Jens-Marius Skrevet 22. juni 2008 Rapporter Del Skrevet 22. juni 2008 (endret) Noen som kan hjelpe meg å se om maskinen min er ren og pen? ComboFix 08-06-20.4 - carina 2008-06-22 22:58:53.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1074 [GMT 2:00] Running from: C:\Users\carina\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))€))))))))))))))))))))) . C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\Windows\system32\ACER.exe C:\Windows\system32\x64 C:\Windows\system32\x64\csnp2uvc.dll C:\Windows\system32\x64\rsnpvc64.dll C:\Windows\system32\x64\sncduvc.sys C:\Windows\system32\x64\snp2uvc.sys C:\Windows\system32\x64\vsnpvc64.dll . ((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))) . 2008-06-18 22:41 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-06-18 22:41 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll 2008-06-18 22:41 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll 2008-06-18 22:41 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-18 22:41 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-18 22:41 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-18 22:41 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-14 16:46 . 2008-06-14 16:46 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-06-14 16:46 . 2008-06-14 16:46 <DIR> d-------- C:\ProgramData\WLInstaller 2008-06-11 19:40 . 2008-04-25 06:22 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-06-11 19:40 . 2008-04-26 10:02 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-06-11 19:40 . 2008-04-25 06:23 826,368 --a------ C:\Windows\System32\wininet.dll 2008-06-11 19:40 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-11 19:40 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-05-29 14:03 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-29 14:03 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-22 20:59 --------- d-----w C:\Users\carina\AppData\Roaming\uTorrent 2008-06-20 15:26 27,430 ----a-w C:\Users\carina\AppData\Roaming\nvModes.dat 2008-06-18 20:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-06-18 20:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-06-18 20:43 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-06-18 20:43 --------- d-----w C:\Program Files\Symantec 2008-06-18 20:43 --------- d-----w C:\Program Files\Norton Internet Security 2008-06-18 20:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-12 01:10 --------- d-----w C:\Program Files\Windows Mail 2008-06-12 01:07 --------- d-----w C:\Users\carina\AppData\Roaming\Skype 2008-06-11 22:54 --------- d-----w C:\Users\carina\AppData\Roaming\skypePM 2008-06-10 10:04 --------- d-----w C:\Users\carina\AppData\Roaming\OpenOffice.org2 2008-05-18 21:23 48 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-05-18 21:23 48 ---ha-w C:\ProgramData\ezsidmv.dat 2008-05-18 21:23 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-10-30 15:27 0 ----a-w C:\Users\carina\AppData\Roaming\wklnhst.dat 2007-09-24 17:18 23,876,904 ----a-w C:\Users\carina\SkypeSetup.exe 2007-09-17 19:15 174 --sha-w C:\Program Files\desktop.ini 2007-11-27 16:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-27 16:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-27 16:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:08 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "Acer Tour Reminder"="" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ] "Persistence"="C:\Windows\system32\igfxpers.exe" [ ] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "Acer Tour"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:44 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:42 22696] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920] "PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 00:31:52 535336] VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-09-14 11:22:17 6144] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{646DFFA9-01E3-4DA9-B765-AE3E28B3B526}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{52809FFB-2387-403A-BF86-C1C85975B883}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{A518EC2C-0DFA-4CD4-A9D1-E07DFE0207A5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{A82D881A-EA39-4F98-9501-D0B4CECA83FD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{A926D8A2-F272-4E6F-9ED9-D46204536735}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{9DEAF7BB-612E-4FFE-8A49-446B8CFF68E5}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{927B6970-9330-49FD-80B3-D32AFF6D2E60}"= C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 18:07] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b317c6c7-a4a8-11dc-bf4f-dcdecfe4da5e}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-20 18:41:16 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - carina.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-22 23:02:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-22 23:04:25 ComboFix-quarantined-files.txt 2008-06-22 21:03:25 Pre-Run: 28,080,939,008 byte ledig Post-Run: 28,483,194,880 byte ledig 168 --- E O F --- 2008-06-18 21:38:03 pfh. takk! Endret 24. juni 2008 av Jens-Marius Lenke til kommentar
r2d290 Skrevet 22. juni 2008 Rapporter Del Skrevet 22. juni 2008 Kan du poste en HijackThis-logg også? Gjør følgende: Last ned 'HijackThis'. Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile. Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda. Du vil da få en logg tilsvarende den i spoiler nedenfor: Logfile of HijackThis v1.99.1 Scan saved at 17:06:11, on 08.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kenneth\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stealthy.foolishgames.net/news.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe[/code] Når du har gjort dette er det bare å vente på svar... Lenke til kommentar
Jens-Marius Skrevet 22. juni 2008 Forfatter Rapporter Del Skrevet 22. juni 2008 oki, takk for raskt svar! Her er HijackThis log også: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:13:29, on 23.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\Explorer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\carina\AppData\Local\Temp\isDel.bat" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8432 bytes Lenke til kommentar
snippsat Skrevet 24. juni 2008 Rapporter Del Skrevet 24. juni 2008 Ser bra ut dette,combofix slettet noe grums. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
r2d290 Skrevet 24. juni 2008 Rapporter Del Skrevet 24. juni 2008 Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java (Ikke beta):http://java.sun.com/javase/downloads/index.jsp Gå til Start -> Control Panel -> Programs and Features. Søk i listen over alle tidligere versjoner av Java. (J2SE Runtime Environment.... )Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og velg Uninstall. Deretter installerer du den Java-versjonen som du lastet ned i starten. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Jens-Marius Skrevet 24. juni 2008 Forfatter Rapporter Del Skrevet 24. juni 2008 Oki! Takk for alle svar, Flotters! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå