korneliussen Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) Hei, Har hatt mye problemer med pop-ups fra Wixawin, etc., og har fulgt veiledningen i denne tråden: https://www.diskusjon.no/index.php?showtopic=691246 Problemet ser tilsynelatende ut til å være borte, men lurte på om noen likevel kan se igjennom loggene. På forhånd takk :-) SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/23/2008 at 08:49 AM Application Version : 4.20.1046 Core Rules Database Version : 3545 Trace Rules Database Version: 1534 Scan type : Quick Scan Total Scan Time : 00:19:20 Memory items scanned : 475 Memory threats detected : 1 Registry items scanned : 503 Registry threats detected : 6 File items scanned : 10700 File threats detected : 12 Trojan.Unclassified/C00-WL/A C:\WINDOWS\SYSTEM32\__C00852C4.DAT C:\WINDOWS\SYSTEM32\__C00852C4.DAT C:\WINDOWS\SYSTEM32\__C003BAA2.DAT Adware.Tracking Cookie Trojan.Unclassified/C00-WL HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4#Asynchronous HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4#DllName HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4#Impersonate HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4#Startup HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00852C4#Logon Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-21.02 - 2008-08-23 9:12:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.202 [GMT 2:00] Running from: C:\Documents and Settings\Tore\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\__c0053AF0.dat C:\WINDOWS\system32\~.exe . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-23 08:26 . 2008-08-23 08:26 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-23 08:26 . 2008-08-23 08:26 <DIR> d-------- C:\Documents and Settings\Tore\Programdata\SUPERAntiSpyware.com 2008-08-23 08:26 . 2008-08-23 08:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-23 08:25 . 2008-08-23 08:25 6,634,008 --a------ C:\Programfiler\SUPERAntiSpyware.exe 2008-08-23 08:19 . 2008-08-23 09:08 <DIR> dr-h----- C:\Documents and Settings\Tore\Siste 2008-08-23 08:15 . 2008-08-23 08:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-23 08:13 . 2008-08-23 08:14 860,120 --a------ C:\Programfiler\ccsetup210_slim.exe 2008-08-13 15:56 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll 2008-08-11 21:14 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\SYSTEM32\audiopid.vxd 2008-08-11 21:11 . 2008-08-11 21:11 <DIR> d-------- C:\WINDOWS\CtDrvInstall 2008-08-11 21:09 . 2006-08-30 07:10 2,560 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys 2008-08-11 21:09 . 2006-08-30 07:10 2,432 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys 2008-08-11 21:08 . 2008-08-11 21:08 <DIR> d-------- C:\Programfiler\muvee Technologies 2008-08-11 21:08 . 2008-08-11 21:08 <DIR> d-------- C:\Programfiler\Fellesfiler\muvee Technologies 2008-08-11 21:07 . 2008-08-11 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\muvee Technologies 2008-08-11 21:06 . 2008-08-11 21:06 <DIR> d-------- C:\Programfiler\SightSpeed 2008-08-11 20:59 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys 2008-08-11 20:59 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 06:25 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-11 19:25 --------- d-----w C:\Documents and Settings\Tore\Programdata\Creative 2008-08-11 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2008-08-11 19:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-11 19:05 --------- d-----w C:\Programfiler\Creative 2008-07-19 13:35 --------- d-----w C:\Programfiler\iTunes 2008-07-19 13:34 --------- d-----w C:\Programfiler\iPod 2008-07-19 13:32 --------- d-----w C:\Programfiler\Bonjour 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll 2008-07-07 20:33 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll 2008-06-24 16:24 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll 2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2008-06-23 09:23 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2008-06-23 09:22 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll 2008-06-20 17:43 246,784 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys 2008-04-14 16:00 9,730,075 ----a-w C:\Programfiler\vlc-0.8.6f-win32.exe 2008-03-01 15:07 5,838,872 ----a-w C:\Programfiler\Firefox Setup 2.0.0.12.exe 2007-12-14 16:12 5,836,776 ----a-w C:\Programfiler\Firefox Setup 2.0.0.11.exe 2007-05-22 20:37 2,707,796 ----a-w C:\Programfiler\Legacy6Dictionaries.exe 2007-05-22 20:32 31,934,339 ----a-w C:\Programfiler\Legacy6Setup.exe 2007-02-17 13:08 36,808,256 ----a-w C:\Programfiler\iTunesSetup.exe 2006-12-16 11:11 34,165,674 ----a-w C:\Programfiler\klmcodec161.exe 2006-12-15 16:35 1,116,523 ----a-w C:\Programfiler\3ivx_d4_451_win.exe 2006-12-14 21:23 25,745,968 ----a-w C:\Programfiler\wmp11-windowsxp-x86-NB-NO.exe 2006-10-06 18:51 8,799,656 ----a-w C:\Programfiler\Azureus_2.5.0.0_Win32.setup.exe 2005-12-20 16:22 11,477,288 ----a-w C:\Programfiler\DivXPlay.exe 2005-10-17 20:50 2,833,783 ----a-w C:\Programfiler\MAC_399F.exe 2005-09-22 16:14 11,693,024 ----a-w C:\Programfiler\GoogleEarthSetup.exe 2005-05-12 15:29 4,204,404 ----a-w C:\Programfiler\eMule0.46a_Installer.exe 2005-02-26 11:11 3,597,448 ----a-w C:\Programfiler\MsgPlus-325.exe 2005-01-13 12:09 1,515,135 ----a-w C:\Programfiler\PopThisInstall.exe 2005-01-12 21:46 2,636,408 ----a-w C:\Programfiler\aawsepersonal.exe 2004-12-19 13:01 1,189,180 ----a-w C:\Programfiler\wrar341no.exe 2004-05-10 18:35 855,916 ----a-w C:\Programfiler\eval-nwc175b.exe 2004-04-01 12:57 17,188,944 ----a-w C:\Programfiler\AdbeRdr60_nor_full.exe 2004-03-27 13:08 4,950,472 ----a-w C:\Programfiler\SetupDl.exe 2004-03-25 08:58 770,048 ----a-w C:\Programfiler\winmx331.exe 2004-03-24 20:38 4,642,160 ----a-w C:\Programfiler\DivXPro511Adware.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-07-14 12:26 2236416] "MessengerPlus3"="C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" [2005-10-09 19:47 190024] "Creative Live! Cam Manager"="C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 14:01 155648] "msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2003-06-11 01:07 147456] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2003-06-20 16:18 368640] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04 114741] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672] "PCMService"="C:\Programfiler\Dell\Media Experience\PCMService.exe" [2003-12-12 16:22 217088] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-03-12 23:43 81920] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2002-12-05 17:24 106571] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "MessengerPlus3"="C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" [2005-10-09 19:47 190024] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152] "D-Link D-Link Wireless N DWA-140"="C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 19:29 1388544] "ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 02:32 639040] "PRONoMgr.exe"="C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 09:31 135168] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-05-02 09:43 185896] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 03:00 32768] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 07:59 122880 C:\WINDOWS\BCMSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2005-07-05 02:33 188482 C:\WINDOWS\SYSTEM32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.VSPX"= vspxvfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Sierra\\SWAT3\\SWAT.ICD"= "C:\\Programfiler\\eMule\\emule.exe"= "C:\\Programfiler\\Java\\j2re1.4.2\\bin\\javaw.exe"= "C:\\WINDOWS\\kdx\\khost.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2004-03-24 21:52] R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2002-04-23 14:23] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSgk.sys [2002-12-03 09:36] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2002-04-23 14:23] R2 FSpm;F-Secure Policy Manager;C:\Programfiler\F-Secure\Common\FSPM.SYS [2002-12-05 17:24] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 13:35] S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2003-10-27 22:42] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 21:01] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-10 09:35] S3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 03:32] . Contents of the 'Scheduled Tasks' folder 2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2004-03-16 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE [2002-09-30 12:18] . - - - - ORPHANS REMOVED - - - - HKCU-Run-swg - C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe Notify-1c5d71da382 - C:\WINDOWS\system32\__c0053AF0.dat . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tore\Programdata\Mozilla\Firefox\Profiles\xxp6r8cc.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 09:22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\S24EvMon.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\fsgk32.exe C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe C:\WINDOWS\SYSTEM32\RegSrvc.exe C:\WINDOWS\SYSTEM32\1XConfig.exe C:\Programfiler\F-Secure\Common\FSMA32.exe C:\Programfiler\F-Secure\Common\FSMB32.exe C:\Programfiler\F-Secure\Common\fch32.exe C:\Programfiler\F-Secure\Common\FNRB32.exe C:\Programfiler\F-Secure\Common\FAMEH32.exe C:\Programfiler\F-Secure\Common\FIH32.exe C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\SYSTEM32\wscntfy.exe C:\WINDOWS\SYSTEM32\igfxsrvc.exe C:\Programfiler\Apoint\ApntEx.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\SYSTEM32\imapi.exe . ************************************************************************** . Completion time: 2008-08-23 9:36:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-23 07:36:15 Pre-Run: 4,030,177,280 byte ledig Post-Run: 4,029,329,408 byte ledig 213 --- E O F --- 2008-08-13 15:02:50 HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:43, on 23.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Common\FIH32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\BCMSMMSG.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Programfiler\Dell\Media Experience\PCMService.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\V0420Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Tore\Skrivebord\Ny mappe\Test.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programfiler\Surfapps.com\PopThis! Free Version\PopThis.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programfiler\Surfapps.com\PopThis! Free Version\PopThis.dll O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programfiler\Surfapps.com\PopThis! Free Version\PopThis.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...llInstaller.exe O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15103/CTPID.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe -- End of file - 12349 bytes Endret 24. august 2008 av korneliussen Lenke til kommentar
norbat Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) Bare litt opprydding: Hvis MessengerPlus! 3 ikke er noe du behøver, avinstaller det fra legg til / fjern programmer. Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) Deretter fjerner du combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Gå til windows update og oppdater til SP3. Endret 23. august 2008 av norbat Lenke til kommentar
korneliussen Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Takk så mye! Har gjort opprydningen du foreslo, og nå virker alt å fungere fint. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå