fowler100 Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Hei, her er logg. Måtte avinnstalere noen program før jeg fikk til å kjøre combofix:) ComboFix 08-06-09.7 - Jan Roger 2008-06-11 10:24:49.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1119 [GMT 2:00] Running from: C:\Users\Jan Roger\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\ACER.exe . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-11 09:54 . 2008-06-11 09:54 1,274,952 --a------ C:\Windows\System32\PerfStringBackup.INI 2008-06-10 21:30 . 2008-06-11 10:23 <DIR> d-------- C:\327882R2FWJFW 2008-06-10 16:42 . 2008-06-11 09:45 <DIR> d-a------ C:\Users\All Users\TEMP 2008-06-10 16:42 . 2008-06-11 09:45 <DIR> d-a------ C:\ProgramData\TEMP 2008-06-10 16:38 . 2008-06-11 09:53 <DIR> d-------- C:\Users\All Users\Google 2008-06-10 16:38 . 2008-06-11 09:53 <DIR> d-------- C:\Program Files\Google 2008-06-10 15:45 . 2008-06-10 15:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-10 13:26 . 2008-06-10 13:35 <DIR> d-------- C:\Windows\BDOSCAN8 2008-05-31 15:19 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-05-31 15:19 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-05-31 15:19 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-05-28 08:46 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 08:46 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-19 23:17 . 2008-06-11 09:46 12 --a------ C:\Windows\bthservsdp.dat 2008-05-17 00:04 . 2008-05-17 00:04 <DIR> d-------- C:\Users\Jan Roger\AppData\Roaming\Template 2008-05-17 00:04 . 2008-05-17 00:04 0 --a------ C:\Users\Jan Roger\AppData\Roaming\wklnhst.dat 2008-05-16 12:06 . 2008-05-16 12:07 <DIR> d-------- C:\Users\Jan Roger\AppData\Roaming\CyberLink 2008-05-16 11:50 . 2007-12-06 04:18 54,784 --a------ C:\Windows\System32\drivers\i8042prt.sys 2008-05-14 17:25 . 2008-05-14 17:25 <DIR> d-------- C:\Users\Jan Roger\AppData\Roaming\Acer 2008-05-14 14:29 . 2008-05-14 14:29 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-14 09:40 . 2008-05-14 09:40 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-14 09:40 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-05-14 09:38 . 2008-05-14 09:38 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-14 09:33 . 2008-05-14 09:37 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-14 09:32 . 2008-05-14 09:32 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-14 09:32 . 2008-05-14 09:32 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-14 09:32 . 2008-05-17 00:56 <DIR> d-------- C:\Program Files\Windows Live 2008-05-11 11:33 . 2008-05-11 11:33 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-05-11 11:33 . 2008-05-11 11:33 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-05-11 11:31 . 2008-05-11 11:31 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-05-11 11:31 . 2008-05-11 11:31 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-05-11 11:31 . 2008-05-11 11:31 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-05-11 11:31 . 2008-05-11 11:31 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-05-11 11:31 . 2008-05-11 11:31 2,048 --a------ C:\Windows\System32\asferror.dll 2008-05-11 11:30 . 2008-05-11 11:30 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-05-11 11:30 . 2008-05-11 11:30 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-05-11 11:29 . 2008-05-11 11:29 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-05-11 11:29 . 2008-05-11 11:29 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-05-11 11:26 . 2008-05-11 11:26 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-05-11 11:26 . 2008-05-11 11:26 2,048 --a------ C:\Windows\System32\tzres.dll 2008-05-11 09:06 . 2008-05-11 09:06 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-05-11 09:06 . 2008-05-11 09:06 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-05-11 09:06 . 2008-05-11 09:06 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-05-11 09:06 . 2008-05-11 09:06 43,352 --a------ C:\Windows\System32\wups2.dll 2008-05-11 09:05 . 2008-05-11 09:05 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-05-11 09:05 . 2008-05-11 09:05 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-05-11 09:05 . 2008-05-11 09:05 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-05-11 09:05 . 2008-05-11 09:05 33,624 --a------ C:\Windows\System32\wups.dll 2008-05-11 09:05 . 2008-05-11 09:05 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-05-11 09:04 . 2008-05-11 09:04 <DIR> d-------- C:\Users\All Users\Yahoo! Companion 2008-05-11 09:04 . 2008-05-11 09:04 <DIR> d-------- C:\ProgramData\Yahoo! Companion . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 07:45 --------- d-----w C:\ProgramData\Symantec 2008-06-11 07:28 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-31 13:21 --------- d-----w C:\Program Files\Norton Internet Security 2008-05-31 13:19 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-05-31 13:19 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-05-31 13:19 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-05-31 13:19 --------- d-----w C:\Program Files\Symantec 2008-05-26 14:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-14 12:29 --------- d-----w C:\Program Files\Windows Mail 2008-05-11 09:37 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 09:28 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-05-11 09:28 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-05-11 09:28 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-05-11 09:28 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-05-11 09:28 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-05-11 09:28 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-05-11 09:28 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-05-11 09:27 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-05-11 09:27 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-05-09 21:31 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-05-09 21:31 315,392 ----a-w C:\Windows\HideWin.exe 2008-05-09 21:31 --------- d-----w C:\Program Files\Realtek 2008-05-09 14:57 --------- d-----w C:\ProgramData\CyberLink 2008-05-09 14:57 --------- d-----w C:\Program Files\Acer Inc 2008-05-09 14:56 --------- d-----w C:\Users\Jan Roger\AppData\Roaming\InstallShield 2008-05-09 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-09 14:51 --------- d-----w C:\Program Files\SUYIN 2008-05-09 14:51 --------- d-----w C:\Program Files\ACER CrystalEye webcam 2008-05-09 14:49 --------- d-----w C:\Program Files\Common Files\snp2uvc 2008-05-09 14:48 --------- d-----w C:\Program Files\Acer 2008-05-09 14:47 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS 2008-05-09 14:47 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys 2008-05-09 14:47 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-05-09 14:46 --------- d-----w C:\Program Files\WIDCOMM 2008-05-09 14:39 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-05-09 14:37 --------- d-----w C:\Program Files\Launch Manager 2008-05-09 14:36 --------- d-----w C:\ProgramData\NVIDIA 2008-05-09 14:34 --------- d-----w C:\Program Files\Yahoo! 2008-05-09 14:34 --------- d-----w C:\Program Files\Intel 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Start-meny 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Skrivebord 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Programdata 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Maler 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Favoritter 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Dokumenter 2008-05-09 14:30 --------- d-sh--w C:\Program Files\Fellesfiler 2007-12-22 01:59 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-11 11:30 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Acer Tour Reminder"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 10:55 102400] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 05:38 40048] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 17:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 18:38 1286144] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:44 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:42 22696] "Acer Tour"="" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 10:55 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 10:54 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 10:55 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 10:56 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-12-14 10:56 1826816 C:\Windows\SkyTel.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 10:55 174616] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 15:17 707080] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 10:32 200704] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-05-09 16:48:14 1216512] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-12-22 04:20:31 535336] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{076EC745-F577-417A-9FAD-34F4387961C7}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{EE7C081D-4161-49B8-9C96-1E4960D5DFC1}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{AEAC0F7A-ED71-4430-A83B-218DBA12596D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{BB5E7DE3-C0BE-4E97-99CA-E55AFAD63DBA}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{AB7579B6-2D46-4EC5-B27A-21B8D3DD542E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4AE25EAC-AE03-4218-B91C-BB46A722CCB6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DB448FA2-FDE3-4666-BCF0-B8FE1E7B5FAB}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{91B9CAEF-8AF0-45A7-A7B7-ACE542FF9B9B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{C2F71C7A-C425-49EF-8B86-59DA62F0CBC9}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{2A1E13AA-8989-4A41-AA42-2BFA86437812}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{6A335F26-328D-4FA4-A9C7-BAC08681A042}"= UDP:990:LocalSubnet:LocalSubnet|IF={8970D626-4736-440B-8FF4-7DE08AC46E91}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{8B807456-7D0E-4634-9E5C-76C6925766A3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F23A9CD0-982A-4505-B2BA-27CD8200BDA6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{AFAC0DE5-E556-489F-95D6-2BC6113360BB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080609.001\IDSvix86.sys [2008-05-13 00:27] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 10:48] R2 RapiMgr;Tilkobling for Windows Mobile-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 19:18] R2 WcesComm;Tilkobling for Windows Mobile 2003-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:45] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 10:56] S3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 04:16] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 10:56] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;C:\Windows\system32\drivers\AVerA310Cap.sys [2007-07-10 04:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-26 07:03:23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jan Roger.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-05-14 07:38:50 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 10:26:59 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-11 10:27:52 ComboFix-quarantined-files.txt 2008-06-11 08:27:44 Pre-Run: 84,040,675,328 byte ledig Post-Run: 84,159,045,632 byte ledig 224 --- E O F --- 2008-06-11 07:28:43 Endret 15. juni 2008 av fowler100 Lenke til kommentar
snippsat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 Ser bra ut dette. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Lenke til kommentar
fowler100 Skrevet 11. juni 2008 Forfatter Del Skrevet 11. juni 2008 Hei, nå har jeg "scan og save", hva nå? jeg er rimelig på tynn is....... slik er det å ha fått sin første pc på mange år, lettere med jobb pc og data konsulent på jobb som ordner opp når noe går galt. Hvordan får jeg lagt inn logg/tekst i en slik spoilertekst, så jeg slipper at hele loggen kommer frem slik som jeg har gjort? mvh jr Ser bra ut dette. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:45:44, on 11.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Dwm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Acer\Acer VCM\VC.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liverpool.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10687 bytes Lenke til kommentar
Kanstad Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liverpool.no/ Denne er nok synderen. Kvitt deg med alle slike tendenser, så skal du se at alt blir bedre.... :!: Lenke til kommentar
fowler100 Skrevet 11. juni 2008 Forfatter Del Skrevet 11. juni 2008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liverpool.no/ Denne er nok synderen. Kvitt deg med alle slike tendenser, så skal du se at alt blir bedre.... :!: hehe, både pc og favorittlaget er årsak til mye frustrasjon.......... håper nå at pc blir bra, laget er det verre med.... den diskusjonen får vi ta i et annet forum.......... Lenke til kommentar
snippsat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Ser bra ut dette du er ren Combofix slettet en fil. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. SAS free + CCleaner Er greie program du kan bruke i tillegg til norton. slik spoilertekst, så jeg slipper at hele loggen kommer frem Logger er greit og legge i skjult tekst. [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Surf trygt. Endret 11. juni 2008 av SNIPPSAT Lenke til kommentar
fowler100 Skrevet 11. juni 2008 Forfatter Del Skrevet 11. juni 2008 Takk for hjelpen, trodde det var mye verre enn det var. mvh jr Ser bra ut dette du er ren Combofix slettet en fil. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. SAS free + CCleaner Er greie program du kan bruke i tillegg til norton. slik spoilertekst, så jeg slipper at hele loggen kommer frem Logger er greit og legge i skjult tekst. [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Surf trygt. Lenke til kommentar
r2d290 Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
fowler100 Skrevet 15. juni 2008 Forfatter Del Skrevet 15. juni 2008 Ser bra ut dette du er ren Combofix slettet en fil. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. SAS free + CCleaner Er greie program du kan bruke i tillegg til norton. slik spoilertekst, så jeg slipper at hele loggen kommer frem Logger er greit og legge i skjult tekst. [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Surf trygt. Hei problemet er tilbake, og som MrBaboy skriver i sitt innlegg så finner ikke jeg heller noen fornuftig årsak til at problemet er tilbake....... ComboFix 08-06-12.2 - Jan Roger 2008-06-15 11:50:31.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1221 [GMT 2:00] Running from: C:\Users\Jan Roger\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Windows\Fonts\CALIBRIB.TTF . ((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))) . 2008-06-15 11:50 . 2008-06-15 11:50 <DIR> d-------- C:\327882R2FWJFW 2008-06-14 15:41 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-06-14 15:41 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll 2008-06-14 15:41 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll 2008-06-14 15:41 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-14 15:41 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-14 15:41 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-14 15:41 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-11 19:07 . 2008-06-11 19:07 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-06-11 19:07 . 2008-06-11 19:07 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys 2008-06-11 19:07 . 2008-06-11 19:07 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-06-11 19:01 . 2008-06-15 10:03 <DIR> d-------- C:\Windows\System32\drivers\Avg 2008-06-11 18:51 . 2008-06-11 18:51 <DIR> d-------- C:\Program Files\AVG 2008-06-11 18:50 . 2008-06-11 18:51 <DIR> d-------- C:\Users\All Users\avg8 2008-06-11 18:50 . 2008-06-11 18:51 <DIR> d-------- C:\ProgramData\avg8 2008-06-11 18:32 . 2008-06-11 18:33 47,787,248 --a------ C:\Users\Jan Roger\avg_free_stf_en_8_100a1295.exe 2008-06-11 09:54 . 2008-06-15 11:49 1,274,952 --a------ C:\Windows\System32\PerfStringBackup.INI 2008-06-11 09:35 . 2008-04-29 03:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys 2008-06-11 09:35 . 2008-04-29 05:50 181,760 --a------ C:\Windows\System32\fsquirt.exe 2008-06-11 09:35 . 2008-04-29 03:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS 2008-06-10 16:42 . 2008-06-11 09:45 <DIR> d-a------ C:\Users\All Users\TEMP 2008-06-10 16:42 . 2008-06-11 09:45 <DIR> d-a------ C:\ProgramData\TEMP 2008-06-10 16:38 . 2008-06-11 09:53 <DIR> d-------- C:\Users\All Users\Google 2008-06-10 16:38 . 2008-06-11 23:38 <DIR> d-------- C:\Program Files\Google 2008-06-10 15:45 . 2008-06-10 15:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-10 13:26 . 2008-06-10 13:35 <DIR> d-------- C:\Windows\BDOSCAN8 2008-05-31 15:19 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-05-31 15:19 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-05-31 15:19 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-05-28 08:46 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 08:46 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-19 23:17 . 2008-06-15 11:43 12 --a------ C:\Windows\bthservsdp.dat 2008-05-17 00:04 . 2008-05-17 00:04 <DIR> d-------- C:\Users\Jan Roger\AppData\Roaming\Template 2008-05-17 00:04 . 2008-05-17 00:04 0 --a------ C:\Users\Jan Roger\AppData\Roaming\wklnhst.dat 2008-05-16 12:06 . 2008-05-16 12:07 <DIR> d-------- C:\Users\Jan Roger\AppData\Roaming\CyberLink 2008-05-16 11:50 . 2007-12-06 04:18 54,784 --a------ C:\Windows\System32\drivers\i8042prt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 08:02 --------- d-----w C:\Program Files\Windows Mail 2008-06-11 21:38 --------- d-----w C:\Program Files\Symantec 2008-06-11 07:45 --------- d-----w C:\ProgramData\Symantec 2008-06-11 07:28 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-31 13:21 --------- d-----w C:\Program Files\Norton Internet Security 2008-05-31 13:19 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-05-31 13:19 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-05-31 13:19 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-05-26 14:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-16 22:56 --------- d-----w C:\Program Files\Windows Live 2008-05-14 15:25 --------- d-----w C:\Users\Jan Roger\AppData\Roaming\Acer 2008-05-14 12:29 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-14 07:40 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-14 07:38 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-05-14 07:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-14 07:32 --------- d-----w C:\ProgramData\WLInstaller 2008-05-11 09:37 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 09:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-05-11 09:33 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-05-11 09:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-05-11 09:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-05-11 09:31 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-05-11 09:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-05-11 09:30 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-05-11 09:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-05-11 09:29 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-05-11 09:29 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-05-11 09:28 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-05-11 09:28 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-05-11 09:28 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-05-11 09:28 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-05-11 09:28 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-05-11 09:26 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-05-11 07:06 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-05-11 07:06 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-05-11 07:06 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-05-11 07:06 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-05-11 07:05 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-05-11 07:05 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-05-11 07:05 33,624 ----a-w C:\Windows\System32\wups.dll 2008-05-11 07:05 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-05-11 07:05 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2008-05-11 07:04 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-09 21:31 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-05-09 21:31 315,392 ----a-w C:\Windows\HideWin.exe 2008-05-09 21:31 --------- d-----w C:\Program Files\Realtek 2008-05-09 14:57 --------- d-----w C:\ProgramData\CyberLink 2008-05-09 14:57 --------- d-----w C:\Program Files\Acer Inc 2008-05-09 14:56 --------- d-----w C:\Users\Jan Roger\AppData\Roaming\InstallShield 2008-05-09 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-09 14:51 --------- d-----w C:\Program Files\SUYIN 2008-05-09 14:51 --------- d-----w C:\Program Files\ACER CrystalEye webcam 2008-05-09 14:49 --------- d-----w C:\Program Files\Common Files\snp2uvc 2008-05-09 14:48 --------- d-----w C:\Program Files\Acer 2008-05-09 14:46 --------- d-----w C:\Program Files\WIDCOMM 2008-05-09 14:39 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-05-09 14:37 --------- d-----w C:\Program Files\Launch Manager 2008-05-09 14:36 --------- d-----w C:\ProgramData\NVIDIA 2008-05-09 14:34 --------- d-----w C:\Program Files\Yahoo! 2008-05-09 14:34 --------- d-----w C:\Program Files\Intel 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Start-meny 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Skrivebord 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Programdata 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Maler 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Favoritter 2008-05-09 14:30 --------- d-sh--w C:\ProgramData\Dokumenter 2008-05-09 14:30 --------- d-sh--w C:\Program Files\Fellesfiler 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-22 01:59 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-11 11:30 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Acer Tour Reminder"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 10:55 102400] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 05:38 40048] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 17:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 18:38 1286144] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:44 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:42 22696] "Acer Tour"="" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 10:55 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 10:54 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 10:55 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 10:56 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-12-14 10:56 1826816 C:\Windows\SkyTel.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 10:55 174616] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 15:17 707080] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 10:32 200704] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-11 18:55 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-05-09 16:48:14 1216512] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-12-22 04:20:31 535336] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{076EC745-F577-417A-9FAD-34F4387961C7}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{EE7C081D-4161-49B8-9C96-1E4960D5DFC1}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{AEAC0F7A-ED71-4430-A83B-218DBA12596D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{BB5E7DE3-C0BE-4E97-99CA-E55AFAD63DBA}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{AB7579B6-2D46-4EC5-B27A-21B8D3DD542E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4AE25EAC-AE03-4218-B91C-BB46A722CCB6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DB448FA2-FDE3-4666-BCF0-B8FE1E7B5FAB}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{91B9CAEF-8AF0-45A7-A7B7-ACE542FF9B9B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{C2F71C7A-C425-49EF-8B86-59DA62F0CBC9}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{2A1E13AA-8989-4A41-AA42-2BFA86437812}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{6A335F26-328D-4FA4-A9C7-BAC08681A042}"= UDP:990:LocalSubnet:LocalSubnet|IF={8970D626-4736-440B-8FF4-7DE08AC46E91}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{8B807456-7D0E-4634-9E5C-76C6925766A3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F23A9CD0-982A-4505-B2BA-27CD8200BDA6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{AFAC0DE5-E556-489F-95D6-2BC6113360BB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{8CDCB8C8-D179-4B60-8FF8-B1CEF6A67969}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{93675330-EAE8-46A2-9729-BBADC2613FFC}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-11 19:07] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080609.001\IDSvix86.sys [2008-05-13 00:27] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 10:48] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-11 18:53] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-11 18:53] R2 RapiMgr;Tilkobling for Windows Mobile-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 19:18] R2 WcesComm;Tilkobling for Windows Mobile 2003-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-11 19:07] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:45] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 10:56] S3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 04:16] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 10:56] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;C:\Windows\system32\drivers\AVerA310Cap.sys [2007-07-10 04:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-13 19:13:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jan Roger.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-05-14 07:38:50 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-15 11:52:13 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-15 11:53:04 ComboFix-quarantined-files.txt 2008-06-15 09:52:46 ComboFix2.txt 2008-06-11 08:27:52 Pre-Run: 83,733,970,944 byte ledig Post-Run: 83,716,399,104 byte ledig 246 --- E O F --- 2008-06-14 18:04:25 Lenke til kommentar
norbat Skrevet 15. juni 2008 Del Skrevet 15. juni 2008 Hei, Hvis du ikke har byttet passord på din MSN-brukerkonto, så gjør du det nå. Deretter forteller du hvilket 'problem' du opplever. Sender du ut meldinger eller er det andre som tilsynelatende får meldinger fra deg - og hva står det i disse meldingene? Lenke til kommentar
fowler100 Skrevet 15. juni 2008 Forfatter Del Skrevet 15. juni 2008 Hei,Hvis du ikke har byttet passord på din MSN-brukerkonto, så gjør du det nå. Deretter forteller du hvilket 'problem' du opplever. Sender du ut meldinger eller er det andre som tilsynelatende får meldinger fra deg - og hva står det i disse meldingene? Jeg får beskjed om at jeg er pålogget med en annen maskin, og så blir jeg logget av, og så får noen av kontaktene mine noe som ser ut som en personlig mld. fra meg. Vet ikke hva som står i linken, men mitt navn står der bl.a. Lenke til kommentar
norbat Skrevet 15. juni 2008 Del Skrevet 15. juni 2008 Som nevnt, bytt passord på MSN-brukerkontoen din nå! Lenke til kommentar
fowler100 Skrevet 15. juni 2008 Forfatter Del Skrevet 15. juni 2008 Som nevnt, bytt passord på MSN-brukerkontoen din nå! Det var det første jeg gjorde...... Lenke til kommentar
norbat Skrevet 15. juni 2008 Del Skrevet 15. juni 2008 Selv om noen får 'melding' fra deg, så trenger ikke det å ha noe med din PC-en å gjøre. I ditt tilfelle viser ikke loggen noen suspekte filer. Bytt passord igjen og se om problemet fortsetter. Du kunne i tillegg ha scannet med et antispywareprog. for å se om det snappet om noe: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste om det blir funnet noe. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå