mard Skrevet 13. august 2008 Del Skrevet 13. august 2008 Her er sas loggen Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/13/2008 at 05:01 AM Application Version : 4.15.1000 Core Rules Database Version : 3535 Trace Rules Database Version: 1524 Scan type : Quick Scan Total Scan Time : 00:06:01 Memory items scanned : 451 Memory threats detected : 1 Registry items scanned : 309 Registry threats detected : 9 File items scanned : 7973 File threats detected : 5 Trojan.Dropper/BHONew-D C:\WINDOWS\SYSTEM32\GTOOL.DLL C:\WINDOWS\SYSTEM32\GTOOL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53322B35-2C26-4FAC-A713-C31BBAA1C636} HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636} HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636} HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\InprocServer32 HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\InprocServer32#ThreadingModel HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\ProgID HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\Programmable HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\TypeLib HKCR\CLSID\{53322B35-2C26-4FAC-A713-C31BBAA1C636}\VersionIndependentProgID C:\WINDOWS\SYSTEM32\GTOOL~1.DLL Adware.Casino Games (Golden Palace Casino) C:\POKER\EXPEKT POKER\CASINO.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\EXPEKT POKER\EXPEKT POKER.LNK C:\DOCUMENTS AND SETTINGS\MARTIN DAHL\PROGRAMDATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\EXPEKT POKER.LNK Adware.Tracking Cookie .adtech.de [ C:\Documents and Settings\Martin Dahl\Programdata\Mozilla\Firefox\Profiles\zy9ywogk.default\cookies.txt ] Og combofix loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-12.01 - Martin Dahl 2008-08-13 5:04:58.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1422 [GMT 2:00] Running from: C:\Documents and Settings\Martin Dahl\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-13 04:53 . 2008-08-13 04:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-13 04:53 . 2008-08-13 04:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-13 04:53 . 2008-08-13 04:53 <DIR> d-------- C:\Documents and Settings\Martin Dahl\Programdata\SUPERAntiSpyware.com 2008-08-13 04:53 . 2008-08-13 04:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-13 04:50 . 2008-08-13 05:05 <DIR> dr-h----- C:\Documents and Settings\Martin Dahl\Siste 2008-08-12 07:29 . 2008-08-12 07:44 <DIR> d-------- C:\Programfiler\ExplorerXP 2008-08-12 01:51 . 2008-08-12 01:51 <DIR> d-------- C:\Poker 2008-08-04 01:52 . 2008-08-04 01:52 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX 2008-07-31 18:33 . 2008-08-12 02:38 <DIR> d-------- C:\Programfiler\PokerStars 2008-07-31 18:03 . 2008-03-07 13:51 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-07-31 18:03 . 2008-03-07 13:51 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys 2008-07-31 18:03 . 2008-03-07 13:51 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys 2008-07-31 18:02 . 2008-07-31 18:03 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-31 18:02 . 2008-07-31 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trend Micro 2008-07-16 19:55 . 2008-07-16 19:55 244 --ah----- C:\sqmnoopt19.sqm 2008-07-16 19:55 . 2008-07-16 19:55 232 --ah----- C:\sqmdata19.sqm 2008-07-16 19:51 . 2008-07-16 19:51 244 --ah----- C:\sqmnoopt18.sqm 2008-07-16 19:51 . 2008-07-16 19:51 232 --ah----- C:\sqmdata18.sqm 2008-07-16 19:50 . 2008-07-16 19:50 244 --ah----- C:\sqmnoopt17.sqm 2008-07-16 19:50 . 2008-07-16 19:50 232 --ah----- C:\sqmdata17.sqm 2008-07-16 19:42 . 2008-07-16 19:42 244 --ah----- C:\sqmnoopt16.sqm 2008-07-16 19:42 . 2008-07-16 19:42 232 --ah----- C:\sqmdata16.sqm 2008-07-16 19:41 . 2008-07-16 19:41 244 --ah----- C:\sqmnoopt15.sqm 2008-07-16 19:41 . 2008-07-16 19:41 232 --ah----- C:\sqmdata15.sqm 2008-07-16 19:36 . 2008-07-16 19:36 244 --ah----- C:\sqmnoopt14.sqm 2008-07-16 19:36 . 2008-07-16 19:36 232 --ah----- C:\sqmdata14.sqm 2008-07-16 19:35 . 2008-07-16 19:35 244 --ah----- C:\sqmnoopt13.sqm 2008-07-16 19:35 . 2008-07-16 19:35 232 --ah----- C:\sqmdata13.sqm 2008-07-16 19:29 . 2008-07-16 19:29 244 --ah----- C:\sqmnoopt12.sqm 2008-07-16 19:29 . 2008-07-16 19:29 232 --ah----- C:\sqmdata12.sqm 2008-07-16 19:27 . 2008-07-16 19:27 244 --ah----- C:\sqmnoopt11.sqm 2008-07-16 19:27 . 2008-07-16 19:27 232 --ah----- C:\sqmdata11.sqm 2008-07-16 19:23 . 2008-07-17 16:36 172 --ah----- C:\sqmnoopt10.sqm 2008-07-16 19:23 . 2008-07-17 16:36 172 --ah----- C:\sqmdata10.sqm 2008-07-16 19:21 . 2008-07-17 16:36 172 --ah----- C:\sqmnoopt09.sqm 2008-07-16 19:21 . 2008-07-17 16:36 172 --ah----- C:\sqmdata09.sqm 2008-07-16 18:57 . 2008-07-17 16:36 172 --ah----- C:\sqmnoopt08.sqm 2008-07-16 18:57 . 2008-07-17 16:36 172 --ah----- C:\sqmdata08.sqm 2008-07-16 18:52 . 2008-07-17 16:36 172 --ah----- C:\sqmnoopt07.sqm 2008-07-16 18:52 . 2008-07-17 16:36 172 --ah----- C:\sqmdata07.sqm 2008-07-16 18:51 . 2008-07-17 16:36 208 --ah----- C:\sqmdata06.sqm 2008-07-16 18:51 . 2008-07-17 16:36 172 --ah----- C:\sqmnoopt06.sqm 2008-07-16 17:18 . 2008-07-17 16:36 136 --ah----- C:\sqmnoopt05.sqm 2008-07-16 17:18 . 2008-07-17 16:36 136 --ah----- C:\sqmdata05.sqm 2008-07-16 17:15 . 2008-07-17 02:55 244 --ah----- C:\sqmnoopt04.sqm 2008-07-16 17:15 . 2008-07-16 20:06 244 --ah----- C:\sqmnoopt03.sqm 2008-07-16 17:15 . 2008-07-17 02:55 232 --ah----- C:\sqmdata04.sqm 2008-07-16 17:15 . 2008-07-16 20:06 232 --ah----- C:\sqmdata03.sqm 2008-07-16 17:13 . 2008-07-16 20:05 244 --ah----- C:\sqmnoopt02.sqm 2008-07-16 17:13 . 2008-07-16 20:05 232 --ah----- C:\sqmdata02.sqm 2008-07-16 16:48 . 2008-07-16 20:04 244 --ah----- C:\sqmnoopt01.sqm 2008-07-16 16:48 . 2008-07-16 20:04 232 --ah----- C:\sqmdata01.sqm 2008-07-16 16:42 . 2008-07-16 20:00 244 --ah----- C:\sqmnoopt00.sqm 2008-07-16 16:42 . 2008-07-16 20:00 232 --ah----- C:\sqmdata00.sqm 2008-07-14 01:05 . 2004-08-04 01:03 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-07-14 01:05 . 2004-08-04 01:03 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax 2008-07-14 01:05 . 2004-08-04 01:03 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-07-14 01:05 . 2004-08-04 01:03 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax 2008-07-14 01:05 . 2004-08-04 01:03 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-07-14 01:05 . 2004-08-04 01:03 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-07-14 01:05 . 2004-08-04 01:03 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-07-14 01:05 . 2004-08-04 01:03 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax 2008-07-14 01:05 . 2004-08-04 01:03 28,672 --a------ C:\WINDOWS\system32\vidcap.ax 2008-07-14 01:05 . 2004-08-04 01:03 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax 2008-07-14 00:33 . 2008-07-14 00:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2008-07-14 00:32 . 2008-07-14 00:33 <DIR> d-------- C:\Programfiler\Logitech . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 03:01 --------- d-----w C:\Documents and Settings\Martin Dahl\Programdata\DNA 2008-08-12 09:53 --------- d-----w C:\Documents and Settings\Martin Dahl\Programdata\BitTorrent 2008-08-10 21:10 --------- d-----w C:\Documents and Settings\Martin Dahl\Programdata\mIRC 2008-08-08 17:45 --------- d-----w C:\Documents and Settings\Martin Dahl\Programdata\dvdcss 2008-08-07 22:12 --------- d-----w C:\Documents and Settings\Martin Dahl\Programdata\Hamachi 2008-07-31 15:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-07-13 22:33 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-06-30 15:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-30 01:00 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-06-21 02:12 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd 2008-06-21 02:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 22:30 --------- d-----w C:\Programfiler\MSN Messenger 2008-06-13 15:33 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-06-13 15:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-06-09 23:32 2,829 -c--a-w C:\WINDOWS\War3Unin.pif 2008-06-09 23:32 139,264 -c--a-w C:\WINDOWS\War3Unin.exe 2008-06-02 19:13 315,392 -c--a-w C:\WINDOWS\HideWin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "DAEMON Tools Lite"="D:\Software\daemon\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-06-09 23:53 289088] "LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 08:56 2173480] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-07 13:48 1398024] "nwiz"="nwiz.exe" [2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Logitech SetPoint.lnk - D:\Software\mx518\SetPoint\SetPoint.exe [2008-06-02 21:45:05 784912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Steam\\steamapps\\paulipetter\\counter-strike\\hl.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "D:\\wc3\\Warcraft III\\Warcraft III.exe"= "D:\\wc3\\Warcraft III\\War3.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "D:\\Software\\bt\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "D:\\irc\\mIRC\\mirc.exe"= "D:\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 14:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 11:39] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Martin Dahl\Programdata\Mozilla\Firefox\Profiles\zy9ywogk.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 05:06:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-13 5:07:14 ComboFix-quarantined-files.txt 2008-08-13 03:07:11 Pre-Run: 45,713,010,688 byte ledig Post-Run: 45,708,378,112 byte ledig 175 --- E O F --- 2008-07-09 22:56:29 og hijack this loggen Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:08:07, on 13.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe D:\Software\daemon\DAEMON Tools Lite\daemon.exe C:\Programfiler\DNA\btdna.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Software\mx518\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Software\daemon\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Software\mx518\SetPoint\SetPoint.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro-sentralkontrollkomponent (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe -- End of file - 5123 bytes Lenke til kommentar
snippsat Skrevet 13. august 2008 Del Skrevet 13. august 2008 (endret) Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked. O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing) --- C:\sqmnoopt19.sqm O.S.V... Du kan slette .sqm filer cache filer fra MSN. --- Ser bra ut dette --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Surf trygt. Endret 13. august 2008 av SNIPPSAT Lenke til kommentar
mard Skrevet 13. august 2008 Forfatter Del Skrevet 13. august 2008 Takk for kjapt svar snippsat ! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå