halvorg Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 (endret) Har kjørt CCcleaner etc og gjort som sticky posten sa. (Jeg har egentlig ingen symptomer eller noe spesielle problemer, men det er en good stund siden jeg formaterte sist.) CCcleaner sa den fjerna 3gb? det kan da ikke stemme? HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13:32, on 25.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Programfiler\Seagate\Basics\Service\SyncServicesBasics.exe D:\Programfiler\Bonjour\mDNSResponder.exe D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\NetLimiter 2 Pro\NLClient.exe D:\WINDOWS\system32\wscntfy.exe D:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe D:\Programfiler\Analog Devices\SoundMAX\Smax4.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\Programfiler\QuickTime\qttask.exe D:\Programfiler\MSN Messenger\MsnMsgr.Exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\DAEMON Tools Lite\daemon.exe D:\Programfiler\Last.fm\LastFMHelper.exe D:\Programfiler\MSN Messenger\usnsvc.exe D:\Programfiler\mIRC\mirc.exe D:\Programfiler\Winamp\winamp.exe D:\Programfiler\Last.fm\LastFM.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe D:\WINDOWS\system32\cmd.exe D:\Programfiler\Opera\opera.exe D:\Documents and Settings\halvorg\Skrivebord\haithar\haithar.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] D:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [basicsmssmenu] "D:\Programfiler\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "d:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [updateMgr] "D:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [skype] "D:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = D:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161441783886 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Basics Service - Seagate Technology LLC - D:\Programfiler\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Programfiler\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - D:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - D:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7015 bytes Combofix log: ComboFix 08-06-20.4 - halvorg 2008-06-25 12:21:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.512 [GMT 2:00] Running from: D:\Documents and Settings\halvorg\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))) . 2008-06-25 07:59 . 2008-06-25 07:59 <DIR> dr-h----- D:\Documents and Settings\halvorg\Siste 2008-06-25 07:59 . 2008-06-25 07:59 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-25 07:58 . 2008-06-25 07:58 <DIR> d-------- D:\Programfiler\SUPERAntiSpyware 2008-06-25 07:58 . 2008-06-25 07:58 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\SUPERAntiSpyware.com 2008-06-24 05:28 . 2008-06-24 05:28 <DIR> d-------- D:\Documents and Settings\halvorg\pk3 2008-06-23 11:07 . 2008-06-23 11:07 <DIR> d-------- D:\WINDOWS\Adobe Illustrator CS 2008-06-19 06:14 . 2008-06-25 08:00 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\skypePM 2008-06-19 06:14 . 2008-06-19 06:14 56 --ah----- D:\WINDOWS\system32\ezsidmv.dat 2008-06-19 06:13 . 2008-06-19 06:13 <DIR> d-------- D:\Programfiler\Skype 2008-06-19 06:13 . 2008-06-19 06:13 <DIR> d-------- D:\Programfiler\Fellesfiler\Skype 2008-06-19 06:13 . 2008-06-25 09:13 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\Skype 2008-06-19 06:13 . 2008-06-19 06:13 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Skype 2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\SPORE Creature Creator 2008-06-18 02:51 . 2008-06-18 02:51 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Avg7 2008-06-15 23:51 . 2008-06-15 23:51 <DIR> d-------- D:\WINDOWS\Sun 2008-06-11 19:59 . 2008-06-11 19:59 <DIR> d-------- D:\Programfiler\TeamViewer3 2008-06-11 19:59 . 2008-06-11 20:09 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\TeamViewer 2008-06-11 19:58 . 2008-06-11 19:58 <DIR> d-------- D:\Documents and Settings\halvorg\temp 2008-06-06 13:01 . 2008-06-06 13:01 <DIR> d-------- D:\Programfiler\Q3E Minimizer v1.50 2008-06-05 15:55 . 2008-06-12 23:15 <DIR> d-------- D:\Documents and Settings\halvorg\Programdata\Quake3 2008-06-03 04:36 . 2008-06-03 04:38 265 --a------ D:\thisworks.py 2008-06-01 11:57 . 2008-06-01 11:57 118 --a------ D:\HAIGAISE.py 2008-06-01 07:05 . 2008-06-14 16:05 <DIR> d-------- D:\Documents and Settings\halvorg\.idlerc 2008-06-01 06:45 . 2008-06-01 06:46 <DIR> d-------- D:\Python25 2008-05-31 23:32 . 2008-05-31 23:33 70,719 --a------ D:\ifthisworksideservecookies.pk3 2008-05-31 23:31 . 2008-05-31 23:31 617 --a------ D:\zzshader.shader 2008-05-31 23:30 . 2007-08-23 20:54 576,516 --a------ D:\zzzzzzlolzsorb.pk3 2008-05-31 23:08 . 2008-05-31 23:08 890,616 --a------ D:\dfwc01-5_converted.map 2008-05-31 11:08 . 2008-06-05 15:37 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\TrackMania . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-25 10:28 --------- d-----w D:\Documents and Settings\halvorg\Programdata\Hamachi 2008-06-25 10:26 --------- d-----w D:\Programfiler\mIRC 2008-06-25 06:47 --------- d-----w D:\Programfiler\Steam 2008-06-25 06:33 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP 2008-06-25 05:57 --------- d-----w D:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-24 04:38 --------- d-----w D:\Documents and Settings\halvorg\Programdata\gtk-2.0 2008-06-23 09:09 --------- d-----w D:\Programfiler\Fellesfiler\Adobe 2008-06-23 09:08 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2008-06-23 09:06 --------- d-----w D:\Documents and Settings\halvorg\Programdata\uTorrent 2008-06-18 00:53 --------- d-----w D:\Programfiler\Nokia 2008-06-17 21:28 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-17 21:28 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2008-06-17 17:16 --------- d-----w D:\Programfiler\Opera 2008-06-17 03:38 --------- d-----w D:\Documents and Settings\halvorg\Programdata\Warsow 2008-06-10 06:11 --------- d-----w D:\Documents and Settings\halvorg\Programdata\OpenOffice.org2 2008-06-04 04:14 --------- d-----w D:\Programfiler\GtkRadiant 1.5.0 2008-05-30 18:39 --------- d-----w D:\Documents and Settings\halvorg\Programdata\Xfire 2008-05-26 23:44 --------- d-----w D:\Documents and Settings\halvorg\Programdata\AdobeUM 2008-05-23 22:45 --------- d-----w D:\Programfiler\Crazybump 2008-05-23 22:45 --------- d-----w D:\Documents and Settings\All Users\Programdata\licensecb 2008-05-23 22:45 --------- d-----w D:\Documents and Settings\All Users\Programdata\CrazyBump 2008-05-12 20:17 --------- d-s---w D:\Programfiler\Xfire 2008-05-12 02:33 --------- d-----w D:\Documents and Settings\halvorg\Programdata\LimeWire 2008-05-02 11:36 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll 2008-04-30 00:58 41,296 ----a-w D:\WINDOWS\system32\xfcodec.dll 2008-01-05 17:35 336 ----a-w D:\Programfiler\INSTALL.LOG 2003-12-18 10:33 20,102 ----a-w D:\Programfiler\Readme.txt 2003-09-03 06:46 10,960 ----a-w D:\Programfiler\EULA.txt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="D:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "Steam"="d:\programfiler\steam\steam.exe" [2008-03-28 22:37 1271032] "DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856] "updateMgr"="D:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "Skype"="D:\Programfiler\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312] "SUPERAntiSpyware"="D:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "SoundMAXPnP"="D:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528] "MSWheel"="" [] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe] "basicsmssmenu"="D:\Programfiler\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "QuickTime Task"="D:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] D:\Documents and Settings\halvorg\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - D:\Programfiler\Last.fm\LastFMHelper.exe [2007-08-24 02:20:56 106496] D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - D:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= DivXa32.acm "vidc.ffds"= ffdshow.ax "SENTINEL"= snti386.dll "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=D:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^halvorg^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=D:\Documents and Settings\halvorg\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^halvorg^Start-meny^Programmer^Oppstart^Warkeys Update.lnk] path=D:\Documents and Settings\halvorg\Start-meny\Programmer\Oppstart\Warkeys Update.lnk backup=D:\WINDOWS\pss\Warkeys Update.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^halvorg^Start-meny^Programmer^Oppstart^Xfire.lnk] path=D:\Documents and Settings\halvorg\Start-meny\Programmer\Oppstart\Xfire.lnk backup=D:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] D:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] D:\Programfiler\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 10:36 256576 D:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe] --a------ 2006-08-03 11:47 106496 D:\WINDOWS\system32\kmw_run.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] D:\WINDOWS\msupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2006-02-13 18:33 214648 D:\Programfiler\Octoshape Streaming Services\halvorg\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 19:58 282624 D:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy] --a------ 2006-12-02 02:49 73728 D:\WINDOWS\copyfstq.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 17:17 159744 D:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 22:37 1271032 D:\Programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 04:10 49263 D:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] D:\Programfiler\Save\Save.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Programfiler\\uTorrent\\utorrent.exe"= "D:\\Programfiler\\LimeWire\\LimeWire.exe"= "D:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\WINDOWS\\system32\\dplaysvr.exe"= "D:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "D:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\spel\\World in Conflict\\wic.exe"= "C:\\spel\\World in Conflict\\wic_online.exe"= "C:\\spel\\World in Conflict\\wic_ds.exe"= "D:\\spel\\Football Manager 2008\\fm.exe"= "D:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "D:\\spel\\Neverwinter Nights 2\\nwn2main.exe"= "D:\\spel\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "D:\\spel\\Neverwinter Nights 2\\nwupdate.exe"= "D:\\spel\\Neverwinter Nights 2\\nwn2server.exe"= "D:\\Programfiler\\Crazybump\\cb.exe"= "D:\\Programfiler\\Skype\\Phone\\Skype.exe"= R1 nltdi;nltdi;D:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03] R2 Basics Service;Basics Service;D:\Programfiler\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 17:21] R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;D:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 07:31] R3 KMW_KBD;Kensington Input Devices Class filter driver;D:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2006-08-03 11:46] R3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10] S3 HabuFltr;Habu Mouse;D:\WINDOWS\system32\drivers\habu.sys [2006-08-14 10:21] S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;D:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2006-08-03 11:47] S3 KMW_USB;Kensington MouseWorks USB filter driver;D:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2006-08-03 11:47] S3 uisp;Freescale USB JW32 driver;D:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 11:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1588f3b2-4863-11dc-bacb-806d6172696f}] \Shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bea20dc-6122-11db-b40c-0004e21fdd4a}] \Shell\AutoRun\command - G:\lotrosetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40163c4-6117-11db-b406-806d6172696f}] \Shell\AutoRun\command - F:\autorun.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 12:27:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-25 12:42:35 ComboFix-quarantined-files.txt 2008-06-25 10:42:02 Pre-Run: 1,531,731,968 byte ledig Post-Run: 1,543,991,296 byte ledig 206 SAS Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/25/2008 at 08:45 AM Application Version : 4.15.1000 Core Rules Database Version : 3490 Trace Rules Database Version: 1481 Scan type : Complete Scan Total Scan Time : 00:43:44 Memory items scanned : 386 Memory threats detected : 0 Registry items scanned : 4927 Registry threats detected : 3 File items scanned : 23892 File threats detected : 0 Adware.URLBlaze HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id Adware.Tracking Cookie track.adform.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .advertising.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .atdmt.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .advertising.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .advertising.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .advertising.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .advertising.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .tradedoubler.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .doubleclick.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .adtech.de [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .adtech.de [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .imrworldwide.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .imrworldwide.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .bodybuildingcom.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad1.emediate.dk [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad1.emediate.dk [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .realmedia.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .realmedia.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .msnportal.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .statcounter.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .statcounter.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .statcounter.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .msnaccountservices.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .partners.webmasterplan.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .usenext.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .yourmedia.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .revsci.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .revsci.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .divx.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .maxserving.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad.yieldmanager.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad.yieldmanager.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad.yieldmanager.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .ad.yieldmanager.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .media.adrevolver.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .mediaplex.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .rotator.adjuggler.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .rotator.adjuggler.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .rotator.adjuggler.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .findexa.adbureau.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .serving-sys.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .serving-sys.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .serving-sys.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .serving-sys.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .serving-sys.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .microsoftwga.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .tribalfusion.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .adopt.hbmediapro.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .partygaming.122.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .overture.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .partypoker.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .bravenet.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .adultadworld.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .stat.katalysatormedia.no [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .revenue.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .revenue.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .bluestreak.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .telenor.112.2o7.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .fastclick.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .fastclick.net [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .stat.onestat.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .stat.onestat.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] .stat.onestat.com [ D:\Documents and Settings\halvorg\Programdata\Mozilla\Firefox\Profilesdpk7u29.default\cookies.txt ] Endret 25. juni 2008 av halvorg Lenke til kommentar
snippsat Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 (endret) Ser bra ut,sas og combofix fjernet det lille du hadde. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. CCcleaner sa den fjerna 3gb? det kan da ikke stemme? Ja du hadde nok ikke kontroll på alt av temp filer Surf trygt. Endret 25. juni 2008 av SNIPPSAT Lenke til kommentar
halvorg Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 Ser bra ut,sas og combofix fjernet det lille du hadde. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. CCcleaner sa den fjerna 3gb? det kan da ikke stemme? Ja du hadde nok ikke kontroll på alt av temp filer Surf trygt. Flott, takk : ) Lenke til kommentar
r2d290 Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 Så, behold Ccleaner, og kjør det av og til, så slipper du å få så mange Temp-filer Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java (Ikke beta):http://java.sun.com/javase/downloads/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå