2bb1 Skrevet 4. januar 2008 Rapporter Del Skrevet 4. januar 2008 SAS-logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/04/2008 at 08:36 AM Application Version : 3.9.1008 Core Rules Database Version : 0 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:10:02 Memory items scanned : 595 Memory threats detected : 0 Registry items scanned : 6080 Registry threats detected : 0 File items scanned : 30922 File threats detected : 0 Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-01-04.1 - Administrator 2008-01-04 8:44:30.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.650 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 08:25 . 2008-01-04 08:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-01-04 08:20 . 2008-01-04 08:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-04 08:20 . 2008-01-04 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-04 08:20 . 2008-01-04 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-01-04 08:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 08:18 . 2008-01-04 08:18 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-03 14:33 . 2008-01-03 14:33 <DIR> d-------- C:\Programfiler\Lavasoft 2008-01-03 14:32 . 2008-01-04 08:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-03 14:32 . 2008-01-03 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-03 10:32 . 2008-01-03 10:32 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-03 08:00 . 2008-01-03 08:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel 2008-01-03 08:00 . 2008-01-03 08:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel 2008-01-03 07:59 . 2008-01-03 07:59 <DIR> d-------- C:\Documents and Settings\Stdbruker\Mine dokumenter 2008-01-02 20:17 . 2008-01-02 23:34 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-02 19:59 . 2008-01-02 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Ahead 2008-01-02 19:56 . 2008-01-02 19:56 <DIR> d-------- C:\Programfiler\Nero 2008-01-02 19:56 . 2008-01-02 20:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-01-01 16:35 . 2008-01-01 16:35 229,888 --a------ C:\WINDOWS\toprates.dll 2008-01-01 16:31 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-01-01 16:31 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-01-01 12:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-01 12:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-01 12:24 . 2003-01-17 15:00 90,176 --a------ C:\WINDOWS\system32\CNAC1SMK.DLL 2008-01-01 12:24 . 2003-01-17 15:00 81,920 --a------ C:\WINDOWS\system32\CNAC1EMU.DLL 2008-01-01 12:24 . 2003-01-17 15:00 49,220 --a------ C:\WINDOWS\system32\CNAC1RPK.EXE 2008-01-01 12:24 . 2003-01-17 15:00 28,743 --a------ C:\WINDOWS\system32\CNAC1LMK.DLL 2008-01-01 12:24 . 2003-01-17 15:00 28,672 --a------ C:\WINDOWS\system32\CNAC1PTU.DLL 2008-01-01 12:22 . 2008-01-01 12:25 <DIR> d-------- C:\Programfiler\Canon 2007-12-31 21:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-31 21:59 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-28 19:02 . 2007-12-28 19:02 <DIR> d-------- C:\Programfiler\DVD Shrink 2007-12-28 19:02 . 2007-12-28 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink 2007-12-26 20:29 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-26 20:29 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-26 20:29 . 2007-07-01 04:36 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-26 20:29 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-26 20:29 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-26 20:29 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-26 20:29 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-26 20:29 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-26 20:29 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-26 20:28 . 2007-12-26 20:29 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-12-26 15:29 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-12-26 15:29 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2007-12-25 21:52 . 2007-12-25 22:03 <DIR> d-------- C:\Programfiler\SignSIS-GUI 2007-12-25 20:54 . 2007-12-25 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2007-12-25 20:53 . 2007-12-25 20:53 <DIR> d-------- C:\Programfiler\DIFX 2007-12-25 20:53 . 2007-12-26 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Nokia 2007-12-25 20:52 . 2007-12-25 20:52 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2007-12-25 20:52 . 2007-12-25 20:52 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2007-12-25 20:52 . 2007-12-26 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\PC Suite 2007-12-18 08:39 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-18 08:39 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-18 08:36 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-18 08:36 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-17 08:13 . 2007-12-17 08:13 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Autograph 2007-12-14 09:36 . 2007-12-14 09:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Autograph 3 2007-12-14 09:36 . 2007-12-14 09:38 <DIR> d-------- C:\Programfiler\Autograph 3.20 2007-12-05 17:45 . 2007-12-05 17:45 32 --a------ C:\WINDOWS\FXMathsSub.ini 2007-12-05 17:45 . 2007-12-05 17:45 32 --a------ C:\WINDOWS\FXE300REG.ini 2007-12-04 09:26 . 2007-12-13 12:07 <DIR> d-------- C:\Programfiler\Clue . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 14:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-01-02 20:15 --------- d-----w C:\Documents and Settings\Administrator\Programdata\LimeWire 2007-12-25 19:52 --------- d-----w C:\Programfiler\Nokia 2007-12-25 19:52 --------- d-----w C:\Programfiler\Fellesfiler\Nokia 2007-12-25 19:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2007-12-17 10:58 --------- d-----w C:\Programfiler\Algebra Help 2007-12-17 10:25 --------- d-----w C:\Programfiler\Graph 2007-12-13 11:54 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2007-12-09 15:32 --------- d-----w C:\Programfiler\Windows Live 2007-12-04 07:29 --------- d-----w C:\Programfiler\Java 2007-11-28 13:09 --------- d-----w C:\Programfiler\LimeWire 2007-11-28 10:36 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Azureus 2007-11-26 21:42 --------- d-----w C:\Programfiler\NSS 2007-11-26 12:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nokia 2007-11-22 16:49 --------- d-----w C:\Programfiler\Azureus 2007-11-22 16:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus 2007-11-16 09:36 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AVG7 2007-11-14 12:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-14 11:22 --------- d-----w C:\Programfiler\GeoGebra 2007-11-14 11:20 --------- d-----w C:\Programfiler\Efofex 2007-11-14 11:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Efofex 2007-11-14 10:31 --------- d-----w C:\Programfiler\TI Education 2007-11-14 10:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-14 10:20 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Winamp 2007-11-14 10:04 --------- d-----w C:\Programfiler\Winamp 2007-11-14 09:49 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-14 09:28 --------- d-----w C:\Programfiler\Opera 2007-11-13 15:04 --------- d-----w C:\Programfiler\MSXML 4.0 2007-11-13 14:59 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-13 14:58 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-13 14:55 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-11-13 14:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69}] 2008-01-01 16:35 229888 --a------ C:\WINDOWS\toprates.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 03:01 503808] "TpShocks"="TpShocks.exe" [2005-11-07 10:14 106496 C:\WINDOWS\system32\TpShocks.exe] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 06:27 860160] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 00:13 151552] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-26 00:13 208896] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 12:09 409600] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 11:59 98304] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 16:15 94208] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-01-10 09:44 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-01-10 09:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-01-10 09:45 114688] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 08:35 579072] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 06:28 36352] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-13 15:55 219136] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 2005-07-05 22:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 14:58] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-04-27 15:45] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 08:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-12 23:33] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 11:18] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 00:13] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-03-30 14:03] R3 TPM;Winbond Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 20:35] S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 15:45] S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 15:44] *Newly Created Service* - AAWSERVICE *Newly Created Service* - PROCEXP90 *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2008-01-04 07:03:03 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 08:45:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\ACHelper.dll -> C:\WINDOWS\system32\tphklock.dll -> C:\WINDOWS\system32\notifyf2.dll . Completion time: 2008-01-04 8:45:46 . 2007-12-28 19:01:02 --- E O F --- HijackThis-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:47:29, on 04.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\CNAC1RPK.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf-f.kommune.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sf-f.kommune.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Rates - {0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69} - C:\WINDOWS\toprates.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Oppdater ThinkPad-programvare - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programfiler\Lenovo\PkgMgr\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156239285787 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: System Update (SUService) - - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe -- End of file - 10088 bytes Lenke til kommentar
norbat Skrevet 4. januar 2008 Rapporter Del Skrevet 4. januar 2008 Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: Rates - {0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69} - C:\WINDOWS\toprates.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) Bruk utforsker til å slette fila (i fet): C:\WINDOWS\toprates.dll Hent Smitfraudfix, legg det på skrivebordet Kjør Smitfraudfix, velg valg 1. Post loggen + ny hjt-logg Lenke til kommentar
2bb1 Skrevet 4. januar 2008 Forfatter Rapporter Del Skrevet 4. januar 2008 Den filen du ville jeg skulle slette manuelt, finnes ikke lenger (etter at jeg gjorde det første du sa om HjT). Men nå ser den spyware-popupen ut til å være forsvunnet! Her er nye logger: Smitfraudfix-logg: Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.274 Scan done at 22:18:22,87, 04.01.2008 Run from C:\Documents and Settings\Administrator\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\CNAC1RPK.EXE C:\Programfiler\Opera\Opera.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DATA\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min gjeldende hjemmeside" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 2915ABG Network Connection - Miniport for pakkeplanlegger DNS Server Search Order: 10.0.0.138 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DCA7EDE7-AD27-4D29-A132-42BC40D7D92F}: DhcpNameServer=10.0.0.138 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Ny HjT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:11, on 04.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\CNAC1RPK.EXE C:\Programfiler\Opera\Opera.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf-f.kommune.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sf-f.kommune.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Oppdater ThinkPad-programvare - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programfiler\Lenovo\PkgMgr\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156239285787 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: System Update (SUService) - - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe -- End of file - 9804 bytes Lenke til kommentar
norbat Skrevet 4. januar 2008 Rapporter Del Skrevet 4. januar 2008 (endret) Fint. Kunne du ha kjørt combofix en gang til og lagt ut loggen? Endret 4. januar 2008 av norbat Lenke til kommentar
2bb1 Skrevet 5. januar 2008 Forfatter Rapporter Del Skrevet 5. januar 2008 Ny Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-01-04.1 - Administrator 2008-01-05 16:30:46.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1026 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))) . 2008-01-04 22:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-04 22:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-04 22:18 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-04 22:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-04 22:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-04 22:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-04 22:18 . 2008-01-04 22:18 4,050 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-04 08:25 . 2008-01-04 22:16 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-01-04 08:20 . 2008-01-04 08:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-04 08:20 . 2008-01-04 08:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-04 08:20 . 2008-01-04 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-01-04 08:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 08:18 . 2008-01-04 08:18 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-03 14:33 . 2008-01-03 14:33 <DIR> d-------- C:\Programfiler\Lavasoft 2008-01-03 14:32 . 2008-01-04 08:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-03 14:32 . 2008-01-03 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-03 10:32 . 2008-01-03 10:32 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-03 08:00 . 2008-01-03 08:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel 2008-01-03 08:00 . 2008-01-03 08:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel 2008-01-03 07:59 . 2008-01-03 07:59 <DIR> d-------- C:\Documents and Settings\Stdbruker\Mine dokumenter 2008-01-02 20:17 . 2008-01-02 23:34 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-02 19:59 . 2008-01-02 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Ahead 2008-01-02 19:56 . 2008-01-02 19:56 <DIR> d-------- C:\Programfiler\Nero 2008-01-02 19:56 . 2008-01-02 20:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-01-01 16:31 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-01-01 16:31 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-01-01 12:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-01 12:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-01 12:24 . 2003-01-17 15:00 90,176 --a------ C:\WINDOWS\system32\CNAC1SMK.DLL 2008-01-01 12:24 . 2003-01-17 15:00 81,920 --a------ C:\WINDOWS\system32\CNAC1EMU.DLL 2008-01-01 12:24 . 2003-01-17 15:00 49,220 --a------ C:\WINDOWS\system32\CNAC1RPK.EXE 2008-01-01 12:24 . 2003-01-17 15:00 28,743 --a------ C:\WINDOWS\system32\CNAC1LMK.DLL 2008-01-01 12:24 . 2003-01-17 15:00 28,672 --a------ C:\WINDOWS\system32\CNAC1PTU.DLL 2008-01-01 12:22 . 2008-01-01 12:25 <DIR> d-------- C:\Programfiler\Canon 2007-12-31 21:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-31 21:59 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-12-28 19:02 . 2007-12-28 19:02 <DIR> d-------- C:\Programfiler\DVD Shrink 2007-12-28 19:02 . 2007-12-28 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink 2007-12-26 20:29 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-26 20:29 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-26 20:29 . 2007-07-01 04:36 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-26 20:29 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-26 20:29 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-26 20:29 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-26 20:29 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-26 20:29 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-26 20:29 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-26 20:28 . 2007-12-26 20:29 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-12-26 15:29 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-12-26 15:29 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2007-12-25 21:52 . 2007-12-25 22:03 <DIR> d-------- C:\Programfiler\SignSIS-GUI 2007-12-25 20:54 . 2007-12-25 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2007-12-25 20:53 . 2007-12-25 20:53 <DIR> d-------- C:\Programfiler\DIFX 2007-12-25 20:53 . 2007-12-26 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Nokia 2007-12-25 20:52 . 2007-12-25 20:52 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2007-12-25 20:52 . 2007-12-25 20:52 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2007-12-25 20:52 . 2007-12-26 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\PC Suite 2007-12-18 08:39 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-18 08:39 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-18 08:36 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-18 08:36 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-17 08:13 . 2007-12-17 08:13 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Autograph 2007-12-14 09:36 . 2007-12-14 09:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Autograph 3 2007-12-14 09:36 . 2007-12-14 09:38 <DIR> d-------- C:\Programfiler\Autograph 3.20 2007-12-05 17:45 . 2007-12-05 17:45 32 --a------ C:\WINDOWS\FXMathsSub.ini 2007-12-05 17:45 . 2007-12-05 17:45 32 --a------ C:\WINDOWS\FXE300REG.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 14:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-01-02 20:15 --------- d-----w C:\Documents and Settings\Administrator\Programdata\LimeWire 2007-12-25 19:52 --------- d-----w C:\Programfiler\Nokia 2007-12-25 19:52 --------- d-----w C:\Programfiler\Fellesfiler\Nokia 2007-12-25 19:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2007-12-17 10:58 --------- d-----w C:\Programfiler\Algebra Help 2007-12-17 10:25 --------- d-----w C:\Programfiler\Graph 2007-12-13 11:54 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2007-12-13 11:07 --------- d-----w C:\Programfiler\Clue 2007-12-09 15:32 --------- d-----w C:\Programfiler\Windows Live 2007-12-04 07:29 --------- d-----w C:\Programfiler\Java 2007-11-28 13:09 --------- d-----w C:\Programfiler\LimeWire 2007-11-28 10:36 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Azureus 2007-11-26 21:42 --------- d-----w C:\Programfiler\NSS 2007-11-26 12:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nokia 2007-11-22 16:49 --------- d-----w C:\Programfiler\Azureus 2007-11-22 16:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus 2007-11-16 09:36 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AVG7 2007-11-14 12:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-14 11:22 --------- d-----w C:\Programfiler\GeoGebra 2007-11-14 11:20 --------- d-----w C:\Programfiler\Efofex 2007-11-14 11:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Efofex 2007-11-14 10:31 --------- d-----w C:\Programfiler\TI Education 2007-11-14 10:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-14 10:20 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Winamp 2007-11-14 10:04 --------- d-----w C:\Programfiler\Winamp 2007-11-14 09:49 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-14 09:28 --------- d-----w C:\Programfiler\Opera 2007-11-13 15:04 --------- d-----w C:\Programfiler\MSXML 4.0 2007-11-13 14:59 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-13 14:58 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-13 14:55 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-11-13 14:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-04_ 8.23.02,90 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-03 07:00:43 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-04 21:12:49 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-03 07:00:43 71,118 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-01-04 21:12:49 71,118 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-01-03 07:00:43 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-04 21:12:49 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-03 07:00:43 405,514 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-01-04 21:12:49 405,514 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 03:01 503808] "TpShocks"="TpShocks.exe" [2005-11-07 10:14 106496 C:\WINDOWS\system32\TpShocks.exe] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 06:27 860160] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 00:13 151552] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-26 00:13 208896] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 12:09 409600] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 11:59 98304] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 16:15 94208] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-01-10 09:44 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-01-10 09:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-01-10 09:45 114688] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 08:35 579072] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 06:28 36352] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-13 15:55 219136] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 2005-07-05 22:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 14:58] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-04-27 15:45] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 08:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-12 23:33] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 11:18] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 00:13] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-03-30 14:03] R3 TPM;Winbond Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 20:35] S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-04-12 15:45] S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 15:44] . Contents of the 'Scheduled Tasks' folder "2008-01-04 22:33:10 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 16:32:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\ACHelper.dll -> C:\WINDOWS\system32\tphklock.dll -> C:\WINDOWS\system32\notifyf2.dll . Completion time: 2008-01-05 16:32:36 ComboFix2.txt 2008-01-04 07:45:47 . 2007-12-28 19:01:02 --- E O F --- Lenke til kommentar
norbat Skrevet 5. januar 2008 Rapporter Del Skrevet 5. januar 2008 Ser fint ut. Du kan fjerne de programmene du har brukt evt. behold de du mener du trenger. Combofix bør uansett fjernes da prog. oppdateres jevnlig. Du kan fjerne det ved å gjøre følgende: Klikk: Start->Kjør Skriv: ComboFix /u Combofix vil starte og deretter avinstallere seg. Kjør gjerne en runde med CCleaner slik at du får fjerne temp-filer etc. Du bør tilslutt nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
2bb1 Skrevet 5. januar 2008 Forfatter Rapporter Del Skrevet 5. januar 2008 Ok, da var det gjort Tusen takk for hjelpen, nok en gang! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå