Trulsz Skrevet 5. mai 2008 Skrevet 5. mai 2008 (endret) hello. Jeg logget nylig på PC-en min og merket at det ikke var som det skulle. "bakgrundsbildet" var byttet ut med et bilde som også var en link til et antivirus program (egentlig et VIRUS). I tillegg har jeg også fått 3 nye programmer instalert på PC-en: 1. Error cleaner 2. Spyware&... protection 3. Privacy protector. - I tillegg til dette får jeg hele tiden melding om at PC-en er infiltrert av spyware og noe som kalles : "Worm.Win32.netbooster". Da får jeg et tilbud om å laste ned antivirus programmet: ANTIVIRUSASKELADD! -> dette er et VIRUS. Men det som er problemet er at jeg ikke vet hvordan jeg skal bli kvitt dette... Virus-søkene jeg tar hjelper ikke, og hvis jeg deleter noe- er det tilbake når PC-en skrus på igjen. HJEEELP! -"Håper" noen har en løsning på dette. "skriv detaljer hvis det er mulig" Endret 13. mai 2008 av Trulsz
snippsat Skrevet 5. mai 2008 Skrevet 5. mai 2008 Hei! Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt
Trulsz Skrevet 5. mai 2008 Forfatter Skrevet 5. mai 2008 Hei!Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Jeg har kjørt "Combofix og fått loggen. Hva mener du med : "Post Logg C:\combofix.txt?" Hva er det
norbat Skrevet 5. mai 2008 Skrevet 5. mai 2008 Du merker all tekst (altså loggen), kopierer den og limer den inn i din neste post
Trulsz Skrevet 5. mai 2008 Forfatter Skrevet 5. mai 2008 Hei!Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Seriøst! TUSEN TAKK. Nå virker det som at jeg har fjærna det. var litt skummelt når jeg skrudde av PC-en for da hadde alt på PC-en forsvunnet og bare bakgrunsbildet var igjen;P Men jeg fikk opp task manager og ba den kjøre : Explorer- og da var alt normalt! takk Igjen!
norbat Skrevet 5. mai 2008 Skrevet 5. mai 2008 Finn loggen som combofix laget. Den vil ligge her: C:\combofix.txt (bruk utforsker til å finne denne fila) Dobbeltklikk på fila, og den vil åpne seg i notisblokk. Der merker du all tekst, kopierer, og limer den inn i din neste post. (Det kan fortsatt ligge filer på PC-en din som bør fjernes. Det kan evt. loggen vise)
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 (endret) Finn loggen som combofix laget. Den vil ligge her: C:\combofix.txt (bruk utforsker til å finne denne fila)Dobbeltklikk på fila, og den vil åpne seg i notisblokk. Der merker du all tekst, kopierer, og limer den inn i din neste post. (Det kan fortsatt ligge filer på PC-en din som bør fjernes. Det kan evt. loggen vise) Joa jeg finner og merker den fila i notisblokken, men jeg henger ikke helt med hvor jeg skal lime den inn i min "neste post". Hvilken post? Hvilke poster er det lissom jeg skal lime den inn i? -ps. det kom tilbake igjen;S Endret 6. mai 2008 av Trulsz
norbat Skrevet 6. mai 2008 Skrevet 6. mai 2008 Du klikker på 'Svar nå' og så limer du loggen rett inn i posten (innlegget ditt)
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Dette kom da jeg hadde tatt "Hijackthis" : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:21:27, on 06.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Fredrik\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOWS\qvlbodmnmle.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: mkrndofl - {091E4684-9A84-453B-A5AC-E82BCD2109E2} - C:\WINDOWS\mkrndofl.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9C7CDD-98FF-47E8-BC93-068B7984B8B4}: NameServer = 193.216.1.10 193.216.69.10 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O21 - SSODL: tdomgafw - {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll O21 - SSODL: wetkadmr - {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11274 bytes
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 (endret) Dette er fra Combofix!: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-01.3 - Fredrik 2008-05-06 15:25:05.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT 2:00] Running from: C:\Documents and Settings\Fredrik\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-05-05 15:02 . 2008-05-05 22:22 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\TmpRecentIcons 2008-05-05 08:18 . 2008-05-05 03:53 266,240 --a------ C:\WINDOWS\qvlbodmnmle.dll 2008-05-05 08:18 . 2008-05-05 03:53 225,280 --a------ C:\WINDOWS\wetkadmr.dll 2008-05-05 08:18 . 2008-05-05 03:53 200,704 --a------ C:\WINDOWS\mkrndofl.dll 2008-05-05 08:18 . 2008-05-05 03:53 196,608 --a------ C:\WINDOWS\tdomgafw.dll 2008-05-05 08:18 . 2008-05-05 03:53 94,208 --a------ C:\WINDOWS\svorbmke.exe 2008-05-05 08:18 . 2008-05-05 03:53 81,920 --a------ C:\WINDOWS\knxsrgte.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-05 13:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-25 20:20 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Azureus 2008-04-19 05:29 --------- d-----w C:\Program Files\World of Warcraft 2008-04-09 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-22 16:16 --------- d-----w C:\Program Files\MSBuild 2008-03-22 16:16 --------- d-----w C:\Program Files\Microsoft Works 2008-03-22 16:15 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-22 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-22 16:00 --------- d-----w C:\Program Files\Reference Assemblies 2008-03-22 15:59 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-22 15:27 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\AdobeUM 2008-03-21 13:12 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Lavasoft 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys 2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-06 15:02 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Beyond 2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2007-03-14 15:01 52,264 ----a-w C:\Documents and Settings\Fredrik\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-05-05_20.47.45,45 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-05 15:52:44 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-05-06 13:19:07 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}] 2008-05-05 03:53 266240 --a------ C:\WINDOWS\qvlbodmnmle.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{091E4684-9A84-453B-A5AC-E82BCD2109E2}"= "C:\WINDOWS\mkrndofl.dll" [2008-05-05 03:53 200704] [HKEY_CLASSES_ROOT\clsid\{091e4684-9a84-453b-a5ac-e82bcd2109e2}] [HKEY_CLASSES_ROOT\mkrndofl.1] [HKEY_CLASSES_ROOT\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}] [HKEY_CLASSES_ROOT\mkrndofl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "Steam"="c:\valve\steam\steam.exe" [2008-03-28 08:30 1271032] "ares"="C:\Program Files\Ares\Ares.exe" [ ] "WhenUSave"="C:\Program Files\Save\Save.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 13:23 135168] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE] "AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\SYSTEM32\REGSVR32.EXE] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 04:10 409600] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-08-15 11:25:47 917611] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "tdomgafw"= {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll [2008-05-05 03:53 196608] "wetkadmr"= {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll [2008-05-05 03:53 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\Steam.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\magnu_3k\\counter-strike\\hl.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\warcraft\\war3.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\counter-strike\\hl.exe"= "C:\\Program Files\\MultiHubSearch\\Multi-Hub-Search.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\condition zero\\hl.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\WoW-1.8.3.4807-to-0.9.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\Arathi_Basin_new_EG-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"= "C:\\Valve\\Steam\\SteamApps\\aafk\\counter-strike\\hl.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 15:49] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2002-12-09 13:06] R2 DiPort;Eicon Port Driver;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2004-01-20 12:27] R2 IAANTMon;IAA Event Monitor;C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 13:22] S3 BM;Novell Virtual Private Network Miniport;C:\WINDOWS\system32\DRIVERS\vptunnel.sys [2004-01-23 12:16] S3 DiWan;Eicon Driver for all Diva Client cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2004-02-27 16:05] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 14:12] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-23 13:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a> Rootkit scan 2008-05-06 15:27:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe" . Completion time: 2008-05-06 15:28:24 ComboFix-quarantined-files.txt 2008-05-06 13:28:17 ComboFix2.txt 2008-05-05 20:50:53 ComboFix3.txt 2008-05-05 19:02:28 Pre-Run: 162,688,155,648 bytes free Post-Run: 162,676,826,112 bytes free 195 --- E O F --- 2008-04-12 16:45:39 "Recovery console? Vet ikke om det var dette du mente NorBat, men håper det var det;P Endret 6. mai 2008 av Trulsz
r2d290 Skrevet 6. mai 2008 Skrevet 6. mai 2008 Ser riktig ut dette. Var litt grums her, ja. Last ned gratisversjonen avSUPERantispyware. Du vil få spørsmål om å oppdatere programmet, og da svarer du ja. Kjør deretter FULL scan (ikke quick). Det vil bli laget en logg, som du finner ved å: Starte programmet. Velg: Preferences->statistics/logs Denne loggen poster du her i forumet. Restart deretter maskinen, og post en ny hijackthis-logg
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Skal gjøre det r2d290.. Skriver tilbake når jeg har fått gjort dette.. -folk er veldig hjelpsomme må jeg si
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Holder på med superantispyware nå, og det ser ikke bra ut... flere hundre threats
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Jeg kjørte Superantispyware og dette er loggen: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/06/2008 at 08:45 PM Application Version : 4.0.1154 Core Rules Database Version : 3453 Trace Rules Database Version: 1445 Scan type : Complete Scan Total Scan Time : 00:34:21 Memory items scanned : 554 Memory threats detected : 4 Registry items scanned : 6246 Registry threats detected : 123 File items scanned : 21782 File threats detected : 121 Adware.Vundo-Variant/J C:\WINDOWS\TDOMGAFW.DLL C:\WINDOWS\TDOMGAFW.DLL C:\WINDOWS\WETKADMR.DLL C:\WINDOWS\WETKADMR.DLL Trojan.Unclassified/GTS C:\WINDOWS\MKRNDOFL.DLL C:\WINDOWS\MKRNDOFL.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32 HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32#ThreadingModel HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\ProgID HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\Programmable HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\TypeLib HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\VersionIndependentProgID HKCR\mkrndofl.1 HKCR\mkrndofl HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548} HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\win32 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\FLAGS HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\HELPDIR Adware.SXGAdvisor-A C:\WINDOWS\QVLBODMNMLE.DLL C:\WINDOWS\QVLBODMNMLE.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32 HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32#ThreadingModel HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\ProgID HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\Programmable HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\TypeLib HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\VersionIndependentProgID Adware.Tracking Cookie C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@casalemedia[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@apmebf[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@atdmt[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@serving-sys[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@clickaider[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@mediaplex[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@advancedcleaner[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@fastclick[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@statcounter[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@clicksor[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@burstnet[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@kontera[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tns-counter[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@imrworldwide[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@pornhub[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@nextag[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@overture[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@teenhitchhikers[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@doubleclick[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@smartadserver[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@2o7[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@questionmarket[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tribalfusion[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@specificclick[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@revenue[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adnetserver[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@advertising[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tacoda[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tradedoubler[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@xiti[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@atwola[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@interclick[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@pro-market[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@antispywaremaster[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[4].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adbrite[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@bravenet[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][4].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@revsci[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@insightexpressai[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adtech[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@hothousemedia[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\bep@advertising[2].txt C:\Documents and Settings\BEP\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@atdmt[2].txt C:\Documents and Settings\BEP\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\bep@casalemedia[1].txt C:\Documents and Settings\BEP\Cookies\bep@doubleclick[1].txt C:\Documents and Settings\BEP\Cookies\bep@imrworldwide[2].txt C:\Documents and Settings\BEP\Cookies\bep@mediaplex[1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@serving-sys[1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@tradedoubler[1].txt C:\Documents and Settings\BEP\Cookies\bep@tribalfusion[2].txt Adware.WhenU HKCR\ACM.ACMFactory HKCR\ACM.ACMFactory\CLSID HKCR\ACM.ACMFactory\CurVer HKCR\ACM.ACMFactory.1 HKCR\ACM.ACMFactory.1\CLSID HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID HKCR\AppId\ACM.DLL HKCR\AppId\ACM.DLL#AppID HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version HKLM\Software\WhenUSave HKLM\Software\WhenUSave#db_script_update HKLM\Software\WhenUSave#InstallDir HKLM\Software\WhenUSave#pats_url HKLM\Software\WhenUSave#pat_chunks_url HKLM\Software\WhenUSave#script_url HKLM\Software\WhenUSave#update_url HKLM\Software\WhenUSave#ver_url HKLM\Software\WhenUSave#Version HKLM\Software\WhenUSave#uninst_rs HKLM\Software\WhenUSave#timedDBUpdate_rs HKLM\Software\WhenUSave#SystemParam_rs HKLM\Software\WhenUSave#extra_url HKLM\Software\WhenUSave#extraver_url HKLM\Software\WhenUSave#ziptomsa_url HKLM\Software\WhenUSave#InstallTime HKLM\Software\WhenUSave#LastPartner HKLM\Software\WhenUSave#zip HKLM\Software\WhenUSave#uninstall_cmd_rs HKLM\Software\WhenUSave#acm_rs HKLM\Software\WhenUSave#TotalPartner HKLM\Software\WhenUSave#newuser_rs HKLM\Software\WhenUSave#Partner HKLM\Software\WhenUSave#PartnerB HKLM\Software\WhenUSave#PartnerDesc HKLM\Software\WhenUSave#PartnerParam HKLM\Software\WhenUSave#FullDBTime HKLM\Software\WhenUSave#TotalPopup HKLM\Software\WhenUSave#HeartbeatTime HKLM\Software\WhenUSave#HeartbeatCount HKLM\Software\WhenUSave#brandskin_url HKLM\Software\WhenUSave#brandstrip_rs HKLM\Software\WhenUSave#brandstrip_url HKLM\Software\WhenUSave#bstat_rs HKLM\Software\WhenUSave#himp_url HKLM\Software\WhenUSave#iptomsa_url HKLM\Software\WhenUSave#maxPopups_rs HKLM\Software\WhenUSave#redir3p_url HKLM\Software\WhenUSave#src_url HKLM\Software\WhenUSave#uninstalltag_rs HKLM\Software\WhenUSave#db_stamp_rs HKLM\Software\WhenUSave#db_server_update HKLM\Software\WhenUSave#fword_rs HKLM\Software\WhenUSave#MSA HKLM\Software\WhenUSave#PartnerUTag HKLM\Software\WhenUSave#IPToMsaTime_rs HKLM\Software\WhenUSave\Partners HKLM\Software\WhenUSave\Partners\WUSV HKLM\Software\WhenUSave\Partners\WUSV#Partner HKLM\Software\WhenUSave\Partners\WUSV#InstallTime HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE Desktop Hijacker.AboutYourPrivacy C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\images C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\privacy_danger C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url jeg er hva man kaller en skikkelig NOOB på pc.. så hvis noen vet hva jeg skal gjøre så skriv gjerne detailjert
r2d290 Skrevet 6. mai 2008 Skrevet 6. mai 2008 (endret) Se det som positivt, ikke negativt, at SAS finner masse edit: fortsett med en ny hijackthis-logg Endret 6. mai 2008 av r2d290
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Jeg kjørte Superantispyware og dette er loggen: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/06/2008 at 08:45 PM Application Version : 4.0.1154 Core Rules Database Version : 3453 Trace Rules Database Version: 1445 Scan type : Complete Scan Total Scan Time : 00:34:21 Memory items scanned : 554 Memory threats detected : 4 Registry items scanned : 6246 Registry threats detected : 123 File items scanned : 21782 File threats detected : 121 Adware.Vundo-Variant/J C:\WINDOWS\TDOMGAFW.DLL C:\WINDOWS\TDOMGAFW.DLL C:\WINDOWS\WETKADMR.DLL C:\WINDOWS\WETKADMR.DLL Trojan.Unclassified/GTS C:\WINDOWS\MKRNDOFL.DLL C:\WINDOWS\MKRNDOFL.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2} HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32 HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32#ThreadingModel HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\ProgID HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\Programmable HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\TypeLib HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\VersionIndependentProgID HKCR\mkrndofl.1 HKCR\mkrndofl HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548} HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\win32 HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\FLAGS HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\HELPDIR Adware.SXGAdvisor-A C:\WINDOWS\QVLBODMNMLE.DLL C:\WINDOWS\QVLBODMNMLE.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06} HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32 HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32#ThreadingModel HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\ProgID HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\Programmable HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\TypeLib HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\VersionIndependentProgID Adware.Tracking Cookie C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@casalemedia[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@apmebf[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@atdmt[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@serving-sys[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@clickaider[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@mediaplex[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@advancedcleaner[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@fastclick[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@statcounter[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@clicksor[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@burstnet[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@kontera[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tns-counter[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@imrworldwide[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@pornhub[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@nextag[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@overture[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@teenhitchhikers[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@doubleclick[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@smartadserver[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@2o7[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@questionmarket[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tribalfusion[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@specificclick[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@revenue[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adnetserver[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@advertising[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tacoda[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@tradedoubler[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@xiti[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@atwola[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@interclick[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@pro-market[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@antispywaremaster[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[4].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adbrite[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@bravenet[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][4].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@revsci[2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@insightexpressai[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@adtech[1].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@hothousemedia[1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\bep@advertising[2].txt C:\Documents and Settings\BEP\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@atdmt[2].txt C:\Documents and Settings\BEP\Cookies\[email protected][2].txt C:\Documents and Settings\BEP\Cookies\bep@casalemedia[1].txt C:\Documents and Settings\BEP\Cookies\bep@doubleclick[1].txt C:\Documents and Settings\BEP\Cookies\bep@imrworldwide[2].txt C:\Documents and Settings\BEP\Cookies\bep@mediaplex[1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@serving-sys[1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\[email protected][1].txt C:\Documents and Settings\BEP\Cookies\bep@tradedoubler[1].txt C:\Documents and Settings\BEP\Cookies\bep@tribalfusion[2].txt Adware.WhenU HKCR\ACM.ACMFactory HKCR\ACM.ACMFactory\CLSID HKCR\ACM.ACMFactory\CurVer HKCR\ACM.ACMFactory.1 HKCR\ACM.ACMFactory.1\CLSID HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID HKCR\AppId\ACM.DLL HKCR\AppId\ACM.DLL#AppID HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32 HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version HKLM\Software\WhenUSave HKLM\Software\WhenUSave#db_script_update HKLM\Software\WhenUSave#InstallDir HKLM\Software\WhenUSave#pats_url HKLM\Software\WhenUSave#pat_chunks_url HKLM\Software\WhenUSave#script_url HKLM\Software\WhenUSave#update_url HKLM\Software\WhenUSave#ver_url HKLM\Software\WhenUSave#Version HKLM\Software\WhenUSave#uninst_rs HKLM\Software\WhenUSave#timedDBUpdate_rs HKLM\Software\WhenUSave#SystemParam_rs HKLM\Software\WhenUSave#extra_url HKLM\Software\WhenUSave#extraver_url HKLM\Software\WhenUSave#ziptomsa_url HKLM\Software\WhenUSave#InstallTime HKLM\Software\WhenUSave#LastPartner HKLM\Software\WhenUSave#zip HKLM\Software\WhenUSave#uninstall_cmd_rs HKLM\Software\WhenUSave#acm_rs HKLM\Software\WhenUSave#TotalPartner HKLM\Software\WhenUSave#newuser_rs HKLM\Software\WhenUSave#Partner HKLM\Software\WhenUSave#PartnerB HKLM\Software\WhenUSave#PartnerDesc HKLM\Software\WhenUSave#PartnerParam HKLM\Software\WhenUSave#FullDBTime HKLM\Software\WhenUSave#TotalPopup HKLM\Software\WhenUSave#HeartbeatTime HKLM\Software\WhenUSave#HeartbeatCount HKLM\Software\WhenUSave#brandskin_url HKLM\Software\WhenUSave#brandstrip_rs HKLM\Software\WhenUSave#brandstrip_url HKLM\Software\WhenUSave#bstat_rs HKLM\Software\WhenUSave#himp_url HKLM\Software\WhenUSave#iptomsa_url HKLM\Software\WhenUSave#maxPopups_rs HKLM\Software\WhenUSave#redir3p_url HKLM\Software\WhenUSave#src_url HKLM\Software\WhenUSave#uninstalltag_rs HKLM\Software\WhenUSave#db_stamp_rs HKLM\Software\WhenUSave#db_server_update HKLM\Software\WhenUSave#fword_rs HKLM\Software\WhenUSave#MSA HKLM\Software\WhenUSave#PartnerUTag HKLM\Software\WhenUSave#IPToMsaTime_rs HKLM\Software\WhenUSave\Partners HKLM\Software\WhenUSave\Partners\WUSV HKLM\Software\WhenUSave\Partners\WUSV#Partner HKLM\Software\WhenUSave\Partners\WUSV#InstallTime HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE Desktop Hijacker.AboutYourPrivacy C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\images C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\privacy_danger C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url jeg er hva man kaller en skikkelig NOOB på pc.. så hvis noen vet hva jeg skal gjøre så skriv gjerne detailjert Den loggen kan umulig være bra? Se det som positivt, ikke negativt, at SAS finner masse er det noe mere jeg kan gjøre da? det ser ut som at de ble borte;P
r2d290 Skrevet 6. mai 2008 Skrevet 6. mai 2008 (endret) Du fortsetter med en hijackthis-logg Deretter lar du oss få se litt over loggene dine, og så får du en tilbakemelding så fort som mulig Edit: post gjerne også en ny combofix-logg, så er også dén oppdatert etter SAS-scannen Endret 6. mai 2008 av r2d290
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Hijackthis logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:02:08, on 06.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Fredrik\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9C7CDD-98FF-47E8-BC93-068B7984B8B4}: NameServer = 193.216.1.10 193.216.69.10 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: tdomgafw - {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll (file missing) O21 - SSODL: wetkadmr - {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11248 bytes
Trulsz Skrevet 6. mai 2008 Forfatter Skrevet 6. mai 2008 Her er den nye ComboFix loggen etter SaS: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-01.3 - Fredrik 2008-05-06 21:04:51.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1554 [GMT 2:00] Running from: C:\Documents and Settings\Fredrik\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-05-06 20:07 . 2008-05-06 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\SUPERAntiSpyware.com 2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-05 15:02 . 2008-05-05 22:22 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\TmpRecentIcons 2008-05-05 08:18 . 2008-05-05 03:53 94,208 --a------ C:\WINDOWS\svorbmke.exe 2008-05-05 08:18 . 2008-05-05 03:53 81,920 --a------ C:\WINDOWS\knxsrgte.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-06 18:46 --------- d-----w C:\Program Files\DAEMON Tools 2008-05-06 18:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-05 13:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-25 20:20 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Azureus 2008-04-19 05:29 --------- d-----w C:\Program Files\World of Warcraft 2008-04-09 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-22 16:16 --------- d-----w C:\Program Files\MSBuild 2008-03-22 16:16 --------- d-----w C:\Program Files\Microsoft Works 2008-03-22 16:15 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-22 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-22 16:00 --------- d-----w C:\Program Files\Reference Assemblies 2008-03-22 15:59 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-22 15:27 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\AdobeUM 2008-03-21 13:12 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Lavasoft 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys 2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-06 15:02 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Beyond 2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2007-03-14 15:01 52,264 ----a-w C:\Documents and Settings\Fredrik\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-05-05_20.47.45,45 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-05 15:52:44 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-05-06 19:00:08 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "Steam"="c:\valve\steam\steam.exe" [2008-03-28 08:30 1271032] "ares"="C:\Program Files\Ares\Ares.exe" [ ] "WhenUSave"="C:\Program Files\Save\Save.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 13:23 135168] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE] "AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\SYSTEM32\REGSVR32.EXE] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 04:10 409600] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-08-15 11:25:47 917611] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "tdomgafw"= {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll [ ] "wetkadmr"= {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\Steam.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\magnu_3k\\counter-strike\\hl.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\warcraft\\war3.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\counter-strike\\hl.exe"= "C:\\Program Files\\MultiHubSearch\\Multi-Hub-Search.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\condition zero\\hl.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\WoW-1.8.3.4807-to-0.9.0-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe"= "C:\\Documents and Settings\\Fredrik\\My Documents\\Arathi_Basin_new_EG-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"= "C:\\Valve\\Steam\\SteamApps\\aafk\\counter-strike\\hl.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 15:49] R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2002-12-09 13:06] R2 DiPort;Eicon Port Driver;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2004-01-20 12:27] R2 IAANTMon;IAA Event Monitor;C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 13:22] S3 BM;Novell Virtual Private Network Miniport;C:\WINDOWS\system32\DRIVERS\vptunnel.sys [2004-01-23 12:16] S3 DiWan;Eicon Driver for all Diva Client cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2004-02-27 16:05] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 14:12] *Newly Created Service* - COMHOST *Newly Created Service* - SASDIFSV . Contents of the 'Scheduled Tasks' folder "2008-04-23 13:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 21:07:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe" . Completion time: 2008-05-06 21:08:17 ComboFix-quarantined-files.txt 2008-05-06 19:08:11 ComboFix2.txt 2008-05-06 13:28:25 ComboFix3.txt 2008-05-05 20:50:53 ComboFix4.txt 2008-05-05 19:02:28 Pre-Run: 162,518,147,072 bytes free Post-Run: 162,587,738,112 bytes free 180 --- E O F --- 2008-04-12 16:45:39
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå