[løst] Noen som kan sjekke gjennom loggene?

[M-J]

driver og prøver å rense en pc som var overfylt av trojaner spyware og dritt noen som kan sjekke igjennom loggene og se hva som er igjen?

 

HJT logg:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:15, on 26.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Helen\Desktop\hjt\TESTETEST.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EG

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: (no name) - {3833ba99-734a-4f25-a197-40b43a2b74f7} - C:\WINDOWS\system32\medxqfll.dll (file missing)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7AB9A136-D60D-479A-890F-F94895BAAC14} - C:\WINDOWS\system32\yayxxuRI.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {C1A1B601-9E64-4598-8DF9-BADF60280F25} - C:\WINDOWS\system32\rqRHxxWp.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Ressursovervåking for Extender-enhet.lnk = C:\WINDOWS\ehome\RMSysTry.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - AppInit_DLLs: cbapusyh.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: awtuuSIC - awtuuSIC.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10562 bytes

 

 

 

SAS-logg:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/26/2008 at 04:46 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3491

Trace Rules Database Version: 1482

 

Scan type : Complete Scan

Total Scan Time : 00:50:18

 

Memory items scanned : 705

Memory threats detected : 3

Registry items scanned : 5793

Registry threats detected : 13

File items scanned : 25285

File threats detected : 173

 

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\CBAPUSYH.DLL

C:\WINDOWS\SYSTEM32\CBAPUSYH.DLL

C:\WINDOWS\SYSTEM32\MEDXQFLL.DLL

C:\WINDOWS\SYSTEM32\MEDXQFLL.DLL

 

Trojan.Vundo-Variant/Small

C:\WINDOWS\SYSTEM32\XFGJJNHL.DLL

C:\WINDOWS\SYSTEM32\XFGJJNHL.DLL

C:\WINDOWS\SYSTEM32\ALDOSBVM.DLL

C:\WINDOWS\SYSTEM32\AWTRRKED.DLL

C:\WINDOWS\SYSTEM32\CDQDUMUL.DLL

C:\WINDOWS\SYSTEM32\CVQFFWKU.DLL

C:\WINDOWS\SYSTEM32\GEBUTKLM.DLL

C:\WINDOWS\SYSTEM32\GHAKDAXM.DLL

C:\WINDOWS\SYSTEM32\GNRCVIRI.DLL

C:\WINDOWS\SYSTEM32\IIFFEXUV.DLL

C:\WINDOWS\SYSTEM32\JYPMXSAQ.DLL

C:\WINDOWS\SYSTEM32\KGBEUSCP.DLL

C:\WINDOWS\SYSTEM32\KMVNAWFG.DLL

C:\WINDOWS\SYSTEM32\LGKQJHAQ.DLL

C:\WINDOWS\SYSTEM32\RHTYRRIV.DLL

C:\WINDOWS\SYSTEM32\WASYAMDK.DLL

C:\WINDOWS\SYSTEM32\WFBOSBPI.DLL

C:\WINDOWS\SYSTEM32\WKWLNNQN.DLL

C:\WINDOWS\SYSTEM32\XANQLBBX.DLL

 

MyWay Search Assistant Computers

HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable

C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL

HKU\S-1-5-21-1286288333-1029103634-3705034611-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

 

Adware.Tracking Cookie

C:\Documents and Settings\Helen\Cookies\helen@clickbank[2].txt

C:\Documents and Settings\Helen\Cookies\[email protected][2].txt

C:\Documents and Settings\Helen\Cookies\helen@clickbank[1].txt

C:\Documents and Settings\Helen\Cookies\helen@clickbank[4].txt

C:\Documents and Settings\Helen\Cookies\helen@clickbank[5].txt

C:\Documents and Settings\Helen\Cookies\helen@clickbank[3].txt

C:\Documents and Settings\Nico\Cookies\nico@mtrack[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@serving-sys[2].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@tradedoubler[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@advertising[1].txt

C:\Documents and Settings\Nico\Cookies\nico@statcounter[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\nico@atdmt[1].txt

C:\Documents and Settings\Nico\Cookies\nico@atwola[1].txt

C:\Documents and Settings\Nico\Cookies\nico@bluestreak[1].txt

C:\Documents and Settings\Nico\Cookies\nico@doubleclick[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\nico@fastclick[2].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@hitbox[1].txt

C:\Documents and Settings\Nico\Cookies\nico@mediaplex[1].txt

C:\Documents and Settings\Nico\Cookies\nico@revsci[2].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@tacoda[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\nico@tribalfusion[1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][1].txt

C:\Documents and Settings\Nico\Cookies\[email protected][2].txt

C:\Documents and Settings\Nico\Cookies\nico@zedo[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@sexdating[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@casalemedia[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@fastclick[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adultadworld[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@tribalfusion[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adultfriendfinder[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@serving-sys[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@mediaplex[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@kontera[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@usenext[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@youporn[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@weborama[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@hitbox[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@socialmedia[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@doubleclick[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@accounts[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@bluestreak[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adnetserver[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@indextools[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adtech[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@smileycentral[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@azjmp[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@atdmt[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adinterax[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adultswim[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@pornhost[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@questionmarket[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@insightexpressai[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@statcounter[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@clicktorrent[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@specificclick[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@sexynatalie[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@tacoda[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@xiti[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@nextag[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@revsci[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@adbrite[1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@zedo[2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@burstnet[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@collegeteencreamers[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@advertising[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@partypoker[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@tradedoubler[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@teenhitchhikers[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@indexstats[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Cookies\thijs@atwola[2].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Cookies\thijs@hotpornotube08[1].txt

C:\Documents and Settings\Thijs\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\thijs@weborama[1].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\thijs@doubleclick[1].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\thijs@statcounter[1].txt

C:\Documents and Settings\Thijs\Local Settings\Temp\Cookies\[email protected][1].txt

 

Trojan.Media-Codec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video Access ActiveX Object\isamntr.exe ]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#eitheror [ {2016a466-91a2-43c6-97d8-2fd380f065ef} ]

 

Adware.Vundo Variant/Rel

HKLM\SOFTWARE\Microsoft\aoprndtws

HKLM\SOFTWARE\Microsoft\FCOVM

HKLM\SOFTWARE\Microsoft\RemoveRP

HKU\S-1-5-21-1286288333-1029103634-3705034611-1005\Software\Microsoft\rdfa

 

Adware.Vundo Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP235\A0165991.DLL

 

Trace.Known Threat Sources

C:\Documents and Settings\Thijs\Local Settings\Temporary Internet Files\Content.IE5\6R0FWHGP\antispyshield[1].htm

C:\Documents and Settings\Thijs\Local Settings\Temporary Internet Files\Content.IE5\KD6BOPIR\CAJMG37L.htm

 

 

 

 

Combofiz-logg

 

ComboFix 08-06-20.4 - Helen 2008-06-26 18:17:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.426 [GMT 2:00]

Running from: C:\Documents and Settings\Helen\Desktop\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BMb3c3b8b3.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ipbsobfw.ini

C:\WINDOWS\system32\IRuxxyay.ini

C:\WINDOWS\system32\IRuxxyay.ini2

C:\WINDOWS\system32\jdpfmtgy.ini

C:\WINDOWS\system32\koexbjfv.ini

C:\WINDOWS\system32\lhnjjgfx.ini

C:\WINDOWS\system32\nnvtllte.ini

C:\WINDOWS\system32\onnecpfm.ini

C:\WINDOWS\system32\pWxxHRqr.ini

C:\WINDOWS\system32\pWxxHRqr.ini2

C:\WINDOWS\system32\rhmwgtsv.ini

C:\WINDOWS\system32\uxrtacdq.ini

C:\WINDOWS\system32\xcllihbq.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 17:08 . 2008-06-26 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-26 15:54 . 2008-06-26 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\Helen\Application Data\SUPERAntiSpyware.com

2008-06-26 15:48 . 2008-06-26 15:49 <DIR> d-------- C:\Program Files\CCleaner

2008-06-25 23:03 . 2008-06-25 23:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-25 23:03 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-25 22:52 . 2008-06-25 22:52 91,136 --a------ C:\WINDOWS\system32\oasaqqdf.dll

2008-06-25 21:49 . 2008-06-25 21:49 106,496 --a------ C:\WINDOWS\system32\amxvvfjb.dll

2008-06-24 01:03 . 2008-06-24 01:03 91,136 --a------ C:\WINDOWS\system32\lqheaqjh.dll

2008-06-22 00:25 . 2008-06-22 00:21 714 --ahs---- C:\WINDOWS\system32\xbblqnax.ini

2008-06-21 13:55 . 2008-06-22 00:21 714 ---hs---- C:\WINDOWS\system32\totkngja.ini

2008-06-19 23:56 . 2008-06-21 13:54 594 ---hs---- C:\WINDOWS\system32\jxriritq.ini

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-19 16:55 . 2008-06-19 23:03 474 ---hs---- C:\WINDOWS\system32\hcnstskg.ini

2008-06-18 10:08 . 2008-06-19 16:54 1,246 ---hs---- C:\WINDOWS\system32\bxavchex.ini

2008-06-18 09:59 . 2008-06-18 10:03 1,126 ---hs---- C:\WINDOWS\system32\jorxcvwj.ini

2008-06-10 00:10 . 2008-06-18 09:57 1,006 ---hs---- C:\WINDOWS\system32\avukvjix.ini

2008-06-09 00:08 . 2008-06-10 00:09 654 ---hs---- C:\WINDOWS\system32\iscxfppd.ini

2008-06-08 23:10 . 2008-06-08 23:38 534 ---hs---- C:\WINDOWS\system32\idblhssp.ini

2008-06-06 23:46 . 2008-06-08 23:04 414 ---hs---- C:\WINDOWS\system32\yusjkojc.ini

2008-06-05 18:09 . 2008-06-06 23:45 2,986 ---hs---- C:\WINDOWS\system32\oefjaogn.ini

2008-06-04 15:41 . 2008-06-05 18:07 2,866 ---hs---- C:\WINDOWS\system32\vewgequk.ini

2008-06-03 08:07 . 2008-06-04 15:40 2,626 ---hs---- C:\WINDOWS\system32\itubvyij.ini

2008-06-02 08:02 . 2008-06-03 08:06 2,206 ---hs---- C:\WINDOWS\system32\dsyiawhy.ini

2008-05-31 23:10 . 2008-06-02 08:00 1,666 ---hs---- C:\WINDOWS\system32\yndwcank.ini

2008-05-30 22:25 . 2008-05-31 23:05 1,426 ---hs---- C:\WINDOWS\system32\cmpmicsg.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 13:48 --------- d-----w C:\Program Files\Yahoo!

2008-06-26 13:29 --------- d-----w C:\Program Files\McAfee

2008-06-23 20:43 --------- d-----w C:\Documents and Settings\Helen\Application Data\SiteAdvisor

2008-06-08 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-06-08 21:46 --------- d-----w C:\Documents and Settings\Helen\Application Data\McAfee

2008-05-29 11:47 --------- d-----w C:\Program Files\DivX

2008-05-26 21:26 --------- d-----w C:\Program Files\Google

2008-05-26 12:26 --------- d-----w C:\Program Files\Java

2008-05-23 21:22 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-11 21:07 94,208 ----a-w C:\WINDOWS\DUMP92f9.tmp

2008-05-11 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArtPlant

2008-05-11 10:37 --------- d-----w C:\Program Files\AGEIA Technologies

2008-05-11 10:34 --------- d-----w C:\Documents and Settings\Helen\Application Data\GetRightToGo

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-03-02 07:11 4,384,256 --sha-w C:\Program Files\ehthumbs.db

2008-01-05 19:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-07-12 20:00 80 -csh--r C:\WINDOWS\system32\6E162F84C2.dll

2008-03-09 20:35 88 --sh--r C:\WINDOWS\system32\C2842F166E.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3833ba99-734a-4f25-a197-40b43a2b74f7}]

C:\WINDOWS\system32\medxqfll.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB9A136-D60D-479A-890F-F94895BAAC14}]

C:\WINDOWS\system32\yayxxuRI.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A1B601-9E64-4598-8DF9-BADF60280F25}]

C:\WINDOWS\system32\rqRHxxWp.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 19:18 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-24 16:43:08 24576]

Ressursoverv†king for Extender-enhet.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuSIC]

awtuuSIC.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=cbapusyh.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Helen\\Desktop\\utorrent.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Ekstern Media Center-opplevelse

 

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]

S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-15 01:13:55 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 18:25:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\ehome\McrdSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-06-26 18:29:56 - machine was rebooted [Helen]

ComboFix-quarantined-files.txt 2008-06-26 16:29:47

 

Pre-Run: 13,584,744,448 bytes free

Post-Run: 16,121,892,864 bytes free

 

209 --- E O F --- 2008-06-26 13:22:17

 

 

 

på forhånd takk

 

M-J

Endret 26. juni 2008 av M-J

[r2d290]

Start HijackThis

Velg: Do a systemscan only

Sett en hake i boksene foran disse linjene:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EG

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {3833ba99-734a-4f25-a197-40b43a2b74f7} - C:\WINDOWS\system32\medxqfll.dll (file missing)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {7AB9A136-D60D-479A-890F-F94895BAAC14} - C:\WINDOWS\system32\yayxxuRI.dll (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {C1A1B601-9E64-4598-8DF9-BADF60280F25} - C:\WINDOWS\system32\rqRHxxWp.dll (file missing)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O20 - AppInit_DLLs: cbapusyh.dll

O20 - Winlogon Notify: awtuuSIC - awtuuSIC.dll (file missing)

Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

 

Deretter restarter du maskinen, og poster en Combofix-logg

Lag også en fersk HijackThis-logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

 

Post disse loggene i din neste post.

[M-J]

takk takk

 

Combofix:

 

 

ComboFix 08-06-20.4 - Helen 2008-06-26 19:40:45.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.445 [GMT 2:00]

Running from: C:\Documents and Settings\Helen\Desktop\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

 

.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 17:08 . 2008-06-26 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-26 15:54 . 2008-06-26 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\Helen\Application Data\SUPERAntiSpyware.com

2008-06-26 15:48 . 2008-06-26 15:49 <DIR> d-------- C:\Program Files\CCleaner

2008-06-25 23:03 . 2008-06-25 23:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-25 23:03 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-25 22:52 . 2008-06-25 22:52 91,136 --a------ C:\WINDOWS\system32\oasaqqdf.dll

2008-06-25 21:49 . 2008-06-25 21:49 106,496 --a------ C:\WINDOWS\system32\amxvvfjb.dll

2008-06-24 01:03 . 2008-06-24 01:03 91,136 --a------ C:\WINDOWS\system32\lqheaqjh.dll

2008-06-22 00:25 . 2008-06-22 00:21 714 --ahs---- C:\WINDOWS\system32\xbblqnax.ini

2008-06-21 13:55 . 2008-06-22 00:21 714 ---hs---- C:\WINDOWS\system32\totkngja.ini

2008-06-19 23:56 . 2008-06-21 13:54 594 ---hs---- C:\WINDOWS\system32\jxriritq.ini

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-19 16:55 . 2008-06-19 23:03 474 ---hs---- C:\WINDOWS\system32\hcnstskg.ini

2008-06-18 10:08 . 2008-06-19 16:54 1,246 ---hs---- C:\WINDOWS\system32\bxavchex.ini

2008-06-18 09:59 . 2008-06-18 10:03 1,126 ---hs---- C:\WINDOWS\system32\jorxcvwj.ini

2008-06-10 00:10 . 2008-06-18 09:57 1,006 ---hs---- C:\WINDOWS\system32\avukvjix.ini

2008-06-09 00:08 . 2008-06-10 00:09 654 ---hs---- C:\WINDOWS\system32\iscxfppd.ini

2008-06-08 23:10 . 2008-06-08 23:38 534 ---hs---- C:\WINDOWS\system32\idblhssp.ini

2008-06-06 23:46 . 2008-06-08 23:04 414 ---hs---- C:\WINDOWS\system32\yusjkojc.ini

2008-06-05 18:09 . 2008-06-06 23:45 2,986 ---hs---- C:\WINDOWS\system32\oefjaogn.ini

2008-06-04 15:41 . 2008-06-05 18:07 2,866 ---hs---- C:\WINDOWS\system32\vewgequk.ini

2008-06-03 08:07 . 2008-06-04 15:40 2,626 ---hs---- C:\WINDOWS\system32\itubvyij.ini

2008-06-02 08:02 . 2008-06-03 08:06 2,206 ---hs---- C:\WINDOWS\system32\dsyiawhy.ini

2008-05-31 23:10 . 2008-06-02 08:00 1,666 ---hs---- C:\WINDOWS\system32\yndwcank.ini

2008-05-30 22:25 . 2008-05-31 23:05 1,426 ---hs---- C:\WINDOWS\system32\cmpmicsg.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 13:48 --------- d-----w C:\Program Files\Yahoo!

2008-06-26 13:29 --------- d-----w C:\Program Files\McAfee

2008-06-23 20:43 --------- d-----w C:\Documents and Settings\Helen\Application Data\SiteAdvisor

2008-06-08 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-06-08 21:46 --------- d-----w C:\Documents and Settings\Helen\Application Data\McAfee

2008-05-29 11:47 --------- d-----w C:\Program Files\DivX

2008-05-26 21:26 --------- d-----w C:\Program Files\Google

2008-05-26 12:26 --------- d-----w C:\Program Files\Java

2008-05-23 21:22 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-11 21:07 94,208 ----a-w C:\WINDOWS\DUMP92f9.tmp

2008-05-11 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArtPlant

2008-05-11 10:37 --------- d-----w C:\Program Files\AGEIA Technologies

2008-05-11 10:34 --------- d-----w C:\Documents and Settings\Helen\Application Data\GetRightToGo

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-03-02 07:11 4,384,256 --sha-w C:\Program Files\ehthumbs.db

2008-01-05 19:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-07-12 20:00 80 -csh--r C:\WINDOWS\system32\6E162F84C2.dll

2008-03-09 20:35 88 --sh--r C:\WINDOWS\system32\C2842F166E.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-26_18.29.27.98 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-26 16:23:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-26 17:45:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 17:46:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 19:18 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-24 16:43:08 24576]

Ressursoverv†king for Extender-enhet.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Helen\\Desktop\\utorrent.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Ekstern Media Center-opplevelse

 

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]

S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-15 01:13:55 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 19:46:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\ehome\McrdSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Completion time: 2008-06-26 19:51:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-26 17:51:02

ComboFix2.txt 2008-06-26 16:29:57

 

Pre-Run: 16,127,008,768 bytes free

Post-Run: 16,116,568,064 bytes free

 

194 --- E O F --- 2008-06-26 13:22:17

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:56, on 26.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\CF10493.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\regedit.exe

C:\Documents and Settings\Helen\Desktop\hjt\TESTETEST.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Ressursovervåking for Extender-enhet.lnk = C:\WINDOWS\ehome\RMSysTry.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 9816 bytes

 

 

 

M-J

[r2d290]

Du kan hvertfall gjøre følgende:

 

Gjør et nytt forsøk med å fikse linja R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

Restart deretter maskinen, start HijackThis, velg Do a systemscan only og fortell om linja ble borte. Fortell hvis den ikke gjorde det.

 

Du kan gjøre følgende:

Start notisblokk, kopier det som står i fet skrift nedenfor, og lim det inn i notisblokken.

 

 

File::

C:\WINDOWS\system32\oasaqqdf.dll

C:\WINDOWS\system32\amxvvfjb.dll

C:\WINDOWS\system32\lqheaqjh.dll

C:\WINDOWS\system32\xbblqnax.ini

C:\WINDOWS\system32\totkngja.ini

C:\WINDOWS\system32\jxriritq.ini

C:\WINDOWS\system32\hcnstskg.ini

C:\WINDOWS\system32\bxavchex.ini

C:\WINDOWS\system32\jorxcvwj.ini

C:\WINDOWS\system32\avukvjix.ini

C:\WINDOWS\system32\iscxfppd.ini

C:\WINDOWS\system32\idblhssp.ini

C:\WINDOWS\system32\yusjkojc.ini

C:\WINDOWS\system32\oefjaogn.ini

C:\WINDOWS\system32\vewgequk.ini

C:\WINDOWS\system32\itubvyij.ini

C:\WINDOWS\system32\dsyiawhy.ini

C:\WINDOWS\system32\yndwcank.ini

C:\WINDOWS\system32\cmpmicsg.ini

 

 

Lagre fila på skrivebordet som CFScript

Dra CFScript-dokumentet over combofix-ikonet, og Combofix vil starte igjen.

 

Post loggen som combofix lager (c:\combofix.txt)

Endret 26. juni 2008 av r2d290

[M-J]

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll ble borte

 

Combofix:

 

 

ComboFix 08-06-20.4 - Helen 2008-06-26 21:39:01.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 2:00]

Running from: C:\Documents and Settings\Helen\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Helen\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 17:08 . 2008-06-26 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-26 15:54 . 2008-06-26 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\Helen\Application Data\SUPERAntiSpyware.com

2008-06-26 15:48 . 2008-06-26 15:49 <DIR> d-------- C:\Program Files\CCleaner

2008-06-25 23:03 . 2008-06-26 21:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-25 23:03 . 2008-06-26 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-25 22:52 . 2008-06-25 22:52 91,136 --a------ C:\WINDOWS\system32\oasaqqdf.dll

2008-06-25 21:49 . 2008-06-25 21:49 106,496 --a------ C:\WINDOWS\system32\amxvvfjb.dll

2008-06-24 01:03 . 2008-06-24 01:03 91,136 --a------ C:\WINDOWS\system32\lqheaqjh.dll

2008-06-22 00:25 . 2008-06-22 00:21 714 --ahs---- C:\WINDOWS\system32\xbblqnax.ini

2008-06-21 13:55 . 2008-06-22 00:21 714 ---hs---- C:\WINDOWS\system32\totkngja.ini

2008-06-19 23:56 . 2008-06-21 13:54 594 ---hs---- C:\WINDOWS\system32\jxriritq.ini

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-19 16:55 . 2008-06-19 23:03 474 ---hs---- C:\WINDOWS\system32\hcnstskg.ini

2008-06-18 10:08 . 2008-06-19 16:54 1,246 ---hs---- C:\WINDOWS\system32\bxavchex.ini

2008-06-18 09:59 . 2008-06-18 10:03 1,126 ---hs---- C:\WINDOWS\system32\jorxcvwj.ini

2008-06-10 00:10 . 2008-06-18 09:57 1,006 ---hs---- C:\WINDOWS\system32\avukvjix.ini

2008-06-09 00:08 . 2008-06-10 00:09 654 ---hs---- C:\WINDOWS\system32\iscxfppd.ini

2008-06-08 23:10 . 2008-06-08 23:38 534 ---hs---- C:\WINDOWS\system32\idblhssp.ini

2008-06-06 23:46 . 2008-06-08 23:04 414 ---hs---- C:\WINDOWS\system32\yusjkojc.ini

2008-06-05 18:09 . 2008-06-06 23:45 2,986 ---hs---- C:\WINDOWS\system32\oefjaogn.ini

2008-06-04 15:41 . 2008-06-05 18:07 2,866 ---hs---- C:\WINDOWS\system32\vewgequk.ini

2008-06-03 08:07 . 2008-06-04 15:40 2,626 ---hs---- C:\WINDOWS\system32\itubvyij.ini

2008-06-02 08:02 . 2008-06-03 08:06 2,206 ---hs---- C:\WINDOWS\system32\dsyiawhy.ini

2008-05-31 23:10 . 2008-06-02 08:00 1,666 ---hs---- C:\WINDOWS\system32\yndwcank.ini

2008-05-30 22:25 . 2008-05-31 23:05 1,426 ---hs---- C:\WINDOWS\system32\cmpmicsg.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 13:48 --------- d-----w C:\Program Files\Yahoo!

2008-06-26 13:29 --------- d-----w C:\Program Files\McAfee

2008-06-23 20:43 --------- d-----w C:\Documents and Settings\Helen\Application Data\SiteAdvisor

2008-06-08 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-06-08 21:46 --------- d-----w C:\Documents and Settings\Helen\Application Data\McAfee

2008-05-29 11:47 --------- d-----w C:\Program Files\DivX

2008-05-26 21:26 --------- d-----w C:\Program Files\Google

2008-05-26 12:26 --------- d-----w C:\Program Files\Java

2008-05-23 21:22 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-11 21:07 94,208 ----a-w C:\WINDOWS\DUMP92f9.tmp

2008-05-11 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArtPlant

2008-05-11 10:37 --------- d-----w C:\Program Files\AGEIA Technologies

2008-05-11 10:34 --------- d-----w C:\Documents and Settings\Helen\Application Data\GetRightToGo

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-03-02 07:11 4,384,256 --sha-w C:\Program Files\ehthumbs.db

2008-01-05 19:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-07-12 20:00 80 -csh--r C:\WINDOWS\system32\6E162F84C2.dll

2008-03-09 20:35 88 --sh--r C:\WINDOWS\system32\C2842F166E.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-26_18.29.27.98 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-26 16:23:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-26 19:43:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 19:44:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_460.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 19:18 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-24 16:43:08 24576]

Ressursoverv†king for Extender-enhet.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Helen\\Desktop\\utorrent.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Ekstern Media Center-opplevelse

 

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]

S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-15 01:13:55 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 21:44:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\ehome\McrdSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe

.

**************************************************************************

.

Completion time: 2008-06-26 21:49:12 - machine was rebooted [Helen]

ComboFix-quarantined-files.txt 2008-06-26 19:49:04

ComboFix2.txt 2008-06-26 17:51:12

ComboFix3.txt 2008-06-26 16:29:57

 

Pre-Run: 16,090,480,640 bytes free

Post-Run: 16,081,752,064 bytes free

 

192 --- E O F --- 2008-06-26 13:22:17

 

 

[r2d290]

Hva gjorde du nå?

 

Lagret du CFScript-fila, og dro den over combofix slik bildet viser? Jeg synes det ser ut til at du bare kjørte combofix på vanlig måte jeg...

[M-J]

gjorde det men glemte og kopiere inn file:: først

 

men nå skulle det være i orden.

 

 

ComboFix 08-06-20.4 - Helen 2008-06-26 22:01:47.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT 2:00]

Running from: C:\Documents and Settings\Helen\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Helen\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\amxvvfjb.dll

C:\WINDOWS\system32\avukvjix.ini

C:\WINDOWS\system32\bxavchex.ini

C:\WINDOWS\system32\cmpmicsg.ini

C:\WINDOWS\system32\dsyiawhy.ini

C:\WINDOWS\system32\hcnstskg.ini

C:\WINDOWS\system32\idblhssp.ini

C:\WINDOWS\system32\iscxfppd.ini

C:\WINDOWS\system32\itubvyij.ini

C:\WINDOWS\system32\jorxcvwj.ini

C:\WINDOWS\system32\jxriritq.ini

C:\WINDOWS\system32\lqheaqjh.dll

C:\WINDOWS\system32\oasaqqdf.dll

C:\WINDOWS\system32\oefjaogn.ini

C:\WINDOWS\system32\totkngja.ini

C:\WINDOWS\system32\vewgequk.ini

C:\WINDOWS\system32\xbblqnax.ini

C:\WINDOWS\system32\yndwcank.ini

C:\WINDOWS\system32\yusjkojc.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\amxvvfjb.dll

C:\WINDOWS\system32\avukvjix.ini

C:\WINDOWS\system32\bxavchex.ini

C:\WINDOWS\system32\cmpmicsg.ini

C:\WINDOWS\system32\dsyiawhy.ini

C:\WINDOWS\system32\hcnstskg.ini

C:\WINDOWS\system32\idblhssp.ini

C:\WINDOWS\system32\iscxfppd.ini

C:\WINDOWS\system32\itubvyij.ini

C:\WINDOWS\system32\jorxcvwj.ini

C:\WINDOWS\system32\jxriritq.ini

C:\WINDOWS\system32\lqheaqjh.dll

C:\WINDOWS\system32\oasaqqdf.dll

C:\WINDOWS\system32\oefjaogn.ini

C:\WINDOWS\system32\totkngja.ini

C:\WINDOWS\system32\vewgequk.ini

C:\WINDOWS\system32\xbblqnax.ini

C:\WINDOWS\system32\yndwcank.ini

C:\WINDOWS\system32\yusjkojc.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 17:08 . 2008-06-26 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-26 15:54 . 2008-06-26 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Documents and Settings\Helen\Application Data\SUPERAntiSpyware.com

2008-06-26 15:48 . 2008-06-26 15:49 <DIR> d-------- C:\Program Files\CCleaner

2008-06-25 23:03 . 2008-06-26 21:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-25 23:03 . 2008-06-26 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-19 23:08 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 13:48 --------- d-----w C:\Program Files\Yahoo!

2008-06-26 13:29 --------- d-----w C:\Program Files\McAfee

2008-06-23 20:43 --------- d-----w C:\Documents and Settings\Helen\Application Data\SiteAdvisor

2008-06-08 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-06-08 21:46 --------- d-----w C:\Documents and Settings\Helen\Application Data\McAfee

2008-05-29 11:47 --------- d-----w C:\Program Files\DivX

2008-05-26 21:26 --------- d-----w C:\Program Files\Google

2008-05-26 12:26 --------- d-----w C:\Program Files\Java

2008-05-23 21:22 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-11 21:07 94,208 ----a-w C:\WINDOWS\DUMP92f9.tmp

2008-05-11 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArtPlant

2008-05-11 10:37 --------- d-----w C:\Program Files\AGEIA Technologies

2008-05-11 10:34 --------- d-----w C:\Documents and Settings\Helen\Application Data\GetRightToGo

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-03-02 07:11 4,384,256 --sha-w C:\Program Files\ehthumbs.db

2008-01-05 19:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-07-12 20:00 80 -csh--r C:\WINDOWS\system32\6E162F84C2.dll

2008-03-09 20:35 88 --sh--r C:\WINDOWS\system32\C2842F166E.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-26_18.29.27.98 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-26 16:23:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-26 20:05:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-06-26 13:21:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 17:28:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-26 20:05:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 19:18 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-24 16:43:08 24576]

Ressursoverv†king for Extender-enhet.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Helen\\Desktop\\utorrent.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Ekstern Media Center-opplevelse

 

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]

S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-15 01:13:55 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 22:06:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\ehome\McrdSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe

.

**************************************************************************

.

Completion time: 2008-06-26 22:10:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-26 20:10:44

ComboFix2.txt 2008-06-26 19:49:13

ComboFix3.txt 2008-06-26 17:51:12

ComboFix4.txt 2008-06-26 16:29:57

 

Pre-Run: 16,063,471,616 bytes free

Post-Run: 16,051,580,928 bytes free

 

216 --- E O F --- 2008-06-26 13:22:17

 

 

Endret 26. juni 2008 av M-J

[r2d290]

Du kan bruke windows utforsker til å fjerne følgende linje: C:\WINDOWS\DUMP92f9.tmp

 

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Register'til det ikke finner flere feil. Si ja til å lage backup når du blir spurt om det.

 

CCleaner skulle tømme ut cookies etc. så det er det lurt å kjøre (inkl registerrensen).

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

C:\WINDOWS\system32\6E162F84C2.dll

C:\WINDOWS\system32\C2842F166E.sys

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

 

 

 

Loggen ser forøvrig ok ut

[M-J]

Found nothing på alle punkter på begge 2.

[r2d290]

Hvis du nå kjører Ccleaner, burde maskinen være god som ny (eller?)

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

[M-J]

CCleaner er kjørt. Nå blir vennia til modern glad. hehe skjønner ikke at det er mulig å få så mye dritt på pcn jeg. tenke før man klikker er noe dritt.

 

Tusen takk for hjelpa fint at du tar deg tid.

 

M-J

[r2d290]

Alltid hyggelig å være til hjelp

[r2d290]

Ops, glemte en ting...

 

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• combofix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    The C:\Deckard mappe, hvis den eksisterer
    The C:_OtMoveIt mappe, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

Du kan avinstallere HijackThis:

Start HijackThis, velg None of the above, just start the program.

Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

 

 

 

Ellers kan du beholde SUPERAntiSpyware hvis du ønsker det. Hold det isåfall oppdatert, og scan maskinen din av og til...

Hvis du vil avinstallere det, kan du gjøre det fra legg til/fjern programmer.

Endret 26. juni 2008 av r2d290

[M-J]

Fjernet alle spor etter meg jeg er ikke noe vits at hun som eier pcn som har 0 peiling skal ha disse programmene da de aldri kommer til å bli brukt eller oppdatert.

 

igjen takk

[r2d290]

Eller eventuelt gi henne et kurs?

[M-J]

det tror jeg er dødfødt det blir nok såfall en heltdisjobb! hehe. får heller ta inn pcn hennes en gang i halvåret når den ikke går rundt lenger. hehe