Trojaner og malware noen som kan hjelpe meg?

adservio · 25. mars 2008

Min datter har fått trojaner og malware på maskinen sin :hmm: å det krever mer kunnskap enn jeg har, er der noen som kan se igjennom denne hijackthis logfilen for meg? På for hånd takk

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:44:28, on 25.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\PowerKey.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSDCtrl.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\QuickTime\qttask.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Launch Manager\ChkMail.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.online.no/at/sikkerhet/nav.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programfiler\Netcraft Toolbar\nctb.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [ERScw] "C:\Programfiler\Fellesfiler\ErrorSafe\ERScw.exe" -c

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [smartDefrag] "C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [ChkMail] "C:\Programfiler\Launch Manager\ChkMail.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-2170510609-2826725583-3278818175-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Linda')

O4 - HKUS\S-1-5-21-2170510609-2826725583-3278818175-1005\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime (User 'Linda')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Linda\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://CD-en.drivecleaner.com/installdrivecleanerstart_no.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

r2d290 · 25. mars 2008

Ja der var det litt grums

kan du kjøre gjennom guiden (LANGVERSONEN) til norbat https://www.diskusjon.no/index.php?showtopic=691246 ?

loggene det blir spurt etter, poster du i denne tråden

adservio · 25. mars 2008

hei
jeg prøver å kjøre SAS men den har stått stille på en fil i over 30 min nå...hva gjør jeg når ikke den vil gå videre???

snippsat · 25. mars 2008

Sikkert en fil som er låst eller noe annet sas har problemer med.

Forsett bare,logge vi trenger nå er fra combofix.

Så kan vi rydde opp litt,og du kan prøve sas senere.

adservio · 25. mars 2008

Her er combofix.

ComboFix 08-03-25.1 - Lise 2008-03-25 20:21:51.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.133 [GMT 1:00]

Running from: C:\Documents and Settings\Lise\Lokale innstillinger\Temporary Internet Files\Content.IE5\AEOGT01K\ComboFix[1].exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Linda\err.log

C:\Documents and Settings\Linda\Programdata\DriveCleaner 2006 Free

C:\Documents and Settings\Linda\Programdata\DriveCleaner 2006 Free\Logs\update.log

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\Activate.log

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\update.log

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\Logs\winav.log

C:\Documents and Settings\Linda\Programdata\WinAntiVirus Pro 2006\PGE.dat

C:\Documents and Settings\Lise\err.log

C:\Documents and Settings\Lise\Programdata\DriveCleaner 2006 Free

C:\Documents and Settings\Lise\Programdata\DriveCleaner 2006 Free\Logs\update.log

C:\Programfiler\FunWebProducts

C:\Programfiler\FunWebProducts\ScreenSaver\Images\00809E06.urr

C:\Programfiler\FunWebProducts\ScreenSaver\Images\00B5A1CD.urr

C:\Programfiler\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html

C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Programfiler\internet explorer\msimg32.dll

C:\Programfiler\MyWebSearch

C:\Programfiler\MyWebSearch\bar\1.bin\F3BROVLY.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Programfiler\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Programfiler\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\m3Skin.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\m3SkPlay.exe

C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Programfiler\MyWebSearch\bar\Cache\00051A65.bin

C:\Programfiler\MyWebSearch\bar\Cache\00051C69.bin

C:\Programfiler\MyWebSearch\bar\Cache\00051E2E.bin

C:\Programfiler\MyWebSearch\bar\Cache\00051F86.bin

C:\Programfiler\MyWebSearch\bar\Cache\00063710.bin

C:\Programfiler\MyWebSearch\bar\Cache\00063971.bin

C:\Programfiler\MyWebSearch\bar\Cache\00063C50.bin

C:\Programfiler\MyWebSearch\bar\Cache\00063EF0.bin

C:\Programfiler\MyWebSearch\bar\Cache\00064113.bin

C:\Programfiler\MyWebSearch\bar\Cache\000E2B90

C:\Programfiler\MyWebSearch\bar\Cache\000EAC2A

C:\Programfiler\MyWebSearch\bar\Cache\001A6B1F

C:\Programfiler\MyWebSearch\bar\Cache\00408AC4

C:\Programfiler\MyWebSearch\bar\Cache\0040DFE9

C:\Programfiler\MyWebSearch\bar\Cache\007BF6CD

C:\Programfiler\MyWebSearch\bar\Cache\0265119E

C:\Programfiler\MyWebSearch\bar\Cache\files.ini

C:\Programfiler\MyWebSearch\bar\History\search2

C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat

C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\WINDOWS\system32\autorun.ini

C:\WINDOWS\system32\f3PSSavr.scr

.

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))

.

2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Documents and Settings\Lise\Programdata\SUPERAntiSpyware.com

2008-03-25 18:28 . 2008-03-25 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-25 18:23 . 2008-03-25 18:23 <DIR> dr-h----- C:\Documents and Settings\Lise\Siste

2008-03-25 15:21 . 2008-03-25 15:21 <DIR> d-------- C:\Documents and Settings\Linda\Programdata\Grisoft

2008-03-24 16:48 . 2008-03-24 16:48 <DIR> d-------- C:\Programfiler\Lavasoft

2008-03-24 16:48 . 2008-03-24 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-24 16:46 . 2008-03-24 16:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-24 16:41 . 2008-03-24 16:41 112 --a------ C:\WINDOWS\ChkMail.Ini

2008-03-24 02:08 . 2008-03-24 02:08 <DIR> d-------- C:\Programfiler\Netcraft Toolbar

2008-03-24 00:10 . 2008-03-24 00:10 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-24 00:00 . 2008-03-24 00:00 <DIR> d-------- C:\Programfiler\IObit

2008-03-23 23:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-23 23:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-23 23:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-23 23:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-23 23:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-23 23:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-23 23:17 . 2008-03-23 23:17 <DIR> d-------- C:\Programfiler\Alwil Software

2008-03-23 23:17 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-23 23:17 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\Lise\Programdata\Grisoft

2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-23 21:37 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-23 21:16 . 2008-03-23 21:16 <DIR> d--hs---- C:\FOUND.019

2008-03-23 13:21 . 2008-03-23 13:21 <DIR> d--hs---- C:\FOUND.018

2008-03-12 19:38 . 2008-03-12 19:38 <DIR> d--hs---- C:\FOUND.017

2008-03-11 16:45 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-03-11 16:45 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-03-09 10:58 . 2008-03-09 10:58 <DIR> d--hs---- C:\FOUND.016

2008-03-05 19:37 . 2008-03-05 19:37 <DIR> d--hs---- C:\FOUND.015

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-03-02 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-02 18:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-03-02 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-02 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-04-19 10:53 774,144 ----a-w C:\Programfiler\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

"MsnMsgr"="~C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]

"ChkMail"="C:\Programfiler\Launch Manager\ChkMail.exe" [2005-02-25 16:18 49152]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18 212992]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11 2889728]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]

"LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05 385024]

"HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]

"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]

"ERScw"="C:\Programfiler\Fellesfiler\ErrorSafe\ERScw.exe" [ ]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 14:17 115816]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 14:17 771704]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]

"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"SmartDefrag"="C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-07 23:29 2743552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\MSMSGS.EXE"=

"C:\\Programfiler\\eMule\\emule.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4662:TCP"= 4662:TCP:eMule

"4672:UDP"= 4672:UDP:eMule

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys []

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2007-02-08 13:30]

S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]

S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

*Newly Created Service* - AAWSERVICE

*Newly Created Service* - COMHOST

*Newly Created Service* - INT15.SYS

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

"2008-03-25 19:25:28 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2007-08-17 15:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-24 21:20:22 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Lise.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:

"2008-03-23 23:01:52 C:\WINDOWS\Tasks\SmartDefrag.job"

- C:\Programfiler\IObit\IObit SmartDefrag\schedule.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 20:29:01

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-25 20:30:52

ComboFix-quarantined-files.txt 2008-03-25 19:30:46

.

2008-03-13 09:21:41 --- E O F ---

norbat · 25. mars 2008

Kunne du ha forsøkt og kjørt SAS igjen nå, og sett om den fikk scanne ferdig?

adservio · 25. mars 2008

Hei igjen

SAS stoppet ved samme fila,scanningen fant ikke så mange threats nå,men den kommer ikke videre. Jeg får heller ikke avsluttet scanningen. virker som alt er låst...

snippsat · 25. mars 2008

Ser du filnavet bruker du denne på filen.

http://ccollomb.free.fr/unlocker

norbat · 25. mars 2008

Ja, hvilken fil er det SAS stopper på?

adservio · 25. mars 2008

den stopper på c:/document and settings/lise/send to/min K300i...

jeg prøvde å finne den uten hell, men prøver på nytt, er litt redd for å gjøre feil,med den unlockeren...har du en teskje forklaring?? er ikke så veldig flink :hmm:

snippsat · 25. mars 2008

K300i er det mobilen din.

Er nok noe software til den som stopper.

Start->min datamskin

verktøy->mappealternativer->vis->

Sett hake på "vis skjulte filer og mapper"

Fjern hake på "skjul beskyttede oprativsystem filer"

Du skal nå se all filer på pcen.

Install unlocker.

Gå til c:/document and settings/lise/send to/min K300i

Velg fil eller folder"høyere klikk og unlocker"

Endret 25. mars 2008 av SNIPPSAT

adservio · 25. mars 2008

velger jeg slett??

norbat · 25. mars 2008

Hvis K300i-mappa med innhold er noe som brukes, så tror jeg man skal tenke seg om før man begynner å slette noe derfra. At SAS 'låser' seg når den kommer til denne mappa, betyr ikke at det er malware

For å fortsette med rensingen av PC-en, så gjør du følgende:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Driver::

esff

Boonty Games

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ERScw"=-

Du trenger ikke å poste noen ny combofix-logg, da den heretter vil se grei ut.

Da det tydeligvis oppstår noe tull når SAS kjører scan mot k300i-mappa, så skal vi kjøre et annet antispywareprogram som forhåpentligvis får kjørt gjennom scannen:

Last ned MAM til skrivebordet.

Kjør fila og installer programmet.

La programmet oppdatere seg og velg å kjør en quick scan.

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Show Results-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Remove Selected -knappen for å fjerne malwaren som evt. ble funnet.

Når MAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste.

Endret 25. mars 2008 av norbat

adservio · 25. mars 2008

men holder det å ha kjørt unlocker, mappa blir ikke brukt.

norbat · 25. mars 2008

Hvis k300i ikke blir brukt opp mot PC-en, kan du se om det ligger noe program fra sony ericsson i legg til / fjern programmer. Avinstaller der i så fall derfra først for å se om ikke avinstalleringsprogrammet rydder opp etter seg.

Uansett, se tidligere post om et alternativt prog. for scan for malware.

25. mars 2008

Hvis SAS sitter fast på en fil, så prøv å skru av "Direct Disk Access" under "Preferences->Scanning Control". Kan være det hjelper. Er verdt er forsøk.

Endret 25. mars 2008 av medlem-105082

snippsat · 25. mars 2008

men holder det å ha kjørt unlocker, mappa blir ikke brukt

Kommer det ingen låshandterer,kan du bare flytte folder til en annen disk så lenge.

Eller så følger råd fra norbat og uberninja.

adservio · 26. mars 2008

endelig her er SAS logfile

maskinen er så treg og låser seg.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/26/2008 at 09:35 AM

Application Version : 4.0.1154

Core Rules Database Version : 3424

Trace Rules Database Version: 1404

Scan type : Complete Scan

Total Scan Time : 00:32:30

Memory items scanned : 357

Memory threats detected : 0

Registry items scanned : 4877

Registry threats detected : 5

File items scanned : 48090

File threats detected : 6

Adware.MyWebSearch

HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel

C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

Adware.Tracking Cookie

C:\Documents and Settings\Lise\Cookies\lise@adtech[1].txt

C:\Documents and Settings\Lise\Cookies\[email protected][1].txt

C:\Documents and Settings\Lise\Cookies\lise@mediaplex[1].txt

C:\Documents and Settings\Lise\Cookies\lise@tribalfusion[1].txt

C:\Documents and Settings\Lise\Cookies\lise@tradedoubler[1].txt

r2d290 · 26. mars 2008

og så ny hjt-logg

adservio · 26. mars 2008

og her er den :yes:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:27, on 2008-03-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe