ejv Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Her vært så DUM å trykket på en msn link å fått virus!!! Har lastet ned hijack this og legger ved combofix loggen Kan noen hjelpe?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:04, on 04.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\ezNTSvc.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Google\Gmail Notifier\gnotify.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Programfiler\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AAWTray] C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [MSN] scvhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: ymetray.lnk = C:\Programfiler\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jette77.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97443CD6-619C-4C49-8E9B-63856632AEC2}: NameServer = 193.75.75.75 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10375 bytes Endret 5. juni 2008 av ejv Lenke til kommentar
r2d290 Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Venter fortsatt på combofix-logg. Det du har postet er en hijackthis-log Etter at du har gitt oss en combofix-logg, og venter på respons, kan du vurdere om du virkelig har behov for SWEETIM. Du kan avinstallere det fra legg til/fjern programmer dersom du ikke ønsker det... Hva med SweetIM, Messenger Plus! o.l Det største problemet med disse programmene er at de, om de ikke selv nødvendigvis inneholder spyware (i Messenger Pluss! har du muligheten til ikke å installere sponsorprogrammet), støtter de bruken samt har et noe slapt forhold til det å dele informasjon som du som bruker legger igjen i disse programmene med tredjepart. Sjekk litt før du ukritisk installerer slike programmer. Endret 4. juni 2008 av r2d290 Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [MSN] scvhost.exe viser at du er infisert. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
ejv Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exeO4 - HKLM\..\Run: [MSN] scvhost.exe viser at du er infisert. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Hei,hei. Nå har jeg kjørt combofix,å legger ved loggfilen: ComboFix 08-06-03.4 - Jette 2008-06-04 23:08:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.535 [GMT 2:00] Running from: C:\Documents and Settings\Jette\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\images.zip D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))) . 2008-06-04 13:04 . 2008-06-04 13:04 <DIR> dr-h----- C:\Documents and Settings\Jette\Siste 2008-06-04 12:54 . 2008-06-04 12:54 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-04 05:44 . 2008-06-04 05:48 1,216 --a------ C:\WINDOWS\webdl.exe 2008-06-03 20:50 . 2008-06-03 20:50 61,444 --a------ C:\WINDOWS\scvhosted.exe 2008-06-02 20:34 . 2008-06-04 20:59 <DIR> d-------- C:\Programfiler\Panda Security 2008-06-02 19:17 . 2008-06-04 20:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-02 19:17 . 2008-06-04 20:53 <DIR> d-------- C:\Documents and Settings\Jette\Programdata\SUPERAntiSpyware.com 2008-06-02 19:17 . 2008-06-02 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-02 01:23 . 2008-06-02 01:23 <DIR> d-------- C:\Documents and Settings\Jette\Programdata\Malwarebytes 2008-06-02 01:23 . 2008-06-02 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-06-02 00:58 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-02 00:22 . 2008-06-02 00:22 53,252 -r-hs---- C:\WINDOWS\ehSched.exe 2008-05-29 20:40 . 2008-06-04 20:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-29 20:40 . 2008-05-29 20:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\Programfiler\iTunes 2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\Programfiler\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 18:55 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-06-04 18:53 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-04 18:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-04 18:46 --------- d-----w C:\Programfiler\Java 2008-06-04 18:37 --------- d-----w C:\Programfiler\Bonjour 2008-06-04 08:32 --------- d-----w C:\Documents and Settings\Jette\Programdata\Azureus 2008-06-04 06:00 --------- d-----w C:\Documents and Settings\Jette\Programdata\AVG7 2008-05-29 18:38 --------- d-----w C:\Programfiler\QuickTime 2008-05-08 19:57 --------- d-----w C:\Programfiler\LimeWire 2008-04-30 12:19 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-04-30 12:15 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-04-30 12:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-30 12:11 --------- d-----w C:\Documents and Settings\Jette\Programdata\DAEMON Tools 2008-04-30 11:54 --------- d-----w C:\Programfiler\FlashFXP 2008-04-30 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\FlashFXP 2008-04-20 22:17 --------- d-----w C:\Programfiler\Azureus 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 13:45 3,846 ----a-w C:\Documents and Settings\Jette\Programdata\wklnhst.dat 2007-03-16 14:00 16,739 ----a-r C:\Programfiler\_12_57bcca80acb4c144c0b1bf0a1e14149a . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 00:17 68856] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016] "nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52 643072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 08:05 579584] "AAWTray"="C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Windows UDP Control Center"="ehSched.exe" [2008-06-02 00:22 53252 C:\WINDOWS\ehSched.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 08:06 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Pavilion Webcam Tray Icon.lnk - C:\Programfiler\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-01 06:15:20 98304] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] ymetray.lnk - C:\Programfiler\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableLockWorkstation"= 0 (0x0) "DisableChangePassword"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\WINDOWS\system32\EZUPBH~1.DLL [2007-03-10 02:41 49152] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16137:TCP"= 16137:TCP:BitComet 16137 TCP "16137:UDP"= 16137:UDP:BitComet 16137 UDP R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\WINDOWS\system32\ezNTSvc.exe [2007-03-10 02:41] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-23 14:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-05-06 22:10:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-11-15 18:50:00 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 23:09:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????Y??????R?@?????,?@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AAWTray"="C:\\Programfiler\\Lavasoft\\Ad-Aware 2007\\AAWTray.exe" . Completion time: 2008-06-04 23:11:04 ComboFix-quarantined-files.txt 2008-06-04 21:10:36 Pre-Run: 83,389,693,952 byte ledig Post-Run: 83,529,465,856 byte ledig 161 --- E O F --- 2008-05-17 01:01:30 Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Last ned MSNFix, og pakk det ut på skrivebordet. Kjør filen 'MSNFix.bat'. Følg veiledningen Det lages en logg som du poster. Lenke til kommentar
ejv Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Last ned MSNFix, og pakk det ut på skrivebordet.Kjør filen 'MSNFix.bat'. Følg veiledningen Det lages en logg som du poster. Hei igjen! Da har jeg kjørt MSNFix og her er loggen: MSNFix 1.720 C:\Documents and Settings\Jette\Skrivebord\MSNFix Søk ferdig på 05.06.2008 - 0:15:21,78 By Jette normalmodus ************************ Finner filer ... C:\WINDOWS\ehSched.exe ************************ Finner mapper Ingen mapper funnet ************************ Fjerner virusfiler .. OK ... C:\WINDOWS\ehSched.exe ************************ Renser registret Resten av filene taes bort etter omstart Ingen filer funnet ************************ Mistenkelige filer /!\ Konsulter en forumhjelper før du gjør noe med filene [C:\sp34080.exe] 2B1B3D736E73A7D9673C070E03AD3F69 ==> Vennligst last opp filen C:\DOCUME~1\Jette\SKRIVE~1\Upload_Me.zip on http://upload.changelog.fr Filene og registernøklene har blitt lagt i karantene 05.06.2008_ 0191026.zip ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Laget av : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\webdl.exe C:\WINDOWS\scvhosted.exe Post ny combofix-logg. Lenke til kommentar
ejv Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\webdl.exe C:\WINDOWS\scvhosted.exe Post ny combofix-logg. Her er ny combofix logg: ComboFix 08-06-03.4 - Jette 2008-06-05 17:27:58.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.535 [GMT 2:00] Running from: C:\Documents and Settings\Jette\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Jette\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\scvhosted.exe C:\WINDOWS\webdl.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\scvhosted.exe C:\WINDOWS\webdl.exe . ((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))) . 2008-06-05 01:23 . 2008-06-05 17:27 <DIR> dr-h----- C:\Documents and Settings\Jette\Siste 2008-06-04 12:54 . 2008-06-04 12:54 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-02 20:34 . 2008-06-04 20:59 <DIR> d-------- C:\Programfiler\Panda Security 2008-06-02 19:17 . 2008-06-04 20:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-02 19:17 . 2008-06-04 20:53 <DIR> d-------- C:\Documents and Settings\Jette\Programdata\SUPERAntiSpyware.com 2008-06-02 19:17 . 2008-06-02 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-02 01:23 . 2008-06-02 01:23 <DIR> d-------- C:\Documents and Settings\Jette\Programdata\Malwarebytes 2008-06-02 01:23 . 2008-06-02 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-06-02 00:58 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-02 00:22 . 2008-06-02 00:22 53,252 --a------ C:\WINDOWS\ehSched.MSNFix 2008-05-29 20:40 . 2008-06-05 00:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-29 20:40 . 2008-05-29 20:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\Programfiler\iTunes 2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- C:\Programfiler\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-05 06:00 --------- d-----w C:\Documents and Settings\Jette\Programdata\AVG7 2008-06-04 18:55 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-06-04 18:53 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-04 18:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-04 18:46 --------- d-----w C:\Programfiler\Java 2008-06-04 18:37 --------- d-----w C:\Programfiler\Bonjour 2008-06-04 08:32 --------- d-----w C:\Documents and Settings\Jette\Programdata\Azureus 2008-05-29 18:38 --------- d-----w C:\Programfiler\QuickTime 2008-05-08 19:57 --------- d-----w C:\Programfiler\LimeWire 2008-04-30 12:19 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-04-30 12:15 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-04-30 12:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-30 12:11 --------- d-----w C:\Documents and Settings\Jette\Programdata\DAEMON Tools 2008-04-30 11:54 --------- d-----w C:\Programfiler\FlashFXP 2008-04-30 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\FlashFXP 2008-04-20 22:17 --------- d-----w C:\Programfiler\Azureus 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 13:45 3,846 ----a-w C:\Documents and Settings\Jette\Programdata\wklnhst.dat 2007-03-16 14:00 16,739 ----a-r C:\Programfiler\_12_57bcca80acb4c144c0b1bf0a1e14149a . ((((((((((((((((((((((((((((( snapshot@2008-06-04_23.10.25,17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-04 18:55:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-04 22:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 00:17 68856] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016] "nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52 643072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 08:05 579584] "AAWTray"="C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 08:06 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Pavilion Webcam Tray Icon.lnk - C:\Programfiler\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-01 06:15:20 98304] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] ymetray.lnk - C:\Programfiler\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableLockWorkstation"= 0 (0x0) "DisableChangePassword"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\WINDOWS\system32\EZUPBH~1.DLL [2007-03-10 02:41 49152] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16137:TCP"= 16137:TCP:BitComet 16137 TCP "16137:UDP"= 16137:UDP:BitComet 16137 UDP R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\WINDOWS\system32\ezNTSvc.exe [2007-03-10 02:41] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] . Contents of the 'Scheduled Tasks' folder "2008-05-23 14:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-05-06 22:10:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-11-15 18:50:00 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 17:30:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@?????hY??????R?@?????,?@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AAWTray"="C:\\Programfiler\\Lavasoft\\Ad-Aware 2007\\AAWTray.exe" . Completion time: 2008-06-05 17:32:08 ComboFix-quarantined-files.txt 2008-06-05 15:31:32 ComboFix2.txt 2008-06-04 21:11:05 Pre-Run: 83,528,704,000 byte ledig Post-Run: 83,517,149,184 byte ledig 166 --- E O F --- 2008-05-17 01:01:30 Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Bruk utforsker til å finne og slette filen: C:\WINDOWS\ehSched.MSNFix Ut over dette ser loggen fin ut. Fortsatt probl. med msn? Lenke til kommentar
ejv Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Bruk utforsker til å finne og slette filen: C:\WINDOWS\ehSched.MSNFix Ut over dette ser loggen fin ut. Fortsatt probl. med msn? Joda..,msn ser ut til å funke bra ..sålangt.. Skal jeg bare slette combofix og msnFix..,eller er dette noe jeg trenger??? Tusen takk for all hjelp Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Combofix fjerner du ved å skrive combofix /u i kjør-feltet (start->kjør) MSNFix fjerner du ved å slette programmet. Surf trygt. Lenke til kommentar
r2d290 Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
ejv Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Combofix fjerner du ved å skrive combofix /u i kjør-feltet (start->kjør)MSNFix fjerner du ved å slette programmet. Surf trygt. Har kuttet ut windows live messenger ,har heller gått over til aMSN takk forr all hjelp Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå