Manhatten Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 (endret) Hei, var dum og tok en sjans og åpnet en fil jeg ikke burde. Trodde jeg skulle greie dette selv, men blir ikke kvitt disse "Windowsn Security Alert" med jevne mellomrom. Håper noen er snille og hjelper meg. Hadde en prosess med russisk navn i går som jeg ikke kan se i dag. Har kjørt Adaware og Superantispyware. Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:22:02, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\NextGenTel Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NextGenTel Internet Security\Common\FCH32.EXE C:\Program Files\NextGenTel Internet Security\Common\FAMEH32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsqh.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fssm32.exe C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsus.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE F:\Program Files\Winamp\Winampa.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe C:\Program Files\Jensen AirLink\AWU.exe F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\NextGenTel Internet Security\FSGUI\fsguidll.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [WinampAgent] "f:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" O4 - HKLM\..\Run: [AWU] "C:\Program Files\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [iTPIPSetup] "k:\829812ee21fbba3a3d5a9c\setupstb.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\NextGenTel Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaunchList] f:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "f:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [zrvksuqm] C:\WINDOWS\system32\kpirqdkz.exe O4 - HKCU\..\Run: [mhpevnla] C:\WINDOWS\system32\mjwzyjmf.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [11EZpQqXeR] C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: sxfnewqb - {BA7CDEEC-3430-42C7-956F-8D04A1FDCAEE} - C:\WINDOWS\sxfnewqb.dll O21 - SSODL: fkdnrwsv - {784A4A55-C50E-450A-8917-FFD59B8C08AF} - C:\WINDOWS\fkdnrwsv.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11313 bytes > Endret 1. april 2008 av Manhatten Lenke til kommentar
r2d290 Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 var litt grums her... følg langversjonen i denne tråden: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
Manhatten Skrevet 1. april 2008 Forfatter Rapporter Del Skrevet 1. april 2008 Takk for hjelpen så langt, har fulgt langversjonen og her er logger: Combofix log: Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-03-30.5 - Espen 2008-04-01 18:20:42.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.859 [GMT 2:00] Running from: C:\Documents and Settings\Espen\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Espen\Desktop\Error Cleaner.url C:\Documents and Settings\Espen\Desktop\Privacy Protector.url C:\Documents and Settings\Espen\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Espen\Desktopblackbird.jpg C:\Documents and Settings\Espen\DesktopEditorFKWP1.5.exe C:\Documents and Settings\Espen\DesktopEditorFKWP2.0.exe C:\Documents and Settings\Espen\Desktopfilemanagerclient.exe C:\Documents and Settings\Espen\Desktopfkwp1.5.exe C:\Documents and Settings\Espen\Desktopfkwp2.0.exe C:\Documents and Settings\Espen\Desktopfwebd.exe C:\Documents and Settings\Espen\DesktopFWebdEditor.exe C:\Documents and Settings\Espen\DesktopTrojan.Win32.BlackBird.exe C:\Documents and Settings\Espen\Desktopvirii C:\Documents and Settings\Espen\Favorites\Error Cleaner.url C:\Documents and Settings\Espen\Favorites\Privacy Protector.url C:\Documents and Settings\Espen\Favorites\Spyware&Malware Protection.url C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\fkdnrwsv.dll C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\rs.txt C:\WINDOWS\sxfnewqb.dll C:\WINDOWS\system32akttzn.exe C:\WINDOWS\system32anticipator.dll C:\WINDOWS\system32awtoolb.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32bsva-egihsg52.exe C:\WINDOWS\system32dpcproxy.exe C:\WINDOWS\system32emesx.dll C:\WINDOWS\system32h@tkeysh@@k.dll C:\WINDOWS\system32hoproxy.dll C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32hxiwlgpm.exe C:\WINDOWS\system32medup012.dll C:\WINDOWS\system32medup020.dll C:\WINDOWS\system32msgp.exe C:\WINDOWS\system32msnbho.dll C:\WINDOWS\system32mssecu.exe C:\WINDOWS\system32msvchost.exe C:\WINDOWS\system32mtr2.exe C:\WINDOWS\system32mwin32.exe C:\WINDOWS\system32netode.exe C:\WINDOWS\system32newsd32.exe C:\WINDOWS\system32ps1.exe C:\WINDOWS\system32psof1.exe C:\WINDOWS\system32psoft1.exe C:\WINDOWS\system32regc64.dll C:\WINDOWS\system32regm64.dll C:\WINDOWS\system32Rundl1.exe C:\WINDOWS\system32smp C:\WINDOWS\system32smp\msrc.exe C:\WINDOWS\system32sncntr.exe C:\WINDOWS\system32ssurf022.dll C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32ssvchost.exe C:\WINDOWS\system32sysreq.exe C:\WINDOWS\system32temp#01.exe C:\WINDOWS\system32thun.dll C:\WINDOWS\system32thun32.dll C:\WINDOWS\system32taack.dat C:\WINDOWS\system32taack.exe C:\WINDOWS\system32VBIEWER.OCX C:\WINDOWS\system32vbsys2.dll C:\WINDOWS\system32vcatchpi.dll C:\WINDOWS\system32winlogonpc.exe C:\WINDOWS\system32winsystem.exe C:\WINDOWS\system32WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))) . 2008-04-01 18:14 . 2008-04-01 18:14 4,958,588 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-20021102}.BAK 2008-04-01 15:10 . 2008-04-01 15:10 <DIR> d-------- C:\Documents and Settings\Espen\Application Data\TmpRecentIcons 2008-03-31 22:18 . 2008-03-31 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-31 22:17 . 2008-03-31 22:17 <DIR> d-------- C:\Documents and Settings\Espen\Application Data\SUPERAntiSpyware.com 2008-03-31 22:10 . 2008-03-31 22:10 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-31 22:05 . 2008-03-31 22:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-31 22:04 . 2008-03-31 22:09 <DIR> d-------- C:\Documents and Settings\Espen\.housecall6.6 2008-03-31 20:06 . 2008-03-31 20:06 <DIR> d-------- C:\Documents and Settings\Espen\Application Data\F-Secure 2008-03-31 20:01 . 2008-03-31 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-31 20:01 . 2008-03-31 20:15 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-03-31 20:01 . 2008-03-31 20:15 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-03-31 20:00 . 2008-03-31 20:34 <DIR> d-------- C:\Program Files\NextGenTel Internet Security 2008-03-31 19:59 . 2008-03-31 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-31 18:26 . 2008-03-31 18:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-31 18:26 . 2008-03-31 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-31 16:32 . 2003-09-16 01:19 10,240 --a------ C:\WINDOWS\system32\virport.dll 2008-03-31 15:03 . 2008-03-31 15:03 <DIR> d-------- C:\Program Files\Secway 2008-03-27 18:24 . 2008-03-27 18:24 <DIR> d-------- C:\Documents and Settings\Espen\Application Data\Sony Ericsson 2008-03-27 18:10 . 2008-03-27 18:10 0 --a------ C:\WINDOWS\mngui.INI 2008-03-27 18:09 . 2007-04-24 12:33 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys 2008-03-27 18:09 . 2007-04-24 12:33 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys 2008-03-27 18:08 . 2007-04-24 12:33 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys 2008-03-27 18:08 . 2007-04-24 12:33 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys 2008-03-27 18:08 . 2007-04-24 12:33 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys 2008-03-27 18:08 . 2007-04-24 12:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys 2008-03-27 18:08 . 2007-04-24 12:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys 2008-03-27 18:08 . 2007-04-24 12:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys 2008-03-27 18:08 . 2007-04-24 12:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys 2008-03-27 18:06 . 2008-03-27 18:10 <DIR> d-------- C:\Documents and Settings\Stine\Application Data\Teleca 2008-03-27 18:03 . 2008-03-27 18:03 <DIR> d-------- C:\Documents and Settings\Stine\Application Data\Sony Ericsson 2008-03-27 18:02 . 2008-03-27 18:03 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-03-27 18:02 . 2008-03-27 18:03 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-03-27 18:01 . 2008-03-27 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-03-27 14:02 . 2008-03-27 14:02 <DIR> d-------- C:\Program Files\iPod 2008-03-27 14:01 . 2008-03-31 20:08 <DIR> d-------- C:\Program Files\Bonjour 2008-03-27 13:56 . 2008-03-27 13:56 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-27 13:53 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-03-19 16:27 . 2008-03-19 16:34 <DIR> d-------- C:\Documents and Settings\Kjersti\Contacts 2008-03-16 21:12 . 2003-03-19 12:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll 2008-03-06 21:42 . 2008-03-06 21:42 <DIR> d-------- C:\Xobni 2008-03-06 19:43 . 2008-03-06 19:44 <DIR> d-------- C:\Program Files\Windows Live 2008-03-06 19:43 . 2008-03-06 19:43 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-06 19:43 . 2008-03-06 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-31 20:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-31 17:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-31 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-31 17:51 --------- d-----w C:\Program Files\Symantec 2008-03-31 17:06 --------- d-----w C:\Documents and Settings\Espen\Application Data\Azureus 2008-03-31 14:19 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-31 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-31 14:16 --------- d-----w C:\Program Files\Canon 2008-03-30 12:34 --------- d-----w C:\Documents and Settings\Espen\Application Data\DVD Profiler 2008-03-28 22:42 --------- d-----w C:\Program Files\QuickTime 2008-03-28 14:07 --------- d-----w C:\Documents and Settings\Espen\Application Data\Apple Computer 2008-03-27 16:16 --------- d-----w C:\Documents and Settings\Stine\Application Data\Apple Computer 2008-03-27 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-03-27 16:02 --------- d-----w C:\Program Files\Sony Ericsson 2008-03-27 15:40 --------- d-----w C:\Program Files\Java 2008-03-16 21:39 --------- d-----w C:\Program Files\JLC's Software 2008-03-13 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-18 10:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2003-09-15 23:19 99,544 ----a-w C:\WINDOWS\inf\virprn.exe 2003-09-15 23:19 90,624 ----a-w C:\WINDOWS\inf\prtproc.dll 2003-09-15 23:19 18,950 ----a-w C:\WINDOWS\inf\virpntd.dll 2003-09-15 23:19 10,240 ----a-w C:\WINDOWS\inf\virport.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264] "LaunchList"="f:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496] "Sony Ericsson PC Suite"="f:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [ ] "zrvksuqm"="C:\WINDOWS\system32\kpirqdkz.exe" [ ] "mhpevnla"="C:\WINDOWS\system32\mjwzyjmf.exe" [ ] "SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 13:00 335872] "CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "WinampAgent"="f:\Program Files\Winamp\Winampa.exe" [2002-04-26 19:53 12288] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "Windows Defender"="F:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 16:05 90112] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968] "OpwareSE2"="F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "WD Button Manager"="WDBtnMgr.exe" [2007-04-15 11:52 364544 C:\WINDOWS\system32\WDBtnMgr.exe] "WD Spindown Utility"="C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 15:15 278528] "AWU"="C:\Program Files\Jensen AirLink\AWU.exe" [2005-08-09 08:50 307200] "ITPIPSetup"="k:\829812ee21fbba3a3d5a9c\setupstb.exe" [ ] "Adobe Photo Downloader"="F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 06:32 61440] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Virtual PDF Printer"="C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe" [ ] "F-Secure Manager"="C:\Program Files\NextGenTel Internet Security\Common\FSM32.exe" [2008-02-13 12:38 184800] "F-Secure TNB"="C:\Program Files\NextGenTel Internet Security\FSGUI\TNBUtil.exe" [2008-02-13 12:38 741800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360] "Picasa Media Detector"="f:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\system32\narrator.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "11EZpQqXeR"= C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "F:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "F:\\Program Files\\DC++\\DCPlusPlus.exe"= "F:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"= "F:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "F:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "F:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"= "F:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "F:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "41952:TCP"= 41952:TCP:tversity R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-31 20:15] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\NextGenTel Internet Security\HIPS\fshs.sys [2008-03-31 20:14] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\NextGenTel Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-02-13 12:38] R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 14:51] S3 evomouflt;Evoluent Mouse Filter Service;C:\WINDOWS\system32\DRIVERS\evomouflt.sys [2007-06-13 22:28] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33] S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 08:52] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 12:16] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\NextGenTel Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 12:38] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\NextGenTel Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-02-13 12:38] . Contents of the 'Scheduled Tasks' folder "2008-04-01 16:18:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - F:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 18:23:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-01 18:23:57 ComboFix-quarantined-files.txt 2008-04-01 16:23:46 Pre-Run: 6,060,367,872 bytes free Post-Run: 6,044,844,032 bytes free . 2008-03-28 12:03:48 --- E O F --- > SAS log: Klikk for å se/fjerne innholdet nedenfor <SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 04/01/2008 at 06:10 PM Application Version : 4.0.1154 Core Rules Database Version : 3427 Trace Rules Database Version: 1419 Scan type : Complete Scan Total Scan Time : 00:35:18 Memory items scanned : 570 Memory threats detected : 0 Registry items scanned : 6002 Registry threats detected : 1 File items scanned : 23180 File threats detected : 15 Browser Hijacker.Internet Explorer Settings Hijack HKU\S-1-5-21-117609710-299502267-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ] Desktop Hijacker.AboutYourPrivacy C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\images C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\privacy_danger C:\Documents and Settings\Espen\Desktop\Error Cleaner.url C:\Documents and Settings\Espen\Desktop\Privacy Protector.url C:\Documents and Settings\Espen\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Espen\Favorites\Error Cleaner.url C:\Documents and Settings\Espen\Favorites\Privacy Protector.url C:\Documents and Settings\Espen\Favorites\Spyware&Malware Protection.url Adware.SXGAdvisor-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{D62BB8D4-A581-451B-87B4-9FD8F23BF5C8}\RP470\A0066388.DLL Trojan.Unclassified/GTS C:\SYSTEM VOLUME INFORMATION\_RESTORE{D62BB8D4-A581-451B-87B4-9FD8F23BF5C8}\RP470\A0066389.DLL > Hijack log: Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:35:43, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NextGenTel Internet Security\Common\FSMB32.EXE C:\Program Files\NextGenTel Internet Security\Common\FCH32.EXE C:\Program Files\NextGenTel Internet Security\Common\FAMEH32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsqh.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fssm32.exe C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsus.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE F:\Program Files\Winamp\Winampa.exe F:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe C:\Program Files\Jensen AirLink\AWU.exe F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\NextGenTel Internet Security\FSGUI\fsguidll.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Opera\Opera.exe C:\WINDOWS\explorer.exe F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Espen\Desktop\hidss\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [WinampAgent] "f:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" O4 - HKLM\..\Run: [AWU] "C:\Program Files\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [iTPIPSetup] "k:\829812ee21fbba3a3d5a9c\setupstb.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\NextGenTel Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaunchList] f:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "f:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [zrvksuqm] C:\WINDOWS\system32\kpirqdkz.exe O4 - HKCU\..\Run: [mhpevnla] C:\WINDOWS\system32\mjwzyjmf.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [11EZpQqXeR] C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 10789 bytes > Lenke til kommentar
r2d290 Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 (endret) Combofix fikk med seg en hel del, og SAS en annen del edit: fjernet unødvendig info Endret 1. april 2008 av r2d290 Lenke til kommentar
snippsat Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 (endret) Hei! Kopiere fet tekst->lim inn i notisblokk. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet,Post logg c:\combofix.txt File:: C:\WINDOWS\inf\virprn.exe C:\WINDOWS\inf\prtproc.dll C:\WINDOWS\inf\virpntd.dll C:\WINDOWS\inf\virport.dll C:\WINDOWS\system32\kpirqdkz.exe C:\WINDOWS\system32\mjwzyjmf.exe C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe C:\WINDOWS\sxfnewqb.dll C:\WINDOWS\fkdnrwsv.dll Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zrvksuqm"=- "mhpevnla"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "11EZpQqXeR"=- Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t" Kjør register-renser og"svar ja til og reparere" Restart og en ny HijackThis logg. Endret 1. april 2008 av SNIPPSAT Lenke til kommentar
r2d290 Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 En tilføyning på snippsat sitt inlegg: kjør registerrenser FLERE GANGER, da den som oftest ikke klarer å fikse alt første gang.. alle feil skal vekk. fortsett til det ikke er fler igjen... Lenke til kommentar
Manhatten Skrevet 1. april 2008 Forfatter Rapporter Del Skrevet 1. april 2008 Ny hijack log: Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:36:55, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE F:\Program Files\Winamp\Winampa.exe F:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe C:\Program Files\Jensen AirLink\AWU.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\NextGenTel Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\NextGenTel Internet Security\Common\FCH32.EXE C:\Program Files\NextGenTel Internet Security\Common\FAMEH32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsqh.exe C:\Program Files\NextGenTel Internet Security\FSGUI\fsguidll.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fssm32.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\test.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsav32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [WinampAgent] "f:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" O4 - HKLM\..\Run: [AWU] "C:\Program Files\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [iTPIPSetup] "k:\829812ee21fbba3a3d5a9c\setupstb.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\NextGenTel Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaunchList] f:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [11EZpQqXeR] C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 10313 bytes > Lenke til kommentar
snippsat Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKLM\..\Policies\Explorer\Run: [11EZpQqXeR] C:\Documents and Settings\All Users\Application Data\cfczojar\unirsvij.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Du har rester fra norton som kjører Norton-Removal-Tool Restart og en ny HijackThis logg. Endret 1. april 2008 av SNIPPSAT Lenke til kommentar
Manhatten Skrevet 1. april 2008 Forfatter Rapporter Del Skrevet 1. april 2008 Ny logg, tusen takk for at dere gidder å ta tid til å hjelpe! PC-en virker helt fin nå. Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:23:20, on 01.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\CTHELPER.EXE F:\Program Files\Winamp\Winampa.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\FSGK32.EXE F:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe C:\Program Files\Jensen AirLink\AWU.exe F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\NextGenTel Internet Security\Common\FSMB32.EXE C:\Program Files\NextGenTel Internet Security\Common\FCH32.EXE C:\Program Files\NextGenTel Internet Security\Anti-Virus\fssm32.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsqh.exe C:\Program Files\NextGenTel Internet Security\Common\FAMEH32.EXE C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\NextGenTel Internet Security\FSGUI\fsguidll.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsus.exe C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [WinampAgent] "f:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" O4 - HKLM\..\Run: [AWU] "C:\Program Files\Jensen AirLink\AWU.exe" -nogui O4 - HKLM\..\Run: [iTPIPSetup] "k:\829812ee21fbba3a3d5a9c\setupstb.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\NextGenTel Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\NextGenTel Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaunchList] f:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Jensen Air:Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\NextGenTel Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- End of file - 10010 bytes > Lenke til kommentar
snippsat Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 (endret) Da ser det bra ut Bruk pcen litt kjører den greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Fortsett og bruk SAS og ccleaner. Defragmering kan være greit og gjøre nå. Auslogics Disk Defrag + Free Registry Defrag Surf trygt. Endret 1. april 2008 av SNIPPSAT Lenke til kommentar
Manhatten Skrevet 1. april 2008 Forfatter Rapporter Del Skrevet 1. april 2008 Flott!! Er det å anbefale å bruke det programmet du linker til for defragentering, kontra Windows eget? Lenke til kommentar
snippsat Skrevet 1. april 2008 Rapporter Del Skrevet 1. april 2008 Ja helt klart raskere og bedere Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå