77e.xml 2008-04-19 18:05 . 2008-04-19 18:15 <DIR> d-------- C:\WINDOWS\system32\892267 2008-04-07 22:48 . 2008-04-07 22:49 <DIR> d-------- C:\WINDOWS\system32\209789 2008-04-04 18:04 . 2008-04-05 13:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-04-02 22:30 . 2008-04-04 18:00 <DIR> d-------- C:\Programfiler\Norton Security Scan 2008-04-02 22:28 . 2008-04-02 22:29 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-01 16:52 . 2008-04-01 16:52 <DIR> d-------- C:\Genius 2008-04-01 16:52 . 2008-04-01 16:52 325 --a------ C:\WINDOWS\Begynn † l‘re.ini 2008-04-01 16:51 . 2008-04-01 16:51 <DIR> d-------- C:\Documents and Settings\Eier\WINDOWS 2008-04-01 16:51 . 1997-05-29 16:28 314,368 --a------ C:\WINDOWS\IsUn0414.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-27 13:40 --------- d-----w C:\Documents and Settings\Eier\Programdata\Skype 2008-04-27 13:15 --------- d-----w C:\Documents and Settings\Eier\Programdata\skypePM 2008-04-19 16:39 --------- d-----w C:\Programfiler\BrowsingEnhancer 2008-03-26 07:38 --------- d-----w C:\Programfiler\FBrowsingAdvisor 2008-03-26 07:38 --------- d-----w C:\Programfiler\FBrowserAdvisor 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-10 20:01 --------- d-----w C:\Programfiler\Java 2008-03-10 19:54 --------- d-----w C:\Programfiler\CDex_150 2008-03-02 20:01 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-29 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-06 19:37 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2008-01-13 21:34 45,568 --sh--r C:\WINDOWS\lssas.exe 2008-01-03 20:53 900 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnllkKB] pmnllkKB.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\UltraVNC\\winvnc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 06:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09342878-b32d-11db-935b-806d6172696f}] \Shell\AutoRun\command - E:\Setup.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-04 16:41:05 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 15:39:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 342 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-04-27 15:43:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-27 13:43:11 Pre-Run: 2,644,205,568 byte ledig Post-Run: 2,748,018,688 byte ledig 140 --- E O F --- 2008-04-19 16:45:00 Endret 27. april 2008 av Slettet+oiasdf79 Lenke til kommentar
norbat Skrevet 27. april 2008 Del Skrevet 27. april 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\bjvoyqxx.ini C:\WINDOWS\BM4bddf77e.xml C:\WINDOWS\lssas.exe Folder:: C:\WINDOWS\system32\892267 C:\WINDOWS\system32\209789 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnllkKB] Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post den ny Combofix-loggen sammen med SAS-loggen (preferences->statistics/logs) Lenke til kommentar
Gjest Slettet+oiasdf79 Skrevet 27. april 2008 Del Skrevet 27. april 2008 SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/27/2008 at 04:11 PM Application Version : 4.0.1154 Core Rules Database Version : 3448 Trace Rules Database Version: 1440 Scan type : Quick Scan Total Scan Time : 00:05:38 Memory items scanned : 384 Memory threats detected : 0 Registry items scanned : 309 Registry threats detected : 0 File items scanned : 4997 File threats detected : 8 Adware.Tracking Cookie C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\[email protected][1].txt C:\Documents and Settings\Eier\Cookies\[email protected][2].txt C:\Documents and Settings\Eier\Cookies\eier@adtech[1].txt Rogue.VirusHeat C:\Documents and Settings\Eier\Start-meny\Programmer\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk C:\Documents and Settings\Eier\Start-meny\Programmer\VirusHeat 4.3\VirusHeat 4.3 Website.lnk C:\Documents and Settings\Eier\Start-meny\Programmer\VirusHeat 4.3\VirusHeat 4.3.lnk C:\Documents and Settings\Eier\Start-meny\Programmer\VirusHeat 4.3 Combofix ComboFix 08-04-24.1 - Eier 2008-04-27 15:59:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.219 [GMT 2:00] Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Eier\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\BM4bddf77e.xml C:\WINDOWS\lssas.exe C:\WINDOWS\system32\bjvoyqxx.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url C:\Documents and Settings\All Users\Skrivebord\Security Troubleshooting.url C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url C:\Documents and Settings\Eier\Favoritter\Online Security Test.url C:\WINDOWS\BM4bddf77e.xml C:\WINDOWS\images.zip C:\WINDOWS\lssas.exe C:\WINDOWS\system32\209789 C:\WINDOWS\system32\892267 C:\WINDOWS\system32\bjvoyqxx.ini . ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))) . 2008-04-04 18:04 . 2008-04-05 13:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-04-02 22:30 . 2008-04-04 18:00 <DIR> d-------- C:\Programfiler\Norton Security Scan 2008-04-02 22:28 . 2008-04-02 22:29 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-01 16:52 . 2008-04-01 16:52 <DIR> d-------- C:\Genius 2008-04-01 16:52 . 2008-04-01 16:52 325 --a------ C:\WINDOWS\Begynn å lære.ini 2008-04-01 16:51 . 2008-04-01 16:51 <DIR> d-------- C:\Documents and Settings\Eier\WINDOWS 2008-04-01 16:51 . 1997-05-29 16:28 314,368 --a------ C:\WINDOWS\IsUn0414.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-27 13:49 --------- d-----w C:\Documents and Settings\Eier\Programdata\Skype 2008-04-27 13:15 --------- d-----w C:\Documents and Settings\Eier\Programdata\skypePM 2008-04-19 16:39 --------- d-----w C:\Programfiler\BrowsingEnhancer 2008-03-26 07:38 --------- d-----w C:\Programfiler\FBrowsingAdvisor 2008-03-26 07:38 --------- d-----w C:\Programfiler\FBrowserAdvisor 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-10 20:01 --------- d-----w C:\Programfiler\Java 2008-03-10 19:54 --------- d-----w C:\Programfiler\CDex_150 2008-03-02 20:01 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-29 20:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-06 19:37 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2008-01-03 20:53 900 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\UltraVNC\\winvnc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 06:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09342878-b32d-11db-935b-806d6172696f}] \Shell\AutoRun\command - E:\Setup.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-04 16:41:05 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 15:59:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-27 16:01:24 ComboFix-quarantined-files.txt 2008-04-27 14:01:15 ComboFix2.txt 2008-04-27 13:43:16 Pre-Run: 2,791,751,680 byte ledig Post-Run: 2,783,318,016 byte ledig 113 --- E O F --- 2008-04-19 16:45:00 Lenke til kommentar
norbat Skrevet 27. april 2008 Del Skrevet 27. april 2008 Fint, Så poster du en hjt-logg til slutt, så ser vi om det er noe mer som bør gjøres: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Gjest Slettet+oiasdf79 Skrevet 27. april 2008 Del Skrevet 27. april 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:45, on 2008-04-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\PowerISO\PWRISOVM.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.homepagecause.com/?cm=816643&am....startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) -- End of file - 6123 bytes Lenke til kommentar
norbat Skrevet 27. april 2008 Del Skrevet 27. april 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) Klikk Start->Kjør Skriv: cmd (klikk: Enter eller trykk OK] Fra ledetekst skriver du følgende (Trykk Enter etter linjene): sc stop psexesvc sc delete psexesvc Lukk cmd Restart PC-en og sjekk at linja som ble fjernet over (023......) ikke finnes i hjt-loggen. Du trenger ikke å poste loggen. Gi tilbakemelding på hvordan PC-en kjører. Lenke til kommentar
Gjest Slettet+oiasdf79 Skrevet 27. april 2008 Del Skrevet 27. april 2008 Sånn, Mission Complete. Da virker det som om alt av rask er vekke. Virker som maskinen kjører stabilt..Takk for hjelpen.. Lenke til kommentar
norbat Skrevet 27. april 2008 Del Skrevet 27. april 2008 Fint Du kan avisntallere combofix ved å skrive combofix /u fra kjør-feltet (start->kjør). Dette fjerner programmet samt nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå