Maggi94 Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Her er comboFix loggen min: ComboFix 08-06-01.6 - Margrete 2008-06-06 18:41:08.3 - NTFSx86 Running from: C:\Documents and Settings\Margrete\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))) . 2008-06-02 23:18 . 2008-06-02 23:18 <DIR> d-------- C:\Documents and Settings\LocalService\Skrivebord 2008-06-02 23:16 . 2008-06-03 12:17 61,444 --a------ C:\WINDOWS\sshost.exe 2008-06-02 22:57 . 2008-06-02 22:55 53,252 -r-hs---- C:\WINDOWS\ehSched.exe 2008-05-30 15:35 . 2008-06-06 17:07 <DIR> d-------- C:\Documents and Settings\Margrete\Programdata\OpenOffice.org2 2008-05-30 15:31 . 2008-05-30 15:31 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3 2008-05-07 14:25 . 2008-05-07 14:26 <DIR> d-------- C:\Programfiler\Disc2Phone 2008-05-06 21:46 . 2008-05-06 21:47 <DIR> d-------- C:\WINDOWS\system32\URTTemp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 16:47 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-06-06 16:33 --------- d-----w C:\Documents and Settings\Margrete\Programdata\uTorrent 2008-06-06 16:06 --------- d-----w C:\Documents and Settings\Margrete\Programdata\Skype 2008-04-24 19:03 --------- d-----w C:\Programfiler\Skylook 2008-04-24 19:02 81,920 ----a-w C:\WINDOWS\eSellerateControl350.dll 2008-04-24 19:02 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll 2008-04-24 19:02 114,688 ----a-w C:\WINDOWS\eWebControl.dll 2008-04-18 20:18 --------- d-----w C:\Documents and Settings\Margrete\Programdata\FrostWire 2007-04-15 20:14 374 ----a-w C:\Documents and Settings\Margrete\Programdata\internaldb6334.dat 2007-04-15 18:08 18,432 ----a-w C:\Documents and Settings\Margrete\Programdata\internaldb41.dat 2007-04-15 16:41 538 ----a-w C:\Documents and Settings\Margrete\Programdata\internaldb8467.dat 2007-12-03 16:46 88 --sh--r C:\WINDOWS\system32\75640F18B3.sys 2007-12-03 16:46 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-13 13:24 174,592 --sh--r C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-03_ 8.15.18.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-03 05:52:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-06 16:47:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-03-08 17:41 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] 2007-12-11 20:17 1502232 --a------ C:\Programfiler\Absolutist_Games\tbAbs0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Programfiler\Absolutist_Games\tbAbs0.dll" [2007-12-11 20:17 1502232] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-08 17:41 267592] [HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= C:\Programfiler\Absolutist_Games\tbAbs0.dll [2007-12-11 20:17 1502232] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-08 17:41 267592] [HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "3COM"="C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" [2005-03-23 23:03 409600] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe.dis /R" [ ] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 19:37 68856] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352] "CreativeTaskScheduler"="C:\Programfiler\Creative\Shared Files\CTSched.exe" [2006-11-17 03:42 53341] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe.dis" [ ] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-10-04 13:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28 85744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 16:19 40960] "Control Center"="C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe" [2005-02-03 15:33 1585664] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ] "QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424] "Windows UDP Control Center"="ehSched.exe" [2008-06-02 22:55 53252 C:\WINDOWS\ehSched.exe] "Nod32 Runtime"="sysregi.exe" [2007-06-13 15:24 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"="sysregi.exe" [2007-06-13 15:24 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] C:\Documents and Settings\Margrete\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmgr.exe"= "C:\\Documents and Settings\\Margrete\\Mine dokumenter\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Margrete\\Skrivebord\\Ny mappe (2)\\FrostWire\\FrostWire.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-20 20:47] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26] S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-03-28 14:24] S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-01-07 15:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed2c905-8a0c-11dc-aec9-001150dcc39c}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-28 07:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-06 16:50:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-06-06 16:43:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 19:00:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [3092] 0x8234CDA0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.bin C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-06-06 19:08:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 17:08:31 ComboFix2.txt 2008-06-04 15:16:07 ComboFix3.txt 2008-06-03 06:16:16 Pre-Run: 97,305,751,552 byte ledig Post-Run: 97,294,368,768 byte ledig 178 --- E O F --- 2008-05-29 02:01:19 Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\sshost.exe C:\WINDOWS\ehSched.exe C:\Documents and Settings\Margrete\Programdata\internaldb6334.dat C:\Documents and Settings\Margrete\Programdata\internaldb41.dat C:\Documents and Settings\Margrete\Programdata\internaldb8467.dat C:\WINDOWS\system32\75640F18B3.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows UDP Control Center"=- Scann denne filen her Virustotal C:\WINDOWS\system32\sysregi.exe Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Endret 6. juni 2008 av SNIPPSAT Lenke til kommentar
Maggi94 Skrevet 6. juni 2008 Forfatter Del Skrevet 6. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:19:55, on 07.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\sysregi.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\Creative\Shared Files\CTSched.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\WINDOWS\explorer.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe.dis" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera O4 - HKLM\..\Run: [Control Center] C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe O4 - HKCU\..\Run: [3COM] "C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe.dis /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Programfiler\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PalTalk.lnk = C:\Programfiler\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk570YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programfiler\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162501889373 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Programdata\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 13558 bytes Lenke til kommentar
Maggi94 Skrevet 6. juni 2008 Forfatter Del Skrevet 6. juni 2008 ComboFix 08-06-01.6 - Margrete 2008-06-07 0:39:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.236 [GMT 2:00] Running from: C:\Documents and Settings\Margrete\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Margrete\Skrivebord\CFScript.txt..txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Margrete\Programdata\internaldb41.dat C:\Documents and Settings\Margrete\Programdata\internaldb6334.dat C:\Documents and Settings\Margrete\Programdata\internaldb8467.dat C:\WINDOWS\ehSched.exe C:\WINDOWS\sshost.exe C:\WINDOWS\system32\75640F18B3.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Margrete\Programdata\internaldb41.dat C:\Documents and Settings\Margrete\Programdata\internaldb6334.dat C:\Documents and Settings\Margrete\Programdata\internaldb8467.dat C:\WINDOWS\ehSched.exe C:\WINDOWS\sshost.exe C:\WINDOWS\system32\75640F18B3.sys . ((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))) . 2008-06-02 23:18 . 2008-06-02 23:18 <DIR> d-------- C:\Documents and Settings\LocalService\Skrivebord 2008-05-30 15:35 . 2008-06-06 19:02 <DIR> d-------- C:\Documents and Settings\Margrete\Programdata\OpenOffice.org2 2008-05-30 15:31 . 2008-05-30 15:31 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3 2008-05-07 14:25 . 2008-05-07 14:26 <DIR> d-------- C:\Programfiler\Disc2Phone 2008-05-06 21:46 . 2008-05-06 21:47 <DIR> d-------- C:\WINDOWS\system32\URTTemp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 22:47 --------- d-----w C:\Documents and Settings\Margrete\Programdata\Skype 2008-06-06 22:45 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-06-06 16:33 --------- d-----w C:\Documents and Settings\Margrete\Programdata\uTorrent 2008-04-24 19:03 --------- d-----w C:\Programfiler\Skylook 2008-04-24 19:02 81,920 ----a-w C:\WINDOWS\eSellerateControl350.dll 2008-04-24 19:02 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll 2008-04-24 19:02 114,688 ----a-w C:\WINDOWS\eWebControl.dll 2008-04-18 20:18 --------- d-----w C:\Documents and Settings\Margrete\Programdata\FrostWire 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2007-12-03 16:46 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-13 13:24 174,592 --sh--r C:\WINDOWS\system32\sysregi.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-03_ 8.15.18.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-03 05:52:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-06 22:44:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-03-08 17:41 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] 2007-12-11 20:17 1502232 --a------ C:\Programfiler\Absolutist_Games\tbAbs0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Programfiler\Absolutist_Games\tbAbs0.dll" [2007-12-11 20:17 1502232] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-08 17:41 267592] [HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= C:\Programfiler\Absolutist_Games\tbAbs0.dll [2007-12-11 20:17 1502232] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-08 17:41 267592] [HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "3COM"="C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" [2005-03-23 23:03 409600] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe.dis /R" [ ] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 19:37 68856] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352] "CreativeTaskScheduler"="C:\Programfiler\Creative\Shared Files\CTSched.exe" [2006-11-17 03:42 53341] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe.dis" [ ] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-10-04 13:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28 85744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 16:19 40960] "Control Center"="C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe" [2005-02-03 15:33 1585664] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ] "QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424] "Nod32 Runtime"="sysregi.exe" [2007-06-13 15:24 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"="sysregi.exe" [2007-06-13 15:24 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] C:\Documents and Settings\Margrete\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmgr.exe"= "C:\\Documents and Settings\\Margrete\\Mine dokumenter\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Margrete\\Skrivebord\\Ny mappe (2)\\FrostWire\\FrostWire.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-20 20:47] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26] S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-03-28 14:24] S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-01-07 15:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed2c905-8a0c-11dc-aec9-001150dcc39c}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-28 07:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-06 22:48:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-06-06 22:43:17 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 00:45:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.bin C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2008-06-07 0:54:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 22:54:43 ComboFix2.txt 2008-06-06 17:08:47 ComboFix3.txt 2008-06-04 15:16:07 ComboFix4.txt 2008-06-03 06:16:16 Pre-Run: 97,435,348,992 byte ledig Post-Run: 97,422,651,392 byte ledig 196 --- E O F --- 2008-05-29 02:01:19 Lenke til kommentar
norbat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Lag et nytt CFScript med følgende innhold som du drar over combofix-iconet på samme måte som første gang: File:: C:\WINDOWS\system32\sysregi.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nod32 Runtime"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"=- Hent gratisversjonen til SAS, installer, oppdater og kjør en quick scan. Post ny HJT-logg + loggen til SAS (preferences->statistics/logs) Lenke til kommentar
Maggi94 Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 (endret) Beklager, eg tok først på quick scan. Men her er full scan SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/07/2008 at 09:36 PM Application Version : 4.15.1000 Core Rules Database Version : 3477 Trace Rules Database Version: 1468 Scan type : Complete Scan Total Scan Time : 00:32:08 Memory items scanned : 669 Memory threats detected : 0 Registry items scanned : 4689 Registry threats detected : 0 File items scanned : 24215 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Margrete\Cookies\margrete@atdmt[2].txt C:\Documents and Settings\Margrete\Cookies\[email protected][2].txt C:\Documents and Settings\Margrete\Cookies\[email protected][1].txt C:\Documents and Settings\Margrete\Cookies\margrete@atdmt[1].txt .adtech.de [ C:\Documents and Settings\Margrete\Programdata\Mozilla\Firefox\Profiles\whau8ons.default\cookies.txt ] Endret 7. juni 2008 av Maggi94 Lenke til kommentar
Maggi94 Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:54:35, on 07.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\Creative\Shared Files\CTSched.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Margrete\Skrivebord\Ny mappe (2)\FrostWire\FrostWire.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs0.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe.dis" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera O4 - HKLM\..\Run: [Control Center] C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [3COM] "C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe.dis /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Programfiler\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: PalTalk.lnk = C:\Programfiler\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk570YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programfiler\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162501889373 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Programdata\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 12559 bytes Lenke til kommentar
norbat Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 Vurder om følgende prog/toolbars er nødvendig å ha, hvis ikke, se om du får avinstaller de fra legg til/fjern programmer: SweetIM Absolutist Games Toolbar Ask Toolbar Windows Live Toolbar Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk570YYNO O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programfiler\Paltalk Messenger\Paltalk.exe (file missing) Oppdater java: http://java.com/en/download/index.jsp Post ny hjt-logg og fortell om du fjernet noen av programmene som er nevnt over. Lenke til kommentar
Maggi94 Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 Eg fekk fjerna dei programmoså du bedde meg om. Her er loggen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:16:20, on 08.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\Creative\Shared Files\CTSched.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera O4 - HKLM\..\Run: [Control Center] C:\Programfiler\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [3COM] "C:\Programfiler\3Com\3Com Wireless USB Utility\Wlan.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe.dis /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Programfiler\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: PalTalk.lnk = C:\Programfiler\Paltalk Messenger\paltalk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162501889373 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Programdata\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 10470 bytes Lenke til kommentar
norbat Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 Fix følgende linjer med hjt: O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab Bruk utforsker til å finne og slett mappa: C:\Programfiler\Macrogaming (utforsker = høyreklikk på Start-knappen, velg Utforsk) Ut over dette ser det fint ut. Hvordan kjører PC-en (og MSN) ? Lenke til kommentar
Maggi94 Skrevet 8. juni 2008 Forfatter Del Skrevet 8. juni 2008 Macrogaming mappo vil ikkje slettast. Det er noko inni mappo som ikkje vil slettast. Mappo er på skrivebeskyttet. Men eg får det ikkje av. Kva skal eg gjer? Lenke til kommentar
snippsat Skrevet 8. juni 2008 Del Skrevet 8. juni 2008 Install. http://ccollomb.free.fr/unlocker/ Høyereklikk på mappe eller fil. Velg unlocker da kan du slette. Som norbat spør om si litt om hvordan pcen kjører. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå