ninjasinni Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 (endret) Håper noen kan hjelpe meg litt her.. fått en trojan etc som heter winampaa.exe i prosesser. Gjort en del saker og ting, men fortsatt ikke sikker på om den borte! Sikkert mye annet dritt som ikke skal være der også. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\programfiler\powerstrip\pstrip.exe C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sindre\Desktop\hjt\mordi.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] C:\Programfiler\steam\Steam.exe -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe Endret 26. mai 2008 av ninjasinni Lenke til kommentar
snippsat Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
ninjasinni Skrevet 26. mai 2008 Forfatter Del Skrevet 26. mai 2008 ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))) . 2008-05-26 20:59 . 2008-05-26 20:59 <DIR> d-------- C:\Program Files\CCleaner 2008-05-26 12:51 . 2008-05-26 12:51 6 --a------ C:\WINDOWS\youtubed.ocx 2008-05-26 12:50 . 2008-05-26 13:33 <DIR> d-------- C:\tmpDownload 2008-05-26 12:48 . 2008-05-26 12:51 <DIR> d-------- C:\Program Files\YoutubeGet 2008-05-26 12:09 . 2008-05-26 12:10 <DIR> d-------- C:\Program Files\Tele-Streamer v1.0 2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Documents and Settings\Sindre\Application Data\SUPERAntiSpyware.com 2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2008-05-20 22:41 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-05-20 22:23 . 2008-05-21 17:56 <DIR> d-------- C:\Documents and Settings\Sindre\Application Data\HouseCall 6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 19:42 --------- d-----w C:\Documents and Settings\Sindre\Application Data\Skype 2008-05-26 19:35 --------- d-----w C:\Program Files\DC++ 2008-05-26 19:04 --------- d-----w C:\Documents and Settings\Sindre\Application Data\NoNameScript 2008-05-26 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 16:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 15:53 --------- d-----w C:\Program Files\PokerStars 2008-05-18 18:26 --------- d-----w C:\Program Files\Winamp 2008-04-22 19:40 --------- d-----w C:\Program Files\Bethesda Softworks 2008-04-20 10:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-04-20 10:14 --------- d-----w C:\Program Files\Microsoft DirectX SDK (March 2008) 2008-04-20 09:24 --------- d-----w C:\Documents and Settings\Sindre\Application Data\Ubisoft 2008-04-20 09:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft 2008-04-18 20:05 --------- d-----w C:\Documents and Settings\Sindre\Application Data\LimeWire 2008-04-10 20:49 --------- d-----w C:\Program Files\FM Modifier 2.2 2008-04-08 22:39 --------- d-----w C:\Documents and Settings\Sindre\Application Data\dvdcss 2008-04-05 17:23 --------- d-----w C:\Documents and Settings\Sindre\Application Data\mIRC 2008-04-05 16:44 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-03 21:13 --------- d-----w C:\Program Files\Java 2008-04-02 21:59 --------- d-----w C:\Program Files\HLSW 2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 13:56 3,952,144 ----a-w C:\WINDOWS\system32\D3DX9d_37.dll 2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll 2007-11-24 21:45 22,328 ----a-w C:\Documents and Settings\Sindre\Application Data\PnkBstrK.sys 2006-02-26 14:21 23,040 ----a-w C:\Program Files\AttestSindre[2].doc 2004-08-04 10:00 158,720 --sh--r C:\WINDOWS\system32\winampaa.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-26_21.07.58,50 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-25 15:39:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-26 19:36:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-26 19:36:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "Steam"="C:\Programfiler\steam\Steam.exe" [2008-03-28 21:54 1271032] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 18:53 131072] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 22:10 344064] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-06-16 02:27 568096] "MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704] "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920] "avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 18:34 213936] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624] "PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2007-04-08 15:22 721656] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] "RefreshLock"="C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe" [2005-11-02 22:51 193266] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= L3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\steam\\SteamApps\\sindreandersen\\counter-strike\\hl.exe"= "C:\\Program Files\\HLSW\\hlsw.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\WINDOWS\\system32\\winampaa.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-08-01 09:09] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 11:35] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-08-01 09:09] S2 vcs;vcs;C:\Documents and Settings\Sindre\Desktop\h4x\vcs.sys [] Lenke til kommentar
snippsat Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe --- Kjør ccleaner som du har sånn. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Og sas som du har. Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart og en ny HijackThis logg. Endret 26. mai 2008 av SNIPPSAT Lenke til kommentar
ninjasinni Skrevet 26. mai 2008 Forfatter Del Skrevet 26. mai 2008 (endret) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\programfiler\powerstrip\pstrip.exe C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Programfiler\steam\Steam.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sindre\Desktop\hjt\mordi.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] C:\Programfiler\steam\Steam.exe -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe Endret 26. mai 2008 av ninjasinni Lenke til kommentar
snippsat Skrevet 26. mai 2008 Del Skrevet 26. mai 2008 Da ser det bra ut Bruk pcen litt kjører den greit gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
Gjest medlem-105082 Skrevet 27. mai 2008 Del Skrevet 27. mai 2008 (endret) Glem det. Feil tråd. Endret 27. mai 2008 av medlem-105082 Lenke til kommentar
r2d290 Skrevet 27. mai 2008 Del Skrevet 27. mai 2008 Hvis du mener problemet er løst: endre emnetittelen din, ved å redigere førsteinlegget ditt med full redigering, og skriv: [LØST] foran emnetittelen din. dette vil bidra til å holde forumet ryddig Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå