Wetatron Skrevet 4. august 2008 Del Skrevet 4. august 2008 (endret) Hei, min far klarte for en stund siden og få noe skit på maskinen, jeg tror jeg fikk fjernet noe meste, men ligger fortsatt noe i bakgrunnen som prøver å starte ting som blir plukket opp og stoppet av Symantec Antivirus (som min far har fått installert via jobben). Har kjørt diverse fra veiledningen nå, og her ligger logger. Legger også ved et bilde av filene som er blitt tatt av antivirusen og ligger i karantene. Super anti-spyware Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/04/2008 at 11:37 AM Application Version : 4.15.1000 Core Rules Database Version : 3524 Trace Rules Database Version: 1514 Scan type : Quick Scan Total Scan Time : 00:09:39 Memory items scanned : 508 Memory threats detected : 0 Registry items scanned : 407 Registry threats detected : 4 File items scanned : 5490 File threats detected : 1 Trojan.Media-Codec HKU\S-1-5-21-545450731-3172138329-1756185579-1005\Software\Web Technologies Adware.E404 Helper/Hij HKCR\CLSID\e405.e405mgr HKCR\CLSID\e405.e405mgr#UserId Rogue.AntiSpyCheck HKU\S-1-5-21-545450731-3172138329-1756185579-1005\Software\AntiSpyCheck 2.1 Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\BJERKE\FAVORITTER\ANTIVIRUS SCAN.URL ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-03.03 - Bjerke 2008-08-04 12:29:15.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.768 [GMT 2:00] Running from: C:\Documents and Settings\Bjerke\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Bjerke\Mine dokumenter\My Documents.url . ((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))) . 2008-08-04 11:26 . 2008-08-04 12:26 <DIR> dr-h----- C:\Documents and Settings\Bjerke\Siste 2008-08-04 11:23 . 2008-08-04 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-04 11:22 . 2008-08-04 11:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-04 11:22 . 2008-08-04 11:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-04 11:22 . 2008-08-04 11:22 <DIR> d-------- C:\Documents and Settings\Bjerke\Programdata\SUPERAntiSpyware.com 2008-08-04 11:21 . 2008-08-04 11:21 <DIR> d-------- C:\Programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-04 09:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-03 15:29 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-07-24 13:19 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-06-22 23:35 4,504 ----a-w C:\WINDOWS\system32\tmp.reg 2008-06-22 23:11 --------- d-----w C:\Programfiler\Trend Micro 2008-06-22 23:02 --------- d-----w C:\Programfiler\Opera 2008-06-22 22:16 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-06-22 21:43 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-06-20 19:34 --------- d-----w C:\Programfiler\Fellesfiler\Adobe AIR 2008-06-20 19:34 --------- d-----w C:\Programfiler\Adobe Media Player 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-03 22:34 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\WINDOWS\system32\thpsrv" [X] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 10:41 253952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-23 01:37 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-23 01:34 126976] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608] "TouchED"="C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 14:07 122880] "PadTouch"="C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327] "TosHKCW.exe"="C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07 49152] "SmoothView"="C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe" [2004-11-15 11:48 118784] "TMESRV.EXE"="C:\Programfiler\TOSHIBA\TME3\TMESRV31.EXE" [2005-03-23 12:04 118784] "TMERzCtl.EXE"="C:\Programfiler\TOSHIBA\TME3\TMERzCtl.EXE" [2005-03-23 12:02 77824] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05 122939] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-11-15 13:28 85744] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152] "HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-11 02:33 188416] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 10:10 88358 C:\WINDOWS\agrsmmsg.exe] "TFncKy"="TFncKy.exe" [bU] "TFNF5"="TFNF5.exe" [2004-06-28 19:16 73728 C:\WINDOWS\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2005-03-21 13:11 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-03-21 13:11 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-03-10 20:16:12 483328] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 23:31] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24] R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 11:08] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 20:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0ca161-2d81-11dd-927c-0011f55cd865}] \Shell\AutoRun\command - E:\Autorun.exe /run \Shell\Shell00\Command - E:\Autorun.exe /run \Shell\Shell01\Command - E:\Autorun.exe /action \Shell\Shell02\Command - E:\Autorun.exe /uninstall . Contents of the 'Scheduled Tasks' folder 2008-01-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] 2007-07-12 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sol.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms} O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 12:30:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-04 12:32:23 ComboFix-quarantined-files.txt 2008-08-04 10:32:11 Pre-Run: 49,139,195,904 byte ledig Post-Run: 49,128,894,464 byte ledig 136 --- E O F --- 2008-08-04 09:14:20 Hijack this Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52:02, on 04.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\ThpSrv.exe C:\Programfiler\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system320THotkey.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TFNF5.exe C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe C:\WINDOWS\system32\TPSMain.exe C:\Programfiler\TOSHIBA\TME3\TMERzCtl.EXE C:\Programfiler\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\thpsrv.exe C:\Programfiler\TOSHIBA\TME3\TMEEJME.EXE C:\WINDOWS\system32\TPSBattM.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe C:\Programfiler\Apoint2K\Apntex.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Trend Micro\HijackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system320THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programfiler\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programfiler\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programfiler\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programfiler\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: TOSHIBA Harddiskbeskyttelse (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programfiler\TOSHIBA\TME3\Tmesrv31.exe -- End of file - 10252 bytes Takk for all hjelp. Endret 14. august 2008 av Wetatron Lenke til kommentar
k-orm Skrevet 4. august 2008 Del Skrevet 4. august 2008 Har du slettet de filene som Symantec antivirusen og superantispyware fant? Loggene ser rene ut, men bør få en 'second opinion'. Lenke til kommentar
Wetatron Skrevet 4. august 2008 Forfatter Del Skrevet 4. august 2008 Symantec la de i karantene, har ikke tømt den, men antar de er sikre der.. Såvidt jeg skjønte slettet SAS de problemene den fant.. Et nytt problem er derimot at det ser ut til at ComboFix ødela Symantec Antivirus installasjonen min, og jeg har ikke CD her til å reparere den.. Noen gode tips? Symantec Antivirus er ikke startet ved oppstart, og når jeg prøver å starte manuelt får jeg først opp windows MSI-installer. Den klager etterhvert på at jeg ikke har Symantec Client Security.msi tilgjengelig, og trykker jeg cancel dukker antivirus-vinduet opp, med feilmelding om at den mangler savrt32.dll (som finnes på maskinen min). Når jeg trykker OK på feilmeldingen lukker programmet seg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå