[LØST]Sjekk av Brodern's SAS, Combobfix og HJT

Footy · 24. mai 2008

Hei, har fulgt den guiden til punkt og prikke og ville satt pris på om noen gikk igjennom loggene... takk takk

Combofix.log..

ComboFix 08-05-21.3 - patric ligner 2008-05-24 18:17:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.238 [GMT 2:00]

Running from: C:\Documents and Settings\patric ligner\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\smdat32m.sys

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\ssprs.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))

.

2008-05-24 17:23 . 2008-05-24 17:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-05-24 17:23 . 2008-05-24 17:23 <DIR> d-------- C:\Documents and Settings\patric ligner\Application Data\SUPERAntiSpyware.com

2008-05-24 17:23 . 2008-05-24 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-05-24 17:22 . 2008-05-24 17:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-24 14:18 . 2008-05-24 14:04 691,545 --a------ C:\WINDOWS\unins000.exe

2008-05-24 14:18 . 2008-05-24 14:18 2,548 --a------ C:\WINDOWS\unins000.dat

2008-05-24 13:56 . 2008-05-24 13:56 <DIR> d-------- C:\Program Files\CCleaner

2008-05-23 18:55 . 2008-05-24 17:56 <DIR> d--h----- C:\$AVG8.VAULT$

2008-05-23 16:05 . 2008-05-24 13:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-23 16:05 . 2008-05-23 16:05 <DIR> d-------- C:\Program Files\AVG

2008-05-23 16:05 . 2008-05-23 16:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-23 16:05 . 2008-05-23 16:05 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-05-23 16:05 . 2008-05-23 16:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-23 16:01 . 2008-05-23 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-23 15:47 . 2008-05-23 15:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-05-23 12:49 . 2008-05-24 13:44 <DIR> d-------- C:\Documents and Settings\patric ligner\Application Data\AVGTOOLBAR

2008-05-19 08:52 . 2008-05-19 08:52 268 --ah----- C:\sqmdata03.sqm

2008-05-19 08:52 . 2008-05-19 08:52 244 --ah----- C:\sqmnoopt03.sqm

2008-05-06 16:41 . 2008-05-06 16:41 <DIR> d-------- C:\Program Files\Apple Software Update

2008-05-06 16:41 . 2008-05-06 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-24 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-24 12:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-23 13:56 --------- d-----w C:\Program Files\Symantec

2008-05-23 13:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-23 13:51 --------- d-----w C:\Program Files\Norton SystemWorks

2008-05-23 13:04 --------- d-----w C:\Documents and Settings\patric ligner\Application Data\SolidDocuments

2008-05-23 11:46 --------- d-----w C:\Program Files\DAEMON Tools

2008-05-23 09:57 --------- d-----w C:\Program Files\Yahoo!

2008-05-23 09:57 --------- d-----w C:\Program Files\Common Files\Scanner

2008-05-23 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-23 09:47 --------- d-----w C:\Program Files\OpenOffice.org 2.0

2008-05-23 09:39 --------- d-----w C:\Program Files\Wake up News

2008-05-19 13:50 --------- d-----w C:\Documents and Settings\patric ligner\Application Data\AdobeUM

2008-04-21 19:25 --------- d-----w C:\Program Files\Mamut

2008-04-12 14:30 --------- d-----w C:\Documents and Settings\patric ligner\Application Data\OpenOffice.org2

2008-04-02 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-05-23 16:05 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-23 16:05 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-23 16:05 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"E06AXLRD_2433629"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [2005-06-03 19:30 301776]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 19:24 68856]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 21:27 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 21:31 356352]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 02:53 88363 C:\WINDOWS\AGRSMMSG.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 08:49 110592]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 08:47 618496]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2004-08-07 00:04 32768]

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2004-07-27 01:39 49152]

"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-17 00:28 20480]

"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2004-07-27 00:52 204800]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2004-09-07 00:11 73728]

"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-03-03 01:41 77824]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-04 07:10 335872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 04:14 36975]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 10:05 185896]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-23 16:05 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-05-18 02:11]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-23 16:05]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 21:27]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-23 16:05]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 16:05]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-23 16:05]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-05-06 14:41:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-24 18:19:27

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-24 18:20:28

ComboFix-quarantined-files.txt 2008-05-24 16:20:24

Pre-Run: 49,950,482,432 bytes free

Post-Run: 49,989,640,192 bytes free

148 --- E O F --- 2008-05-24 11:41:32

SAS.log

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/24/2008 at 06:07 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468

Trace Rules Database Version: 1459

Scan type : Complete Scan

Total Scan Time : 00:41:52

Memory items scanned : 442

Memory threats detected : 0

Registry items scanned : 4889

Registry threats detected : 0

File items scanned : 18554

File threats detected : 5

Adware.Tracking Cookie

C:\Documents and Settings\b\Cookies\[email protected][2].txt

C:\Documents and Settings\b\Cookies\[email protected][1].txt

C:\Documents and Settings\b\Cookies\[email protected][2].txt

.adtech.de [ C:\Documents and Settings\patric ligner\Application Data\Mozilla\Firefox\Profiles\ehj209xs.default\cookies.txt ]

Adware.WhenU

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F48F1A2B-8EFE-4B10-B624-36932A8A2D75}\RP260\A0228310.EXE

SAS rebootet maskinen og fjernet det den fant

HJT.log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:32:42, on 24.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Wistron\AVManager\AVManager.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Test\test.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [E06AXLRD_2433629] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 8757 bytes

Håper alt er postet etter ønske

Endret 25. mai 2008 av Footy

norbat · 24. mai 2008

- og loggene (hjt, combofix) ser begge fine ut. Ingen tegn til noe malware :thumbup:

Du kan la hjt fixe følgende to linjer:

(start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Footy · 25. mai 2008

Takker norbit, engel som alltid!

r2d290 · 25. mai 2008

Du må avinstallere combofix: start->kjør

Skriv: combofix /u (og trykk enter)

Dette vil fjerne programmet, fjerne midlertidige filer, og nullstille gjenoprettingsmappa di, så du kan sette maskinen tilbake til dagens tidspunkt hvis du skulle få noen nye problemer med pc-en.

Vil anbefale deg å beholde SAS. Hold det oppdatert, og kjør det regelmessig.

Du kan endre emnetittelen hvis du mener problemet har løst seg.

Rediger førsteposten din med FULL redigering, og skriv:

[LØST]

foran emnetittelen din. Dette vil bidra til å holde forumet ryddig

Logg inn

[LØST]Sjekk av Brodern's SAS, Combobfix og HJT

Anbefalte innlegg

Footy

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Footy

Lenke til kommentar

r2d290

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen 1 2 3 4 5

Woke i moderne underholdningsindustri 1 2 3 4 505

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3570

Elbil-tråden 1 2 3 4 1014

Hvem er aktive 0 medlemmer