HDSoftware Skrevet 24. august 2008 Del Skrevet 24. august 2008 Hei flkens Har tre maskiner jeg har scannet og forhåpentligvis har klart å rense. Setter stor pris på all hjelp her.. Her er logg nr. 1: Combofix ComboFix 08-08-23.03 - Kniveåsen-1 2008-08-24 18:36:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.141 [GMT 2:00] Running from: C:\Slettes\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-24 18:34 . 2008-08-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-24 18:23 . 2008-08-24 18:23 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-24 18:23 . 2008-08-24 18:23 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-24 18:22 . 2008-08-24 18:34 <DIR> d-------- C:\Slettes 2008-08-24 17:11 . 2008-08-24 18:11 10,752 --a------ C:\WINDOWS\DCEBoot.exe 2008-08-24 16:17 . 2008-08-24 16:17 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-24 16:17 . 2008-08-24 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-24 16:16 . 2008-08-24 16:16 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-24 16:05 . 2008-08-24 16:06 <DIR> d-------- C:\totalcmd 2008-08-24 16:05 . 2008-08-24 16:14 682 --a------ C:\WINDOWS\wincmd.ini 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-08-24 16:05 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-08-18 10:10 . 2008-08-22 11:59 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-08-18 10:10 . 2008-08-24 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-18 10:10 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-18 10:10 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-18 10:10 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-18 10:10 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-15 11:40 . 2008-08-15 11:40 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-08-14 15:15 . 2008-05-01 16:38 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 15:14 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 10:25 . 2008-08-14 10:25 <DIR> d-------- C:\WINDOWS\system32\no 2008-08-14 10:25 . 2008-08-14 10:25 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-14 10:25 . 2008-08-14 10:25 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-14 10:20 . 2008-08-14 10:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-05 14:17 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-08-05 14:17 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-05 14:17 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-05 14:17 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2008-08-05 14:17 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-05 14:17 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-08-05 14:17 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2008-08-05 14:17 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-08-05 14:17 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 12:44 --------- d-----w C:\Programfiler\Boardmaker with SD Pro 2008-08-19 08:46 --------- d-----w C:\Programfiler\MSN Messenger 2008-08-15 09:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-15 09:49 --------- d-----w C:\Programfiler\Canon 2008-08-14 08:07 --------- d-----w C:\Programfiler\Java 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-02-05 11:40 212 ----a-w C:\Programfiler\rabbit.ini 2005-07-12 10:49 36,864 ----a-w C:\Programfiler\Play.exe 2005-07-12 10:46 602,624 ----a-w C:\Programfiler\RRLaunch.dll 2005-07-12 10:33 1,578,503 ----a-w C:\Programfiler\Labbe Langøre 3-5.exe 2005-07-01 14:25 3,262 ----a-w C:\Programfiler\icon.ico 2005-02-11 09:24 151,552 ----a-w C:\Programfiler\PuzzleEngine.dll 2005-02-11 09:23 425,984 ----a-w C:\Programfiler\shelldll.dll 2005-02-11 09:23 188,416 ----a-w C:\Programfiler\trinketcore.dll 2005-02-11 09:22 233,472 ----a-w C:\Programfiler\ompp32x.dll 2001-07-02 08:51 347,648 ----a-w C:\Programfiler\Mss32.dll 2001-07-02 08:51 291,328 ----a-w C:\Programfiler\binkw32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 14:39 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-31 11:27 57393] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-31 11:47 40960] "SetDefPrt"="C:\Programfiler\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 18:14 49152] "ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 23:00 864256] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-14 19:32 1398024] "MsmqIntCert"="mqrt.dll" [2008-04-14 18:22 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 14:39 68856] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-01-18 15:25:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-01-02 16:37:57 184320] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2008-04-14 18:23] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . - - - - ORPHANS REMOVED - - - - Notify-__c0018E24 - (no file) Notify-__c00DAD46 - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Start Page = hxxp://www.kniveasen.barnebygg.no/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 18:41:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????O??????P??|?????? ??4B??????????????hB??????O? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\HPQ\IAM\Bin\asghost.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE . ************************************************************************** . Completion time: 2008-08-24 18:46:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-24 16:45:48 Pre-Run: 14,252,228,608 byte ledig Post-Run: 14,307,414,016 byte ledig 204 --- E O F --- 2008-08-15 07:34:30 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:10, on 24.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Brother\ControlCenter2\brctrcen.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\explorer.exe C:\Slettes\HeisanJakkTsi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kniveasen.barnebygg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04g\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe O23 - Service: Trend Micro-sentralkontrollkomponent (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10489 bytes Lenke til kommentar
HDSoftware Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Dette er del to av totalt tre scanns jeg har gjort. Setter som sagt stor pris på all hjelp.. Combofix ComboFix 08-08-23.03 - Kniveåsen-3 2008-08-24 18:33:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.189 [GMT 2:00] Running from: C:\Slettes\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ---- Previous Run ------- . C:\Programfiler\PCPrivacyCleaner C:\Programfiler\PCPrivacyCleaner\pcpc.exe C:\Programfiler\VirusRemover2008 C:\Programfiler\VirusRemover2008\VRM2008.exe C:\xcrashdump.dat D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-24 18:28 . 2008-08-24 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-24 18:22 . 2008-08-24 18:31 <DIR> d-------- C:\Slettes 2008-08-24 18:22 . 2008-08-24 18:22 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-24 18:22 . 2008-08-24 18:23 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-24 16:20 . 2008-08-24 16:20 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-24 16:19 . 2008-08-24 16:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-24 16:17 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-08-24 16:17 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-08-24 16:16 . 2008-08-24 16:17 <DIR> d-------- C:\totalcmd 2008-08-24 16:16 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-08-24 16:16 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-08-24 16:16 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-08-24 16:16 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-08-24 16:16 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-08-24 16:16 . 2008-08-24 16:16 41 --a------ C:\WINDOWS\wincmd.ini 2008-08-20 12:59 . 2008-08-24 18:39 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-08-20 12:59 . 2008-08-24 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-19 17:15 . 2008-08-24 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-19 17:15 . 2008-08-19 17:15 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-15 12:09 . 2008-08-24 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-15 12:08 . 2008-08-22 10:47 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-08-15 12:08 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-15 12:08 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-15 12:08 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-15 12:08 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-15 10:12 . 2008-08-15 10:12 <DIR> d-------- C:\Programfiler\MSECache 2008-08-13 12:55 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-19 09:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trend Micro 2008-08-19 07:36 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-08-14 08:06 --------- d-----w C:\Programfiler\Java 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-16 11:25 --------- d-----w C:\Programfiler\CeWe Color 2008-07-16 11:25 --------- d-----w C:\Documents and Settings\All Users\Programdata\hps 2008-07-03 08:55 --------- d-----w C:\Programfiler\McDonaldsDragons . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 14:55 68856] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-31 11:27 57393] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-31 11:47 40960] "SetDefPrt"="C:\Programfiler\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 18:14 49152] "ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 23:00 864256] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 07:29 67752] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-14 19:32 1398024] "MsmqIntCert"="mqrt.dll" [2007-07-06 14:51 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 14:55 68856] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-01-18 15:25:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-02-14 17:08:32 184320] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . - - - - ORPHANS REMOVED - - - - Notify-__c001E2BE - (no file) Notify-__c003EE09 - (no file) Notify-__c0051970 - (no file) Notify-__c008FA64 - (no file) Notify-__c00B250D - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Start Page = hxxp://www.kniveasen.barnebygg.no/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 18:40:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe????????????????|?????? ??4B??????????????hB???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\dllhost.exe C:\Programfiler\HPQ\IAM\Bin\asghost.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe . ************************************************************************** . Completion time: 2008-08-24 18:45:12 - machine was rebooted [Knive†sen-3] ComboFix-quarantined-files.txt 2008-08-24 16:45:01 Pre-Run: 20,785,426,432 byte ledig Post-Run: 20,703,825,920 byte ledig 202 --- E O F --- 2008-08-16 11:50:44 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52:43, on 24.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Brother\ControlCenter2\brctrcen.exe C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\explorer.exe C:\Slettes\HiMyJaaackTis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kniveasen.barnebygg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Programfiler\Brother\Brmfl04g\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe O23 - Service: Trend Micro-sentralkontrollkomponent (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe -- End of file - 11480 bytes Lenke til kommentar
HDSoftware Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Til slutt nr. tre, og som sagt, dullion takk for hjelpen... Combofix ComboFix 08-08-23.03 - Kniveåsen-2 2008-08-24 19:05:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.188 [GMT 2:00] Running from: C:\Slettes\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-24 18:45 . 2008-08-24 19:03 <DIR> d-------- C:\Slettes 2008-08-24 18:25 . 2008-08-24 18:25 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-24 16:06 . 2008-08-24 16:06 <DIR> d-------- C:\totalcmd 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-08-24 16:06 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-08-24 16:06 . 2008-08-24 16:06 41 --a------ C:\WINDOWS\wincmd.ini 2008-08-22 10:23 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 16:00 --------- d-----w C:\Programfiler\Norton Security Scan 2008-07-31 06:07 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 10:25 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-31 11:27 57393] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-31 11:47 40960] "ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 23:00 864256] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-14 19:32 1398024] "MsmqIntCert"="mqrt.dll" [2007-07-06 14:51 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 10:25 68856] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-01-18 15:25:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-01-30 17:27:48 184320] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00] S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Contents of the 'Scheduled Tasks' folder 2008-08-24 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Programfiler\Norton Security Scan\Nss.exe [2008-01-09 04:08] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - C:\Programfiler\MSN Messenger\MsnMsgr.Exe HKLM-Run-SeePassword - C:\Programfiler\SeePassword\SeePassword.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.kniveasen.barnebygg.no/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Easy-WebPrint Add To Print List - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 -: Easy-WebPrint High Speed Print - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint Preview - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint Print - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 -: Åpne i ny bakgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?c32b88b2961b4d149dc55091d6f2a485 O8 -: Åpne i ny forgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?c32b88b2961b4d149dc55091d6f2a485 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 19:09:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????\?????????|?????? ??4B??????????????hB??????\? scanning hidden files ... C:\WINDOWS\0.log 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\dllhost.exe C:\Programfiler\HPQ\IAM\Bin\asghost.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTStackServer.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe . ************************************************************************** . Completion time: 2008-08-24 19:12:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-24 17:12:43 Pre-Run: 31,286,390,784 byte ledig Post-Run: 31,358,615,552 byte ledig 179 --- E O F --- 2008-08-22 11:50:57 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:58, on 24.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\ControlCenter2\brctrcen.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\explorer.exe C:\Slettes\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kniveasen.barnebygg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?c32b88b2961b4d149dc55091d6f2a485 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?c32b88b2961b4d149dc55091d6f2a485 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Trend Micro-sentralkontrollkomponent (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10297 bytes Lenke til kommentar
norbat Skrevet 24. august 2008 Del Skrevet 24. august 2008 (endret) 'Logg 1': Kjenner du til DCEBoot.exe? Hvis ikke, kunne du ha lastet opp følgende fil for en sjekk på http://virusscan.jotti.org/:C:\WINDOWS\DCEBoot.exe Endret 24. august 2008 av norbat Lenke til kommentar
norbat Skrevet 24. august 2008 Del Skrevet 24. august 2008 (endret) 'Logg 2': Ser fint ut Endret 24. august 2008 av norbat Lenke til kommentar
norbat Skrevet 24. august 2008 Del Skrevet 24. august 2008 (endret) 'Logg 3': Ser fint ut. Oppdater Java og sjekk også Windows Update (start->alle programmer->windows update) Endret 24. august 2008 av norbat Lenke til kommentar
KVTL Skrevet 24. august 2008 Del Skrevet 24. august 2008 Det er IKKE nødvendig for en ny tråd for hver scan, har flyttet en del innlegg inn i denne posten. Siden emnetittelen også var svært lite beskrivende, endret jeg den også. MVH KVTL Lenke til kommentar
HDSoftware Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 'Logg 1': Kjenner du til DCEBoot.exe? Hvis ikke, kunne du ha lastet opp følgende fil for en sjekk på http://virusscan.jotti.org/:C:\WINDOWS\DCEBoot.exe Kjenner ikke til dceboot.exe. Jeg skal sjekke ut den og se hva det kan være for noe. Dette var tre helt like HP laptopper slik at i utgangspunktet skal disse være ganske like. SÅ hvis DCEBoot.exe er på en av disse så er jeg med en gang mistenkelig. Sjekker den opp uansett.. Takker for hjelper ;-) Lenke til kommentar
HDSoftware Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 Det er IKKE nødvendig for en ny tråd for hver scan, har flyttet en del innlegg inn i denne posten. Siden emnetittelen også var svært lite beskrivende, endret jeg den også. MVH KVTL Takker for det. Var litt usikker på om det var mulig å putte alle sammen i samme tråd, men har da fått dette bekreftet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå