Coreless Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 hei og takk til alle som bruker sin tid til å hjelpe andre med problemer. jeg har nylig fått problemer under oppstart (Windows XP) av maskinen. jeg får opp denne feilmeldingen: ----------------------------------------------- 16-biters MS-DOS-delsystem C:\1.exe NTVDM CPUen fikk en ugyldig instruksjon + CS, IP, OP koder... ----------------------------------------------- maskinen fungerer som det skal ellers (kanskje bare litt tregere). 1.exe filen har jeg aldri sett før. prøvde å slette filen flere ganger men den dukker opp igjen etterhvert. NAV, CCleaner, Spybot og Ad-aware finner ikke noe galt. alle programmene er oppdaterte til nyeste versjon. er det noen her som kjenner til dette problemet og hvordan jeg kan løse det? setter stor pris på "tilbakemelding for dummies" fra dere. Lenke til kommentar
snippsat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 (endret) Hei! Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 13. juni 2008 av SNIPPSAT Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 ComboFix 08-06-11.7 - XXX 2008-06-13 17:24:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.607 [GMT 2:00] Running from: C:\Documents and Settings\XXX\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1.exe C:\Programfiler\iMeshBar C:\WINDOWS\Fonts\CALIBRIB.TTF C:\WINDOWS\system32\auto.exe . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-12 11:23 . 2008-06-12 11:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-12 11:22 . 2008-06-13 16:12 <DIR> d----c--- C:\Documents and Settings\XXX\.housecall6.6 2008-06-12 11:03 . 2008-06-12 11:03 <DIR> dr-h-c--- C:\Documents and Settings\XXX\Siste 2008-06-12 08:56 . 2008-06-12 08:57 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\SecTaskMan 2008-06-11 09:37 . 2008-06-11 09:37 <DIR> d-------- C:\Documents and Settings\XXX\Programdata\Uniblue 2008-06-11 09:07 . 2008-04-14 18:01 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:07 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-02 16:53 . 2008-06-02 16:53 <DIR> d-------- C:\Documents and Settings\XXX\Programdata\Youdagames 2008-06-02 16:53 . 2008-06-02 16:55 526,879 --a------ C:\WINDOWS\system32\msupdte.exe 2008-05-17 22:05 . 2008-05-17 22:05 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-17 22:05 . 2008-05-17 22:05 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-17 21:46 . 2008-04-14 18:22 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-05-17 21:45 . 2008-04-14 18:21 651,264 --------- C:\WINDOWS\system32\dot3ui.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 15:10 --------- d-----w C:\Programfiler\PokerStars 2008-06-12 10:42 --------- dc----w C:\Documents and Settings\All Users\Programdata\MumboJumbo 2008-06-12 09:03 --------- dc----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-12 09:00 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-06-11 20:56 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-06-07 22:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-03 17:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-30 22:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-30 22:06 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-30 22:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-30 22:06 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-30 22:06 --------- d-----w C:\Programfiler\Symantec 2008-05-24 11:51 --------- d-----w C:\Documents and Settings\XXX\Programdata\U3 2008-05-17 20:53 724,520 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-05-14 23:02 --------- dc----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-08 14:02 203,136 ---ha-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,291,264 ---ha-w C:\WINDOWS\system32\quartz.dll 2008-05-06 19:30 --------- d-----w C:\Programfiler\AGEIA Technologies 2008-05-06 19:29 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-05 00:02 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-26 17:41 --------- d-----w C:\Programfiler\PartyGaming 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-14 16:39 1,804 ---ha-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ---ha-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ---ha-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ---ha-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ------w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ---ha-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 3,584 ---ha-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ---ha-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ---ha-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ---ha-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ---ha-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 16:01 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:56 73,344 ---ha-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ---ha-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ---ha-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ---ha-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ---ha-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,190,720 ---ha-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,067,584 ---ha-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ---ha-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ---ha-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ---ha-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ---ha-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ---ha-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 40,576 ---ha-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ------w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ---ha-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ---ha-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ---ha-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ---ha-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ---ha-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 1,845,632 ---ha-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ---ha-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ---ha-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ---ha-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ---ha-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ---ha-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ---ha-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:39 103,424 ---ha-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 15:38 22,912 ---ha-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ---ha-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ---ha-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ------w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ---ha-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ---ha-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ---ha-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ---ha-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ---ha-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ---ha-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ---ha-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ---ha-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ---ha-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ---ha-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ---ha-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ---ha-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ---ha-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ---ha-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ---ha-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ---ha-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:15 60,800 ---ha-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ---ha-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ---ha-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ---ha-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ---ha-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ---ha-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ---ha-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ---ha-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ---ha-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ---ha-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ---ha-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ---ha-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ---ha-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ---ha-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ---ha-w C:\WINDOWS\system32\drivers\nwlnkipx.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "DAEMON Tools Lite"="C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2001-12-20 01:59 204800] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42 35328] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2004-06-20 23:41 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816] "osCheck"="C:\Programfiler\Norton AntiVirus\osCheck.exe" [2007-01-14 09:11 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 03:01 644696] "CanonMyPrinter"="C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 03:50 1603152] "Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [2008-06-02 16:55 526879] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:22 15360] "PopupJammer"="C:\PROGRAM FILES\ADVANCED SEARCHBAR\JAMMER.EXE" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-22 00:03 185632 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BitTorrent\\btdownloadgui.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Verktøy\\iMesh\\iMesh.exe"= "C:\\Verktøy\\BitTorrent 4.1.6\\bittorrent.exe"= "C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"= "C:\\Verktøy\\BitTorrent 4.4.1\\bittorrent.exe"= "C:\\Verktøy\\BitTurrent\\bittorrent.exe"= "C:\\Verktøy\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Verktøy\\PartyPoker\\PartyGaming.exe"= "C:\\Verktøy\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Verktøy\\Realplayer\\realplay.exe"= "C:\\Verktøy\\bitcomet\\BitComet.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Fellesfiler\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Games\\Rise Of Nations [PC][www.zonatorrent.com]\\Rise\\rise.exe"= "C:\\Verktøy\\SopCast\\SOP\\SopCast\\SopCast.exe"= "C:\\Verktøy\\SopCast\\SOP\\SopCast\\adv\\SopAdver.exe"= "C:\\Verktøy\\Skype\\Phone\\Skype.exe"= "C:\\Games\\Football.Manager.2008.CloneCD-NETSHOW\\FM2008\\fm.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2main.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2main_amdxp.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwupdate.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17151:TCP"= 17151:TCP:BitComet 17151 TCP "17151:UDP"= 17151:UDP:BitComet 17151 UDP "443:TCP"= 443:TCP:443 "2147:TCP"= 2147:TCP:2147 "8227:TCP"= 8227:TCP:BitComet 8227 TCP "8227:UDP"= 8227:UDP:BitComet 8227 UDP R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 08:14] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-12 19:27] S3 ldiskl;ldiskl;C:\DOCUME~1\FARSHI~1\LOKALE~1\Temp\ldiskl.sys [] S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [] S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [] S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [] S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [] S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aefdba2-6f86-11dc-a77a-0040ca6ca656}] \Shell\AutoRun\command - H:\Launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da77df0a-eb2d-11db-a689-0040ca6ca656}] \Shell\AutoRun\command - F:\LaunchU3.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-09 18:25:11 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - XXX.job" - C:\Programfiler\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 17:27:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-06-13 17:30:34 ComboFix-quarantined-files.txt 2008-06-13 15:29:47 Pre-Run: 11,622,957,056 byte ledig Post-Run: 11,672,260,608 byte ledig 263 --- E O F --- 2008-05-16 20:30:41 håper jeg har gjort det riktig... Lenke til kommentar
snippsat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Folder:: C:\Documents and Settings\All Users\Programdata\SecTaskMan File:: C:\WINDOWS\system32\msupdte.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Microsoft WinUpdate"=- --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 ComboFix 08-06-11.7 - XXX 2008-06-13 18:02:25.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.606 [GMT 2:00] Running from: C:\Documents and Settings\XXX\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\XXX\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\msupdte.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1.exe C:\Documents and Settings\All Users\Programdata\SecTaskMan C:\Documents and Settings\All Users\Programdata\SecTaskMan\_entreelist.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\_enviewlist.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109010090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109010090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109030000000000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109030000000000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_000021091A0090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109411090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109411090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109440090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109440090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109510090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109510090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109511090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109511090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109610090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109610090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109711090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109711090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109810090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109810090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109910090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109910090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109A10090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109AB0090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109B10090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109C20090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109E60090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F10090400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F100A0C00000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F100C0400000000000F01FEC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_020D22CF50035174D89F3FDE8ED1BED3 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_020D22CF50035174D89F3FDE8ED1BED3.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_0A0CBF02061341F438DEA347BBB6C813 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_0A0CBF02061341F438DEA347BBB6C813.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_118B119BE3AB4D64098FF63383536915 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_118B119BE3AB4D64098FF63383536915.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_12341 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_12345 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_17400AB28230347339DBAF1833357A38 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_19739271E28CC6749979A9F02F431AB9 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_19739271E28CC6749979A9F02F431AB9.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1D36A07D45F23174A86EBB2DD8A1266E C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1D36A07D45F23174A86EBB2DD8A1266E.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1F8E788C0056AE64FB37E36F63514944 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_1F8E788C0056AE64FB37E36F63514944.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_20B58AD20C31D6E4A967226E3BDDC02B C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_20B58AD20C31D6E4A967226E3BDDC02B.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_20DD3B9F3B0B9E24680530D0FFD031D3.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_2A40D446286C5DF479D7308B404C9B5C C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_2A40D446286C5DF479D7308B404C9B5C.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_37259496CDCF68A4CB7B945B403DBFE0 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_37259496CDCF68A4CB7B945B403DBFE0.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_4149C053C7D38EE4AB9A00CB3B5D2472 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_4149C053C7D38EE4AB9A00CB3B5D2472.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_421FCFDCF5116794B84F808C19781A64 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_421FCFDCF5116794B84F808C19781A64.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_4F53CAE362FF32144940B0B539AD5B07 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_4F53CAE362FF32144940B0B539AD5B07.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_536369864A419D844B13FDA3471DAA1E C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_536369864A419D844B13FDA3471DAA1E.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_564F5DA12828DAD49B750EC9B087D381 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_564F5DA12828DAD49B750EC9B087D381.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5B3B5BFE082A52E4EBC136E4FE3EC2B1 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5B3B5BFE082A52E4EBC136E4FE3EC2B1.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5F1BEE43939E1A046AAB5927284A2B8C C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_5F1BEE43939E1A046AAB5927284A2B8C.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_6786F822313A3A04190C3CBC6E99D790 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_6786F822313A3A04190C3CBC6E99D790.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_7956A0076EC31C94AA5748B642DC6AD6 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_7956A0076EC31C94AA5748B642DC6AD6.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_7E57FF1D24DDDFC40B25023BFF4FDE8B C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_7E57FF1D24DDDFC40B25023BFF4FDE8B.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8161EB2EF5FAD7F44848240E08DE6F90 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8161EB2EF5FAD7F44848240E08DE6F90.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_87627777F71810443910DED1108AAD65 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_87627777F71810443910DED1108AAD65.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F841731866D117AB7000B0D411203 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F841731866D117AB7000B0D411203.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D511001.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A5FDC4875D196B4AB6BF1118D293357 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_8A5FDC4875D196B4AB6BF1118D293357.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9040820900063D11C8EF00054038389C C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9040820900063D11C8EF00054038389C.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9399EE5EF9522ED40832C5941EA6F434 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9399EE5EF9522ED40832C5941EA6F434.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9EC9653600AFC964FAC55E4D9DA3FC19.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_A7AC98670721A5249995BEC42BE52AA9 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_A7AC98670721A5249995BEC42BE52AA9.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_ABE1051053CEF9F48898B33E645EAD31 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_ABE1051053CEF9F48898B33E645EAD31.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_b25099274a207264182f8181add555d0 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_BC0F80924D1CF744792AFC1C539C8F4D C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_BC0F80924D1CF744792AFC1C539C8F4D.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CBA921A9A35A90242AE15DEDFD7BCC8A C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CBA921A9A35A90242AE15DEDFD7BCC8A.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CD9D8124B2826954EB5A2F50061C4400 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CD9D8124B2826954EB5A2F50061C4400.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CED779E54BB57C44F95E39752DBDF4BC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CED779E54BB57C44F95E39752DBDF4BC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CF9EBF42E0C61224EA14554AB0FE9EF3 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_CF9EBF42E0C61224EA14554AB0FE9EF3.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D2BD2673DB17F124E9557CD47AFDD470 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D2BD2673DB17F124E9557CD47AFDD470.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D3BD5C29F6D94234BB117528F5C46253 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D3BD5C29F6D94234BB117528F5C46253.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D6CA77789F9839742866ED04F643E398 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D6CA77789F9839742866ED04F643E398.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_D9BD4ABD15EE44944A9189BAF121948C.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DA8248E22DC6130419A6C39FBB2FED9C C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DA8248E22DC6130419A6C39FBB2FED9C.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DBC8D038866C2e949A962C2C0136230E C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DBC8D038866C2e949A962C2C0136230E.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DD56A646CF32E8149B0F0E05F04BC21B C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DD56A646CF32E8149B0F0E05F04BC21B.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DF5E4AFA07DE29D4990D61F25DD69C68 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_DF5E4AFA07DE29D4990D61F25DD69C68.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_EE3C5F35DE50038499B4052B0F5DF0EC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F37F4B571BE46214EAB436F9C36E4E11 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F37F4B571BE46214EAB436F9C36E4E11.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F525BD4F689A94249BB8248A602615AC C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F525BD4F689A94249BB8248A602615AC.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F9C52DA77599C1D459FEB9DC906F3DB1 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_F9C52DA77599C1D459FEB9DC906F3DB1.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_FE2DACC32FFC736428AAAAFB7320283D C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_FE2DACC32FFC736428AAAAFB7320283D.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_FEBC66FB480D078458CF0153E11D12D3 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_FEBC66FB480D078458CF0153E11D12D3.dll C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_AABE7949DA786E14E86D1E5E92597AC6 C:\Documents and Settings\All Users\Programdata\SecTaskMan\icn_AABE7949DA786E14E86D1E5E92597AC6.dll C:\WINDOWS\system32\msupdte.exe . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-12 11:23 . 2008-06-12 11:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-12 11:22 . 2008-06-13 16:12 <DIR> d----c--- C:\Documents and Settings\XXX\.housecall6.6 2008-06-12 11:03 . 2008-06-13 18:00 <DIR> dr-h-c--- C:\Documents and Settings\XXX\Siste 2008-06-11 09:37 . 2008-06-11 09:37 <DIR> d-------- C:\Documents and Settings\XXX\Programdata\Uniblue 2008-06-11 09:07 . 2008-04-14 18:01 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 09:07 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-02 16:53 . 2008-06-02 16:53 <DIR> d-------- C:\Documents and Settings\XXX\Programdata\Youdagames 2008-05-17 22:05 . 2008-05-17 22:05 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-17 22:05 . 2008-05-17 22:05 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-17 21:46 . 2008-04-14 18:22 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-05-17 21:45 . 2008-04-14 18:21 651,264 --------- C:\WINDOWS\system32\dot3ui.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 15:10 --------- d-----w C:\Programfiler\PokerStars 2008-06-12 10:42 --------- dc----w C:\Documents and Settings\All Users\Programdata\MumboJumbo 2008-06-12 09:03 --------- dc----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-12 09:00 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-06-11 20:56 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-06-07 22:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-03 17:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-30 22:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-30 22:06 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-30 22:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-30 22:06 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-30 22:06 --------- d-----w C:\Programfiler\Symantec 2008-05-24 11:51 --------- d-----w C:\Documents and Settings\XXX\Programdata\U3 2008-05-17 20:53 724,520 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-05-14 23:02 --------- dc----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-08 14:02 203,136 ---ha-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,291,264 ---ha-w C:\WINDOWS\system32\quartz.dll 2008-05-06 19:30 --------- d-----w C:\Programfiler\AGEIA Technologies 2008-05-06 19:29 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-05 00:02 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-26 17:41 --------- d-----w C:\Programfiler\PartyGaming 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-14 16:39 1,804 ---ha-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ---ha-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ---ha-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ---ha-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ------w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ---ha-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 3,584 ---ha-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ---ha-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ---ha-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ---ha-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ---ha-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 16:01 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:56 73,344 ---ha-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ---ha-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ---ha-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ---ha-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ---ha-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,190,720 ---ha-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,067,584 ---ha-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ---ha-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ---ha-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ---ha-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ---ha-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ---ha-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 40,576 ---ha-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ------w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ---ha-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ---ha-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ---ha-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ---ha-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ---ha-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 1,845,632 ---ha-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ---ha-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ---ha-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ---ha-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ---ha-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ---ha-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ---ha-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:39 103,424 ---ha-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 15:38 22,912 ---ha-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ---ha-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ---ha-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ------w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ---ha-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ---ha-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ---ha-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ---ha-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ---ha-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ---ha-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ---ha-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ---ha-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ---ha-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ---ha-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ---ha-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ---ha-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ---ha-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ---ha-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ---ha-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ---ha-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:15 60,800 ---ha-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ---ha-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ---ha-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ---ha-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ---ha-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ---ha-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ---ha-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ---ha-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ---ha-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ---ha-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ---ha-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ---ha-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ---ha-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ---ha-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ---ha-w C:\WINDOWS\system32\drivers\nwlnkipx.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-13_17.29.24,68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-13 14:16:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-13 15:50:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "DAEMON Tools Lite"="C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2001-12-20 01:59 204800] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42 35328] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2004-06-20 23:41 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816] "osCheck"="C:\Programfiler\Norton AntiVirus\osCheck.exe" [2007-01-14 09:11 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 03:01 644696] "CanonMyPrinter"="C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 03:50 1603152] "Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:22 15360] "PopupJammer"="C:\PROGRAM FILES\ADVANCED SEARCHBAR\JAMMER.EXE" [ ] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-22 00:03 185632 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BitTorrent\\btdownloadgui.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Verktøy\\iMesh\\iMesh.exe"= "C:\\Verktøy\\BitTorrent 4.1.6\\bittorrent.exe"= "C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"= "C:\\Verktøy\\BitTorrent 4.4.1\\bittorrent.exe"= "C:\\Verktøy\\BitTurrent\\bittorrent.exe"= "C:\\Verktøy\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Verktøy\\PartyPoker\\PartyGaming.exe"= "C:\\Verktøy\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Verktøy\\Realplayer\\realplay.exe"= "C:\\Verktøy\\bitcomet\\BitComet.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Fellesfiler\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Games\\Rise Of Nations [PC][www.zonatorrent.com]\\Rise\\rise.exe"= "C:\\Verktøy\\SopCast\\SOP\\SopCast\\SopCast.exe"= "C:\\Verktøy\\SopCast\\SOP\\SopCast\\adv\\SopAdver.exe"= "C:\\Verktøy\\Skype\\Phone\\Skype.exe"= "C:\\Games\\Football.Manager.2008.CloneCD-NETSHOW\\FM2008\\fm.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2main.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2main_amdxp.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwupdate.exe"= "C:\\Games\\Neverwinter.Nights.2-RELOADED\\NN2\\nwn2server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17151:TCP"= 17151:TCP:BitComet 17151 TCP "17151:UDP"= 17151:UDP:BitComet 17151 UDP "443:TCP"= 443:TCP:443 "2147:TCP"= 2147:TCP:2147 "8227:TCP"= 8227:TCP:BitComet 8227 TCP "8227:UDP"= 8227:UDP:BitComet 8227 UDP R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 08:14] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-12 19:27] S3 ldiskl;ldiskl;C:\DOCUME~1\FARSHI~1\LOKALE~1\Temp\ldiskl.sys [] S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [] S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [] S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [] S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [] S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aefdba2-6f86-11dc-a77a-0040ca6ca656}] \Shell\AutoRun\command - H:\Launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da77df0a-eb2d-11db-a689-0040ca6ca656}] \Shell\AutoRun\command - F:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder "2008-06-09 18:25:11 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - XXX.job" - C:\Programfiler\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 18:05:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-06-13 18:07:06 ComboFix-quarantined-files.txt 2008-06-13 16:06:54 ComboFix2.txt 2008-06-13 15:30:35 Pre-Run: 11,663,904,768 byte ledig Post-Run: 11,643,809,792 byte ledig 436 --- E O F --- 2008-05-16 20:30:41 skal kjøre CCleaner nå... Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:20:07, on 13.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\UAService7.exe C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Verktøy\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cpfc.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Verktøy\bitcomet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Verktøy\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O15 - Trusted Zone: http://Download.Windowsupdate.com O16 - DPF: DigiChat Applet - http://67.15.74.240/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161557629671 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1....80_20060123.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 11348 bytes Lenke til kommentar
snippsat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Verktøy\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1....80_20060123.cab --- Se om du finner loggen fra Sas. --- Restart og en ny hijackthis logg. --- Ny runde med CCleaner. --- Auslogics Disk Defrag + Free Registry Defrag --- Si litt om pcen greit etter dette. Endret 13. juni 2008 av SNIPPSAT Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 det tar sin tid med SAS må jeg si... :!: den har funnet 28 trusler allerede og har fortsatt litt igjen å scanne. Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 - her er loggen etter å ha fixet de 6 linjene - SAS kjører fortsatt - starter med CCleaner nå Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:53, on 13.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\UAService7.exe C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Verktøy\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cpfc.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Verktøy\bitcomet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Verktøy\Deamon 3.47\DAEMON Tools\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Verktøy\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O15 - Trusted Zone: http://Download.Windowsupdate.com O16 - DPF: DigiChat Applet - http://67.15.74.240/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161557629671 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 10516 bytes Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 tror SAS fikset problemet. måtte restarte maskinen etter scanning og feilmeldingen og 1.exe filen er borte. jeg skal fullføre resten av veiledningen din også... forresten, her er SAS loggen (erstatter et navn med XXX. har ingenting med porno å gjøre) : SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/13/2008 at 07:05 PM Application Version : 4.15.1000 Core Rules Database Version : 3481 Trace Rules Database Version: 1472 Scan type : Complete Scan Total Scan Time : 00:48:34 Memory items scanned : 452 Memory threats detected : 0 Registry items scanned : 7077 Registry threats detected : 2 File items scanned : 23270 File threats detected : 26 Adware.MyWay HKU\S-1-5-21-1287674937-121780889-994613446-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} Adware.Tracking Cookie C:\Documents and Settings\XXX\Cookies\[email protected][2].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@indextools[3].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\[email protected][2].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@tribalfusion[3].txt C:\Documents and Settings\XXX\Cookies\XXX@sextv1[1].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@adtech[1].txt C:\Documents and Settings\XXX\Cookies\XXX@revenue[2].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@serving-sys[1].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\[email protected][4].txt C:\Documents and Settings\XXX\Cookies\XXX@imrworldwide[2].txt C:\Documents and Settings\XXX\Cookies\XXX@overture[2].txt C:\Documents and Settings\XXX\Cookies\[email protected][2].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@indextools[2].txt C:\Documents and Settings\XXX\Cookies\XXX@overture[1].txt C:\Documents and Settings\XXX\Cookies\[email protected][2].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt C:\Documents and Settings\XXX\Cookies\XXX@tribalfusion[1].txt C:\Documents and Settings\XXX\Cookies\[email protected][1].txt Adware.180solutions/Seekmo HKCR\AppId\SeekmoTB.DLL setter stooOO00OOoor pris på hjelpen jeg har fått av deg. er det mulig å se i noen av loggene på hvordan maskinen evt. ble smittet? Lenke til kommentar
snippsat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 (endret) 1.exe ble slette av combofix + noen andre filer. noen av loggene på hvordan maskinen evt. ble smittet? Nei akkurat når og hvordan du ble smittet kan en ikke se. Bare hva du er blitt smittet med. Endret 13. juni 2008 av SNIPPSAT Lenke til kommentar
Coreless Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 oki, thnx alot for hjelpen... keep up the great work. Lenke til kommentar
snippsat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 Bruk pcen litt kjører den greit,gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå