amdorintel Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 (endret) Hva skal jeg trykke på for og få en logg som en av dere eksperter kan se på? Vistaen til dama har klikka helt...prosessorkraft suser opp i 50 til 100% 24/7 Fiksa logg om noen gidder og ta en titt på den:) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:14:09, on 30.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\system32\taskeng.exe C:\Users\BENTES~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\explorer.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10825 bytes Endret 30. juni 2008 av amdorintel Lenke til kommentar
9hdoksaet4 Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 Du bør ihvertfall avinnstallere(fjerne) Sweetim, det er vel et tilleggs-program til MSN-Messenger. Lenke til kommentar
superninja Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 http://hijackthis.de/ Kopier og lim inn der, er 1 ting der som du burde fjerne R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com og en du kan fjerne O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) og en du bør vurdere, dette er mer for erfarne brukere så er nok oftest lurt å ignorere det. O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe du kan jo kopiere inn selv og se, tar 2 sekunder, så finner du X'ene lenger nede og ser hva som står. Er ikke noe vanskelig. Lenke til kommentar
snippsat Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 (endret) Loggen ser ikke så ille ut,vi rydder litt og kjører noe mere så vi er helt sikker på at den er ren for maleware. Bruker noen prosesser mye av cpu etter dette finner vi ut av det. 1. Som postet over helts fjern sweetim. Må du ha den er det greit. 2. Start->kjør->cmd Kopiere 1 og 1 linje,lim inn i cmd. sc stop CLTNetCnService sc delete CLTNetCnService sc stop Nero BackItUp Scheduler 3 sc delete Nero BackItUp Scheduler 3 3. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte) 4. Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) 5. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt 6. Legg logger i skjult tekst. [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. du kan jo kopiere inn selv og se, tar 2 sekunder, så finner du X'ene lenger nede og ser hva som står. Er ikke noe vanskelig. Dette skal ikke gjøres viss enn ikke vet hva man holder på med. Det er langt mere som skal til enn og fjerne registeroppføringer på "http://hijackthis.de/" For og få en pc ren for maleware. Endret 1. juli 2008 av SNIPPSAT Lenke til kommentar
snippsat Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 (endret) Vi går imellom dine råd supernija. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com Dette skal ikke gjøres fra hijackthis. Denne ligger i "legg til eller fjern programmer" Derfor skal man alltid bes om at det tas derfra. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Skal ikke fjernes hører til live messenger. http://www.castlecops.com/tk32132-htc_8_1_0178_00_dll.html O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe Denne skal ikke fjernes hører til sonix. http://www.runscanner.net/files/exe/plfsetl/plfsetl.exe.aspx http://www.sonix.com.tw/sonix/home.do;jses...936DF2B29DD270D Som du skjønner må du sette deg inn i dette før du gir råd. Endret 30. juni 2008 av SNIPPSAT Lenke til kommentar
amdorintel Skrevet 30. juni 2008 Forfatter Del Skrevet 30. juni 2008 har begynt litt...fjærna sweetim fra uninstall ja:) men når jeg skal lime inn sc stop CLTNetCnService sc delete CLTNetCnService sc stop Nero BackItUp Scheduler 3 sc delete Nero BackItUp Scheduler 3 greiene så får jeg at jeg ikke har tilgang Lenke til kommentar
snippsat Skrevet 30. juni 2008 Del Skrevet 30. juni 2008 (endret) Stemmer vista må du velge "kjør som adminstrator" på cmd. http://support.microsoft.com/kb/922708/no Du kan godt skrive inn eller lime inn i cmd. Endret 30. juni 2008 av SNIPPSAT Lenke til kommentar
amdorintel Skrevet 30. juni 2008 Forfatter Del Skrevet 30. juni 2008 (endret) skrive kjør som adminstrator i cmd? Nå henger jeg ikke helt med..driver og scanner så kommer logg snart:) Fiksa det med og velge det når jeg høyereklikket påikonet til cmd:) Endret 30. juni 2008 av amdorintel Lenke til kommentar
amdorintel Skrevet 30. juni 2008 Forfatter Del Skrevet 30. juni 2008 her kommer logg fra sas: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 07/01/2008 at 01:01 AM Application Version : 4.15.1000 Core Rules Database Version : 3493 Trace Rules Database Version: 1484 Scan type : Complete Scan Total Scan Time : 00:30:40 Memory items scanned : 722 Memory threats detected : 0 Registry items scanned : 7618 Registry threats detected : 0 File items scanned : 24061 File threats detected : 0 Klikk for å se/fjerne innholdet nedenfor Lenke til kommentar
amdorintel Skrevet 30. juni 2008 Forfatter Del Skrevet 30. juni 2008 og for combofix : Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-20.4 - Bente Stykket 2008-07-01 1:08:42.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.867 [GMT 2:00] Running from: C:\Users\Bente Stykket\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\ACER.exe C:\Windows\system32\x64 C:\Windows\system32\x64\csnp2uvc.dll C:\Windows\system32\x64\rsnpvc64.dll C:\Windows\system32\x64\sncduvc.sys C:\Windows\system32\x64\snp2uvc.sys C:\Windows\system32\x64\vsnpvc64.dll . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))) . 2008-07-01 00:28 . 2008-07-01 00:28 <DIR> d-------- C:\Users\Bente Stykket\AppData\Roaming\SUPERAntiSpyware.com 2008-07-01 00:28 . 2008-07-01 00:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-07-01 00:28 . 2008-07-01 00:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-06-25 22:54 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-25 22:54 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-25 22:54 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-25 22:54 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-16 21:13 . 2008-06-16 21:13 56 --ah----- C:\Users\All Users\ezsidmv.dat 2008-06-16 21:13 . 2008-06-16 21:13 56 --ah----- C:\ProgramData\ezsidmv.dat 2008-06-16 21:12 . 2008-06-17 01:02 <DIR> d-------- C:\Users\Bente Stykket\AppData\Roaming\Skype 2008-06-16 21:09 . 2008-06-16 21:10 <DIR> d-------- C:\Program Files\Skype 2008-06-11 11:42 . 2008-06-11 11:42 <DIR> d-------- C:\Users\Bente Stykket\AppData\Roaming\Malwarebytes 2008-06-11 11:42 . 2008-06-11 11:42 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-06-11 11:42 . 2008-06-11 11:42 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-06-11 11:42 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-06-11 11:42 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-06-10 23:01 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-10 23:01 . 2008-04-29 03:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys 2008-06-10 23:01 . 2008-04-29 05:54 181,760 --a------ C:\Windows\System32\fsquirt.exe 2008-06-10 23:01 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-10 23:01 . 2008-04-29 03:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS 2008-06-10 23:00 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-10 23:00 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-08 20:55 . 2008-06-08 20:55 59 --a------ C:\Windows\pp.enc 2008-06-08 20:52 . 2008-06-16 21:22 <DIR> d-------- C:\Users\Bente Stykket\AppData\Roaming\Microgaming 2008-06-08 20:50 . 2008-06-08 20:50 <DIR> d-------- C:\Microgaming 2008-06-04 19:22 . 2008-06-04 19:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-03 00:13 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll 2008-06-03 00:11 . 2008-06-25 22:45 <DIR> d-a------ C:\Users\All Users\TEMP 2008-06-03 00:11 . 2008-06-25 22:45 <DIR> d-a------ C:\ProgramData\TEMP 2008-05-30 21:09 . 2008-05-30 21:09 <DIR> d-------- C:\Users\All Users\Messenger Plus! 2008-05-30 21:09 . 2008-05-30 21:09 <DIR> d-------- C:\ProgramData\Messenger Plus! 2008-05-30 20:49 . 2008-05-30 20:56 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-05-30 20:49 . 2008-05-30 20:56 <DIR> d-------- C:\ProgramData\Lavasoft 2008-05-30 17:36 . 2008-05-30 17:36 <DIR> d-------- C:\Users\Bente Stykket\AppData\Roaming\Lavasoft 2008-05-30 17:34 . 2008-07-01 00:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-27 19:43 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-27 19:43 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe 2008-05-13 03:15 . 2008-05-13 03:15 <DIR> d-------- C:\PerfLogs 2008-05-12 19:29 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-05-12 19:28 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-12 19:27 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-12 19:26 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-12 19:25 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-05-12 19:25 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-12 19:24 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-12 19:24 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-12 19:23 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-12 19:23 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-12 19:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-12 19:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-12 19:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-12 19:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-12 19:20 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-07 09:55 . 2008-05-07 09:55 767,488 --a------ C:\Windows\System32\drivers\athr.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-30 17:11 --------- d-----w C:\Users\Bente Stykket\AppData\Roaming\LimeWire 2008-06-25 20:40 --------- d-----w C:\Program Files\Google 2008-06-25 20:38 --------- d-----w C:\Program Files\Opera 2008-06-25 13:05 --------- d-----w C:\ProgramData\Nero 2008-06-25 13:05 --------- d-----w C:\Program Files\Common Files\Nero 2008-06-25 13:05 --------- d-----w C:\Program Files\Acer GameZone 2008-06-16 22:02 --------- d-----w C:\Users\Bente Stykket\AppData\Roaming\skypePM 2008-06-16 19:10 --------- d-----w C:\ProgramData\Skype 2008-06-16 19:09 --------- d-----w C:\Program Files\PokerStars 2008-06-12 22:38 --------- d-----w C:\Users\Bente Stykket\AppData\Roaming\uTorrent 2008-06-11 01:10 --------- d-----w C:\Program Files\Windows Mail 2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-13 01:26 174 --sha-w C:\Program Files\desktop.ini 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Journal 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Defender 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-13 01:16 --------- d-----w C:\Program Files\Windows Calendar 2008-05-12 18:07 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-12 18:07 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-09 10:58 28,095 ----a-w C:\Users\Bente Stykket\AppData\Roaming\nvModes.dat 2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-05 22:09 32 ----a-w C:\Users\All Users\ezsid.dat 2008-04-05 22:09 32 ----a-w C:\ProgramData\ezsid.dat 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "Acer Tour Reminder"="" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "Acer Tour"="" [] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952] "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] C:\Users\Bente Stykket\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 19:50:32 723760] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-03 13:19:07 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{46378D39-6192-45FE-86F7-64A545F0B1B4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D61150FB-6AC1-4290-8870-705DFA8F9779}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{865A5C83-C108-437B-8AF3-39BF8E851292}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{25E5AE1B-5384-4FC7-B15B-F0F0DBB071C3}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{BB90C049-97AE-47C9-9947-AC02E36FED37}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{3B8E43F8-5124-4484-B682-2CA2E37ADC55}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{FAD906D5-7F10-4C67-91D5-E720E38997E0}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{4C66FE99-2DA9-4C7E-BE84-D05C146589F0}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{8CF94BE8-DD5B-4964-A57E-0B8C61A50396}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "TCP Query User{E6A30A74-C3B5-4467-B657-4D3FF9ACEB88}E:\\program files\\bitlord2\\bitlord.exe"= UDP:E:\program files\bitlord2\bitlord.exe: "UDP Query User{36735F58-4CA7-44DF-9008-13E7A1AA145C}E:\\program files\\bitlord2\\bitlord.exe"= TCP:E:\program files\bitlord2\bitlord.exe: "TCP Query User{661BA92D-0B20-47E4-816F-A7B3EBE35C09}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{7BBFF669-DDEA-4D5C-AF19-98BEC3924CC6}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{D03B347E-EC13-4933-BD49-C6667984EE26}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{6C67541E-4B78-4EDB-90B4-1E0068CC3BD7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{4CBC56B6-8829-4ADF-9AFC-53F923465845}F:\\d-link.exe"= UDP:F:\d-link.exe:Setup Wizard Template "UDP Query User{C224AE04-A910-4A37-8AF8-99995D3558E1}F:\\d-link.exe"= TCP:F:\d-link.exe:Setup Wizard Template "{27B3BC82-CFCB-46C9-90EF-42A23E8E0CFB}"= UDP:E:\Program Files\LimeWire\LimeWire.exe:LimeWire "{09AFC43B-8AC9-40EA-95B2-7AC2434FE0D7}"= TCP:E:\Program Files\LimeWire\LimeWire.exe:LimeWire "{63C61BEF-4330-4179-8F7E-DE4528B4790A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{11BC933A-0DDB-4608-A223-28B8A4E0B56F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{5AEB0D59-D0B0-4B3F-A543-58B42B5236DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{79923864-340D-4A27-9147-08F140DBCA2F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{3734283F-51E8-4878-8DA5-60CE3C3179F7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-17 02:23] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-17 02:23] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-17 02:24] S3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00] S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 01:11:44 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-01 1:12:45 ComboFix-quarantined-files.txt 2008-06-30 23:12:41 Pre-Run: 31,202,238,464 byte ledig Post-Run: 31,169,679,360 byte ledig 227 --- E O F --- 2008-06-26 16:15:02 Klikk for å se/fjerne innholdet nedenfor Lenke til kommentar
snippsat Skrevet 1. juli 2008 Del Skrevet 1. juli 2008 (endret) 1. Combofix slette 7 infeserte filer. Combofix loggen ser fin ut nå. 2. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. 3. Ny runde med CCleaner. 4. Defragmering. Auslogics Disk Defrag + Free Registry Defrag 5. Bruk pcen se om cpu forbruk er bedere. Ctrl+alt+del<prosesser> gi navn på prosesser viss noen bruker mye. Endret 1. juli 2008 av SNIPPSAT Lenke til kommentar
r2d290 Skrevet 10. juli 2008 Del Skrevet 10. juli 2008 Hvordan går det med problemet ditt? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå