Kazento Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 (endret) Kan noen sjekke om jeg har noe spyware OSV.? Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-20.4 - Kazento 2008-06-25 0:39:43.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.929 [GMT 2:00] Running from: C:\Users\Kazento\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Windows\loader.exe C:\Windows\system32\hljwugsf.bin C:\Windows\system32\MSINET.oca C:\Windows\system32\pac.txt . ((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-24 22:42 --------- d-----w C:\Users\Kazento\AppData\Roaming\Azureus 2008-06-24 22:37 --------- d-----w C:\Users\Kazento\AppData\Roaming\DNA 2008-06-24 21:31 --------- d-----w C:\Program Files\Trend Micro 2008-06-24 21:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-06-24 21:05 --------- d-----w C:\Users\Kazento\AppData\Roaming\uTorrent 2008-06-24 20:38 --------- d-----w C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com 2008-06-24 20:38 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-06-24 20:38 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-06-24 20:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-24 20:21 --------- d-----w C:\Program Files\RM Converter 2008-06-21 13:42 623 ----a-w C:\Users\Kazento\128.bat 2008-06-20 12:50 --------- d-----w C:\Users\Kazento\AppData\Roaming\Media Player Classic 2008-06-20 12:50 --------- d-----w C:\Program Files\Real Alternative 2008-06-20 10:45 --------- d-----w C:\Program Files\Azureus 2008-06-19 11:27 --------- d-----w C:\Program Files\uTorrent 2008-06-18 11:34 --------- d-----w C:\Users\Kazento\AppData\Roaming\.BitTornado 2008-06-18 11:34 --------- d-----w C:\Program Files\BitTornado 2008-06-18 11:33 --------- d-----w C:\Program Files\BitComet 2008-06-12 12:31 --------- d-----w C:\Program Files\Windows Mail 2008-06-11 10:23 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-10 11:47 --------- d-----w C:\Program Files\World of Warcraft 2008-06-04 22:47 --------- d-----w C:\Users\Kazento\AppData\Roaming\Skype 2008-06-04 22:03 --------- d-----w C:\Users\Kazento\AppData\Roaming\skypePM 2008-05-31 17:57 --------- d-----w C:\ProgramData\Futuremark 2008-05-31 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 17:51 --------- d-----w C:\Program Files\Common Files\Futuremark Shared 2008-05-31 17:49 --------- d-----w C:\Program Files\Futuremark 2008-05-31 17:49 --------- d-----w C:\Program Files\AGEIA Technologies 2008-05-26 22:56 --------- d-----w C:\Program Files\ATI 2008-05-26 22:28 --------- d-----w C:\Program Files\Microsoft DirectX SDK (March 2008) 2008-05-26 21:36 --------- d-----w C:\ProgramData\ATI 2008-05-26 21:32 --------- d-----w C:\Program Files\ATI Technologies 2008-05-26 21:24 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-05-26 18:36 --------- d-----w C:\ProgramData\Media Center Programs 2008-05-26 17:54 --------- d-----w C:\Program Files\Funcom 2008-05-26 17:52 --------- d-----w C:\ProgramData\Funcom 2008-05-24 23:30 --------- d-----w C:\ProgramData\Marginal Team 2008-05-19 12:41 --------- d-----w C:\Program Files\Western Digital Technologies 2008-05-15 13:46 --------- d-----w C:\Users\Kazento\AppData\Roaming\teamspeak2 2008-05-12 16:30 3,592,704 ----a-w C:\Windows\system32\drivers\atikmdag.sys 2008-05-12 15:56 397,312 ----a-w C:\Windows\System32\ATIDEMGX.dll 2008-05-12 15:55 43,520 ----a-w C:\Windows\System32\ati2edxx.dll 2008-05-12 15:55 327,680 ----a-w C:\Windows\System32\atipdlxx.dll 2008-05-12 15:55 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll 2008-05-12 15:55 262,144 ----a-w C:\Windows\System32\Oemdspif.dll 2008-05-12 15:55 159,744 ----a-w C:\Windows\System32\atitmmxx.dll 2008-05-12 15:53 675,840 ----a-w C:\Windows\System32\Ati2evxx.exe 2008-05-12 15:45 1,554,944 ----a-w C:\Windows\System32\atidxx32.dll 2008-05-12 15:40 3,101,184 ----a-w C:\Windows\System32\atiumdag.dll 2008-05-12 15:26 9,994,240 ----a-w C:\Windows\System32\atioglxx.dll 2008-05-12 15:23 4,291,584 ----a-w C:\Windows\System32\atiumdva.dll 2008-05-12 15:11 48,640 ----a-w C:\Windows\System32\amdpcom32.dll 2008-05-12 15:11 19,968 ----a-w C:\Windows\System32\atiadlxx.dll 2008-05-12 14:56 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll 2008-05-10 18:31 --------- d-----w C:\Program Files\Warcraft III 2008-05-10 13:56 2,829 ----a-w C:\Windows\War3Unin.pif 2008-05-10 13:56 139,264 ----a-w C:\Windows\War3Unin.exe 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-02 02:45 --------- d-----w C:\Program Files\Ultra MPEG-4 Converter 2008-04-29 18:30 --------- d-----w C:\Program Files\DNA 2008-04-29 12:23 --------- d-----w C:\Program Files\Common Files\Steam 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 21:39 --------- d-----w C:\Program Files\Java 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-03-14 18:13 22,328 ----a-w C:\Users\Kazento\AppData\Roaming\PnkBstrK.sys 2008-02-28 15:02 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-28 15:02 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-23 23:17 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-24 01:01 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-04-05 20:28 1271032] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 16:12 289088] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "LSA Shellu"="C:\Users\Kazento\lsass.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3195349631-297410775-901768349-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A13D277D-AC77-4C35-ADE5-BEA886E4687F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{29C380A4-0AED-4051-BA3D-77210952B34B}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{435844A3-7C39-49E9-A327-4759F0613CF3}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{E5A39CDD-8EE6-4AC1-8F21-3A0699774B66}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D271E86D-CE2B-4187-91A1-E0CE73C0432F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C5245F7B-1375-41E4-97B9-70FE555C5F51}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A8FCE03B-6471-440D-BD49-367F667ECB4A}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{9D12587D-AF71-4EA4-A510-ADD3651491D1}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP "{DBB1E142-B683-4E8B-A50E-6BA9D484270D}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP "{16E3D406-B45F-4A98-A906-2A4744271F81}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{DAB67281-E420-40C1-A9DC-50FC7AA2AE06}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{EFB97342-90BF-40EA-B6BC-FC9315C93B97}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{133E258F-818B-458D-9173-4C23092E97D7}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{5C2D0C32-BCE3-45EC-92F8-D9FFC80FD825}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{2524F9E7-8357-41E2-88A1-0FC634A2DB0B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{6BE538D0-E7CC-47CB-84E4-64FC52D929FE}"= UDP:C:\UT2004\System\UT2004.exe:UT2004 "{F270AD44-A36D-46A3-8C00-71087A5927CA}"= TCP:C:\UT2004\System\UT2004.exe:UT2004 "{AA25AB95-EF59-460A-9522-73478E7DCF08}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{6D3CFB91-D95B-4924-ADDF-BACD0EE882DB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{85EE770F-DA85-4B5E-91AB-1537623EB627}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{E557E04B-9355-41FB-930C-901E7D05B7BD}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9EB32458-1EA5-4688-826B-BD19CF6085F3}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{8C27DE75-812B-4E73-8447-37EC02BB4302}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{78A96D62-01D4-47A3-A5C5-0C973DD4A7DF}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{29A1DA0C-4F39-450D-9B08-22FBCE542A09}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{D232C38E-518B-45EF-96CF-9405BDB0D231}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{79CCC63A-97F1-4F32-B292-841BE463F3F7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{841EB9EE-446C-48B9-A69C-F4FCE2128085}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{C9C60A5B-F5AC-43CF-BE68-AE79D3B65339}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{EBDBFC21-7822-41A4-9EB1-43CD18F5ED5A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{9120603E-0C8E-4E02-BB93-9464A4921D94}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{6CB62496-AA59-4D3B-A829-C2F45310D6EA}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{8260C2CF-E1D1-4BC3-900F-EEEA11178E9C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{A4A8F798-C058-42B0-8D2B-497FCE40A182}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{4CF00EF7-0BDC-4684-86E5-AFA7DA4CA432}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{AABB82DA-A9A4-4275-A932-FA3412B34622}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{DBBEDC14-EFA8-49C0-9612-887F0D1FEC13}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{6C37852E-5FEC-440C-BDD1-A1CFFE2FA07A}"= UDP:9272:BitComet 9272 TCP "{0946EF08-D1E0-4688-A7FC-6DF177BD5C33}"= TCP:9272:BitComet 9272 UDP "TCP Query User{3293CEB3-3833-4B7F-BFAF-4E8EE8A72AE9}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{AFD7BB94-41FF-4981-95C5-AF89D54BE9D0}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{3CC1FBAA-1AFB-452C-85FD-0CAFCBCE4090}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{0B67C11C-2436-496C-BD55-29CD12CB6FA7}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{24022713-32CE-4A92-861F-2D48D7E08CF5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{1E166229-0C4D-42B7-BA3A-8FC686E0B9C3}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-12 18:30] S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2008-02-24 00:14] S3 hamachi_oem;PlayLinc Adapter;C:\Windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-05 20:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949f8-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - F:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949fb-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - G:\OblivionLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949fc-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - H:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9574db-ed2c-11dc-94c8-001d7da5ce1f}] \shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3674282-f5d9-11dc-913d-001d7da5ce1f}] \shell\AutoRun\command - I:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6373085-e253-11dc-a9f8-806e6f6e6963}] \shell\AutoRun\command - D:\setup.exe /autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d47b88d8-e265-11dc-af8a-001d7da5ce1f}] \shell\Auto\command - E:\Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 00:42:29 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_BC58_5D55_585D_F8E\$db_clean$ 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-06-25 0:43:28 ComboFix-quarantined-files.txt 2008-06-24 22:43:24 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. 232 --- E O F --- 2008-06-24 19:57:47 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:17, on 24.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\OterLars.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe, O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Kazento\lsass.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7318 bytes Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/24/2008 at 11:02 PM Application Version : 4.15.1000 Core Rules Database Version : 3489 Trace Rules Database Version: 1480 Scan type : Complete Scan Total Scan Time : 00:22:43 Memory items scanned : 661 Memory threats detected : 2 Registry items scanned : 6520 Registry threats detected : 42 File items scanned : 23452 File threats detected : 65 Trojan.Unclassified/IFTUYSZV C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE Trojan.Unknown Origin C:\USERS\KAZENTO\LSASS.EXE C:\USERS\KAZENTO\LSASS.EXE [LSA Shellu] C:\USERS\KAZENTO\LSASS.EXE C:\Windows\Prefetch\LSASS.EXE-1E71D2C6.pf Trojan.Downloader-Gen/MROFIN [runner1] C:\WINDOWS\MROFINU1188.EXE C:\WINDOWS\MROFINU1188.EXE C:\WINDOWS\MROFINU1000106.EXE C:\WINDOWS\MROFINU1188.EXE.TMP Parasite.CoolWebSearch Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} C:\WINDOWS\OLEHELP.EXE HTMLCore Module BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} CoolWebSearch Parasite Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} Adware.CoolWebSearch HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} Browser Hijacker.Tubby HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} ClientMan BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} Adware.Adservs C:\Windows\system32\atmtd.dll._ C:\WINDOWS\SYSTEM32\ERT\RINACOMIT.EXE Trojan.Downloader-Gen/RetAd HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\Windows\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 ] Adware.Zango/ShoppingReport HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\win32 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\win32 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32 HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version HKU\S-1-5-21-3195349631-297410775-901768349-1000\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#SG_Not_Set C:\Program Files\ShoppingReport\Bin\2.5.0 C:\Program Files\ShoppingReport\Bin C:\Program Files\ShoppingReport Trojan.Fake-Drop/Gen C:\WINDOWS\ACCESSS.EXE C:\WINDOWS\AVPCC.DLL C:\WINDOWS\CLRSSN.EXE C:\WINDOWS\CPAN.DLL C:\WINDOWS\CTFMON32.EXE C:\WINDOWS\CTRLPAN.DLL C:\WINDOWS\DIRECTX32.EXE C:\WINDOWS\DNSRELAY.DLL C:\WINDOWS\EDITPAD.EXE C:\WINDOWS\EXPLORE.EXE C:\WINDOWS\EXPLORER32.EXE C:\WINDOWS\FUNNIEST.EXE C:\WINDOWS\FUNNY.EXE C:\WINDOWS\GFMNAAA.DLL C:\WINDOWS\HELPCVS.EXE C:\WINDOWS\INETINF.EXE C:\WINDOWS\INTERNET.EXE C:\WINDOWS\MSCONFD.DLL C:\WINDOWS\MSSPI.DLL C:\WINDOWS\MSSYS.EXE C:\WINDOWS\MSUPDATE.EXE C:\WINDOWS\MSWSC10.DLL C:\WINDOWS\MSWSC20.DLL C:\WINDOWS\MTWIRL32.DLL C:\WINDOWS\NOTEPAD32.EXE C:\WINDOWS\QTTASKS.EXE C:\WINDOWS\QUICKEN.EXE C:\WINDOWS\RUNDLL16.EXE C:\WINDOWS\SEARCHWORD.DLL C:\WINDOWS\SISTEM.EXE C:\WINDOWS\SVCHOST32.EXE C:\WINDOWS\SVCINIT.EXE C:\WINDOWS\TIME.EXE C:\WINDOWS\USERS32.EXE C:\WINDOWS\WAOL.EXE C:\WINDOWS\WIN64.EXE C:\WINDOWS\WINAJBM.DLL C:\WINDOWS\WINDOW.EXE C:\WINDOWS\WINMGNT.EXE C:\WINDOWS\X.EXE C:\WINDOWS\XPLUGIN.DLL C:\WINDOWS\Y.EXE Trojan.Dropper/ASTCTL32 C:\WINDOWS\ASTCTL32.OCX Rogue.LiveSecurityCenter-Trace C:\WINDOWS\DEFAULT.HTM Trojan.Downloader-Gen/Win C:\WINDOWS\IEDLL.EXE C:\WINDOWS\WIN32E.EXE Trojan.Unclassified/IExplorer-Fake C:\WINDOWS\IEXPLORER.EXE Trojan.Unclassified/Loader-Suspicious C:\WINDOWS\LOADER.EXE Trojan.CWS/VBE C:\WINDOWS\RUNDLL32.VBE Trojan.Downloader-Systeem C:\WINDOWS\SYSTEEM.EXE Rogue.Multi-Dropper/Installer C:\WINDOWS\SYSTEM32\RI\FUNTRSLL.EXE Trojan.Downloader-SystemCritcial/Fake Alert C:\WINDOWS\SYSTEMCRITICAL.EXE Trojan.Unclassified/XXXVid C:\WINDOWS\XXXVIDEO.HTA Endret 25. juni 2008 av Kazento Lenke til kommentar
r2d290 Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 (endret) Kjenner du til fila C:\Users\Kazento\128.bat ? Hvis du høyreklikker på fila, og trykker rediger/edit bør du få opp en notisblokk med innhold. Post innholdet i denne notisblokka. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Kazento\lsass.exe Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter restarter du maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Fortell også hvordan maskinen din oppfører seg nå. Endret 24. juni 2008 av r2d290 Lenke til kommentar
Kazento Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 (endret) Kjenner du til fila C:\Users\Kazento\128.bat jeg så jeg hadde den. da jeg prøvde å klikke på den forsvant den. her er den nye loggfilen Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:12:35, on 25.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe C:\Program Files\Trend Micro\HijackThis\OterLars.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5644 bytes jeg tror Pcen kjører ganske bra nå.... har ikke merka noe spessielt... men jeg har ikke så god peiling Endret 24. juni 2008 av Kazento Lenke til kommentar
r2d290 Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 Looking good Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java (Ikke beta):http://java.sun.com/javase/downloads/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Vent til i morgen, og se om noen andre (Snippsat eller norbat) har svart. Hvis ikke, kan du gjøre følgende for å avinstallere programmene du har brukt: Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. The C:\Deckard mappe, hvis den eksisterer The C:_OtMoveIt mappe, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. SUPERAntiSpyware kan du velge å beholde, og bør oppdateres og kjøres regelmessig. Hvis du likavel ønsker å avinstallere det, kan du gjøre det fra legg til/fjern programmer. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Kazento Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 ummm... i nesten hele dag har jeg veldig ofte fått beskjed om at Internett Explorer har sluttet å virke Lenke til kommentar
norbat Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 I IE, velg Verktøy->Alternativer for Internett->Avansert Klikk: Tilbakestill... Se om ikke IE problemet forsvant. Lenke til kommentar
Kazento Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 jeg får ikke en gang opna IE Lenke til kommentar
Kazento Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 og det virker som SUPERAntiSpyware finner nye ting hele tiden Lenke til kommentar
r2d290 Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 HVA finner Superantispyware? Er det bare Cookies? Lenke til kommentar
Kazento Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 Trojanere og adaware Lenke til kommentar
r2d290 Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 (endret) Post nye logger, så ser vi hvordan det ser ut nå... (combofix, sas og hjt) edit: norbat, vil det fungere med systemgjenoppretting for å fikse IE, tror du? Endret 25. juni 2008 av r2d290 Lenke til kommentar
Kazento Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 Tusen takk for hjelpen.... jeg vill tro jeg fikk ordna dem siste problema selv ^^ Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå