vetting Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 (endret) Hei. Har fått så treg pc, og lurer på om det er noe muffins her. Søkte med AVG og fant dette: Trojan horse Generic10.ANYX Fikk slettet dette, tror jeg. Men her er hijackthis-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:09:28, on 17.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\MSI\System Control Manager\MGSysCtrl.exe C:\Programfiler\Notebook Hardware Control\nhc.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\ControlCenter2\brctrcen.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [intelZeroConfig] C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Programfiler\MSI\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programfiler\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Statusovervåkning.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 8840 bytes Og her er combofix-loggen: ComboFix 08-06-16.5 - Øystein Vetting 2008-06-17 22:11:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.388 [GMT 2:00] Running from: C:\Documents and Settings\Øystein Vetting\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))) . 2008-06-17 22:08 . 2008-06-17 22:08 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-17 17:53 . 2008-06-17 22:09 <DIR> dr-h----- C:\Documents and Settings\Øystein Vetting\Siste 2008-06-17 17:53 . 2008-06-17 22:09 <DIR> dr-h----- C:\Documents and Settings\Øystein Vetting\Siste 2008-06-13 16:23 . 2008-06-13 16:23 268 --ah----- C:\sqmdata00.sqm 2008-06-13 16:23 . 2008-06-13 16:23 244 --ah----- C:\sqmnoopt00.sqm 2008-06-11 10:06 . 2008-04-14 18:01 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 10:06 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Documents and Settings\Øystein Vetting\Programdata\SUPERAntiSpyware.com 2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-03 21:26 . 2008-06-03 21:26 <DIR> d-------- C:\Programfiler\Lavasoft 2008-06-03 18:32 . 2004-10-29 01:47 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-06-03 18:32 . 2007-09-22 21:31 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-06-03 18:32 . 2004-10-29 02:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-06-03 18:32 . 2004-10-29 01:47 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-06-03 18:32 . 2007-09-22 21:31 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel 2008-06-03 18:32 . 2008-06-03 18:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-06-03 18:32 . 2007-09-22 21:31 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-06-03 18:32 . 2004-10-29 01:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-06-03 18:32 . 2008-06-17 22:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-06-03 18:32 . 2007-09-22 21:31 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-06-03 18:32 . 2004-10-29 02:14 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-02 17:29 . 2008-06-02 17:29 <DIR> d-------- C:\Programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 11:30 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-17 10:01 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-06-17 10:00 20,128 ----a-w C:\WINDOWS\system32\MGHwTemp.sys 2008-06-16 13:45 --------- d-----w C:\Programfiler\Opera 2008-06-07 16:26 --------- d-----w C:\Programfiler\Clue 2008-06-03 21:16 --------- d-----w C:\Programfiler\Canon 2008-06-03 19:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-06-03 16:19 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-06-03 16:01 --------- d-----w C:\Programfiler\Windows Live 2008-06-03 16:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-06-01 17:54 --------- d-----w C:\Documents and Settings\Øystein Vetting\Programdata\EndNote 2008-05-21 17:21 23,456 ----a-w C:\Documents and Settings\Øystein Vetting\Programdata\GDIPFONTCACHEV1.DAT 2008-05-20 09:56 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-12 11:48 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-05-12 11:46 --------- d-----w C:\Documents and Settings\Øystein Vetting\Programdata\AdobeUM 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-25 09:06 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-04-25 09:06 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-04-25 09:06 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-04-25 09:05 --------- d-----w C:\Programfiler\AVG 2008-04-25 09:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-04-23 09:58 --------- d-----w C:\Programfiler\Norman 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-17 11:06 --------- d-----w C:\Programfiler\PokerStars 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:53 2,190,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,067,584 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:39 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:40 389,120 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 18:37 2,909,184 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-13 18:35 189,440 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2007-12-10 17:14 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 12:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 12:31 126976] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 21:46 401408] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 00:31 385024] "EOUApp"="C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 21:50 356352] "AGRSMMSG"="AGRSMMSG.exe" [2005-08-01 17:00 88363 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-07-15 19:32 102400] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-07-15 19:31 606208] "MGSysCtrl"="C:\Programfiler\MSI\System Control Manager\MGSysCtrl.exe" [2005-07-25 11:41 167936] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "NotebookHardwareControl"="C:\Programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 14:30 45056] "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 17:09 118784] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-11-18 17:54 185896] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 36864 C:\WINDOWS\system32\P0630Pin.dll] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 16:03 57393] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 16:15 40960] "SetDefPrt"="C:\Programfiler\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02 49152] "ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42 933888] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 11:05 1177368] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Statusoverv†kning.lnk - C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe [2008-03-16 15:22:31 802816] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 21:46 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VPN Client.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\VPN Client.lnk backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\RMEDIA.SYS [2003-10-20 21:09] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 11:06] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-25 11:05] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 11:05] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-25 11:06] R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\System32\Drivers\MGHwCtrl.sys [2007-09-22 12:22] S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 03:44] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 22:14:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-17 22:16:06 ComboFix-quarantined-files.txt 2008-06-17 20:15:47 Pre-Run: 59,412,008,960 byte ledig Post-Run: 59,430,723,584 byte ledig 191 --- E O F --- 2008-06-11 13:56:11 Endret 19. juni 2008 av timmy84 Lenke til kommentar
norbat Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 Ser ikke noe tegn til malware i loggene. Ble den plutselig treg eller har den gradvis blitt tregere (før/etter at AVG fant malwaren) Lenke til kommentar
vetting Skrevet 17. juni 2008 Forfatter Del Skrevet 17. juni 2008 Ser ikke noe tegn til malware i loggene.Ble den plutselig treg eller har den gradvis blitt tregere (før/etter at AVG fant malwaren) Den har vært treg en stund nå.... Å fant malwaren først i dag. Lenke til kommentar
norbat Skrevet 17. juni 2008 Del Skrevet 17. juni 2008 Avinstaller program du ikke bruker Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Sjekk om det er programmer som ikke behøver å starte opp sammen med windows: klikk: start->kjør skriv: msconfig Velg arkfanen Oppstart. Fjern avmerkingen framfor de programmene du ikke trenger i oppstarten. Lenke til kommentar
vetting Skrevet 17. juni 2008 Forfatter Del Skrevet 17. juni 2008 (endret) Avinstaller program du ikke bruker Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Sjekk om det er programmer som ikke behøver å starte opp sammen med windows: klikk: start->kjør skriv: msconfig Velg arkfanen Oppstart. Fjern avmerkingen framfor de programmene du ikke trenger i oppstarten. Her er det mange prog jeg ikke vet hva er... Er det noe jeg ikke bør fjerne? Er det noen i den listen som må være der? Har kjørt CCleaner... Endret 18. juni 2008 av timmy84 Lenke til kommentar
vetting Skrevet 18. juni 2008 Forfatter Del Skrevet 18. juni 2008 Legger ved et bilde over programmene som er i listen.... Lenke til kommentar
r2d290 Skrevet 18. juni 2008 Del Skrevet 18. juni 2008 Fjern alt fra lista som du vet hva er og som du vet du ikke trenger. Ikke fjern det du ikke kjenner til. Hvordan fungerer pc-en din etter at du har fått fjernet den trojanen, og kjørt CCleaner? Er det noen forbedringer? Lenke til kommentar
snippsat Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 (endret) Fjern ad-adware og spybot bruk kun sas. --- Kjør ccleaner igjen husk kjør registrenser til alle feil er borte. --- Dette kan du fjerne fra oppstart. C:\WINDOWS\system32\igfxtray.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot C:\WINDOWS\system32\CTFMON.EXE(alle) C:\WINDOWS\system32\NeroCheck.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Microsoft Office\Office10\OSA.EXE C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe --- Defragmering. Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag --- Fortsatt treg sjekk om det er en prosess som tar mye av cpu kraft. Er det en poster du navn,bruk process explorer. Process Explorer Bedere oversikt over alt som starter opp. AutoRuns --- Sjekk at hdd yter som den skal Hd Tune Endret 19. juni 2008 av SNIPPSAT Lenke til kommentar
vetting Skrevet 19. juni 2008 Forfatter Del Skrevet 19. juni 2008 Da har jeg fjernet: C:\WINDOWS\system32\igfxtray.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot C:\WINDOWS\system32\CTFMON.EXE(alle) C:\WINDOWS\system32\NeroCheck.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Microsoft Office\Office10\OSA.EXE C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe pluss resten av Brotherprogrammene. Jeg synes pcen fungerer bedre nå Er de som er igjen på listen noe man må ha, eller er det noe man fortsatt kan fjerne? Fjern ad-adware og spybot bruk kun sas.--- Kjør ccleaner igjen husk kjør registrenser til alle feil er borte. --- Dette kan du fjerne fra oppstart. C:\WINDOWS\system32\igfxtray.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot C:\WINDOWS\system32\CTFMON.EXE(alle) C:\WINDOWS\system32\NeroCheck.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Microsoft Office\Office10\OSA.EXE C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe --- Defragmering. Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag --- Fortsatt treg sjekk om det er en prosess som tar mye av cpu kraft. Er det en poster du navn,bruk process explorer. Process Explorer Bedere oversikt over alt som starter opp. AutoRuns --- Sjekk at hdd yter som den skal Hd Tune Lenke til kommentar
snippsat Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 (endret) Det er opp til deg hva du vil ha med i oppstart. Last ned prosessscanner så får du en greit oversikt hva programme som starter opp gjør. http://www.processlibrary.com/processscan/ Endret 19. juni 2008 av SNIPPSAT Lenke til kommentar
vetting Skrevet 19. juni 2008 Forfatter Del Skrevet 19. juni 2008 Ok Takk for all hjelp Lenke til kommentar
r2d290 Skrevet 19. juni 2008 Del Skrevet 19. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå