madsc90 Skrevet 22. august 2008 Del Skrevet 22. august 2008 (endret) Jeg vet at Pcen hadde trojaner, ellers sier emnet alt HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:15:14, on 22.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\apps\ABoard\AOSD.exe C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE C:\Programfiler\F-Secure Internet Security\Anti-Virus\FSGK32.EXE c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Programfiler\F-Secure Internet Security\Common\FSMB32.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\F-Secure Internet Security\Common\FCH32.EXE C:\Programfiler\F-Secure Internet Security\Common\FAMEH32.EXE C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure Internet Security\FSPC\fspc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe D:\Documents and Settings\Bruker\Skrivebord\Chabbi Chabbi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsupdate.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10173 bytes SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/22/2008 at 07:03 PM Application Version : 4.15.1000 Core Rules Database Version : 3543 Trace Rules Database Version: 1532 Scan type : Complete Scan Total Scan Time : 00:24:09 Memory items scanned : 470 Memory threats detected : 1 Registry items scanned : 5317 Registry threats detected : 1 File items scanned : 12627 File threats detected : 1 Trojan.Unclassified/C00-WL C:\WINDOWS\SYSTEM32\__C0085240.DAT C:\WINDOWS\SYSTEM32\__C0085240.DAT Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c0085240 ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-21.02 - Bruker 2008-08-22 19:20:54.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.148 [GMT 2:00] Running from: D:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\__c0010000.dat C:\WINDOWS\system32\__c00755EC.dat C:\WINDOWS\system32\~.exe . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 18:36 . 2008-08-22 19:13 <DIR> dr-h----- D:\Documents and Settings\Bruker\Siste 2008-08-22 18:36 . 2008-08-22 18:36 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-22 18:35 . 2008-08-22 18:35 <DIR> d-------- D:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-08-22 18:35 . 2008-08-22 18:35 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-22 18:27 . 2008-08-22 18:27 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-20 09:07 . 2008-08-20 09:07 244 --ah----- C:\sqmnoopt17.sqm 2008-08-20 09:07 . 2008-08-20 09:07 232 --ah----- C:\sqmdata17.sqm 2008-08-19 20:21 . 2008-08-19 20:26 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Programfiler\Lavasoft 2008-08-19 20:18 . 2008-08-22 18:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-16 15:35 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 15:01 . 2008-08-13 15:01 <DIR> d-------- C:\PureSight 2008-08-13 10:00 . 2008-08-13 10:00 <DIR> d-------- D:\Documents and Settings\LocalService\Skrivebord 2008-08-13 09:50 . 2008-04-04 20:08 57,856 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-08-13 09:50 . 2008-04-04 20:08 36,736 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-08-13 09:49 . 2008-08-13 09:50 <DIR> d-------- C:\Programfiler\F-Secure Internet Security 2008-07-30 10:02 . 2008-07-30 10:02 <DIR> d-------- C:\Programfiler\Sun 2008-07-28 19:09 . 2008-07-28 19:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 07:50 --------- d-----w D:\Documents and Settings\All Users\Programdata\F-Secure 2008-08-13 07:47 --------- d-----w D:\Documents and Settings\All Users\Programdata\fssg 2008-07-30 08:01 --------- d-----w C:\Programfiler\Java 2008-07-28 17:08 --------- d-----w D:\Documents and Settings\Bruker\Programdata\AdobeUM 2008-07-22 16:32 --------- d-----w C:\Programfiler\Microsoft Works 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-02 20:45 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-03-02 20:45 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 17:39 975360] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05 339968] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 14:03 310272] "Ulead AutoDetector v2"="C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] "F-Secure Manager"="C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 20:10 182936] "F-Secure TNB"="C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 20:09 739936] "SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FELLES~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FELLES~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm "= C:\PROGRA~1\FELLES~1\ULEADS~1\MPEG\mpegacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-04 20:08] R1 F-Secure HIPS;F-Secure HIPS;C:\Programfiler\F-Secure Internet Security\HIPS\fshs.sys [2008-04-04 20:09] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 20:07] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 17:43] S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 20:07] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 20:07] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-22 C:\WINDOWS\Tasks\Master CD_DVD Creator.job - C:\Apps\SMP\MCDCHECK.EXE [2005-11-08 16:26] 2007-11-17 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00] 2007-11-17 C:\WINDOWS\Tasks\Registreringspåminnelse 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00] 2008-08-22 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe [2008-04-04 20:07] 2008-08-22 C:\WINDOWS\Tasks\Utvidet garanti.job - C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 14:55] . . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\Bruker\Programdata\Mozilla\Firefox\Profiles\89h4giz9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://no.msn.com . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 19:24:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-22 19:26:26 ComboFix-quarantined-files.txt 2008-08-22 17:26:19 Pre-Run: 23,535,628,288 byte ledig Post-Run: 23,523,692,544 byte ledig 147 --- E O F --- 2008-08-19 15:52:09 Tusen takk! Mads Endret 23. august 2008 av madsc90 Lenke til kommentar
norbat Skrevet 22. august 2008 Del Skrevet 22. august 2008 Hvis ikke Ask Toolbar er noe du må har, avinstaller det fra legg til/fjern programmer. Loggene viser ingen malware. Kjører pc'n ok? Lenke til kommentar
madsc90 Skrevet 22. august 2008 Forfatter Del Skrevet 22. august 2008 Jeg fikser Pcen til en venn, og før jeg begynte ble de bombandert med pupups og liknende... Den er litt treig, men har heller ikke best maskinvare (bl.a. celeron 3gHz og 512 ram)... Men det sitter altså ingen "virus" eller veldig unødvengige programmer igjen? Takk Lenke til kommentar
norbat Skrevet 22. august 2008 Del Skrevet 22. august 2008 Noe malware viser ikke loggene. Kanskje en diskdefragmentering kan hjelpe litt. Lenke til kommentar
madsc90 Skrevet 23. august 2008 Forfatter Del Skrevet 23. august 2008 Ok, men da prøver jeg det også Hvilket program anbefaler du til det? Takk:) Lenke til kommentar
snippsat Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) Hvilket program anbefaler du til det? Takk:) Auslogics Disk Defrag + Free Registry Defrag Husk og kjøre CCleaner som dette først. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Endret 23. august 2008 av SNIPPSAT Lenke til kommentar
madsc90 Skrevet 23. august 2008 Forfatter Del Skrevet 23. august 2008 Tusen takk for hjelpen! Begge to! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå