Hjelp! har blitt infisert av minnesparere.com

22 innlegg i emnet

Skrevet

Fikk et virus fra minnesparere.com fra vg.no. De ba meg om å kjøre systemscan, og det gjorde jeg og installerte to program:

minnesparere

og internetAnonymizer.

Jeg har Combofix og hijackthis som jeg skal kjøre nå. Kan dere se på loggen min fra hijackthis og se om jeg har blitt kvitt det?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

da har jeg kjørt hijackthis.

her er loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:54, on 2007-12-29

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\MINNES~1\cookw.exe" -start

O4 - HKLM\..\Run: [giw] "C:\PROGRA~1\COMMON~1\INTERN~1\giw.exe" -start

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 6937 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Fix disse linjene med HJT:

O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\MINNES~1\cookw.exe" -start

O4 - HKLM\..\Run: [giw] "C:\PROGRA~1\COMMON~1\INTERN~1\giw.exe" -start

O4 - HKCU\..\Run: [?????????] ??????????????e

Kjør deretter Combofix og post loggen

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52, on 2007-12-29

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - cmd.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 6896 bytes

Jeg prøvde å slette og fikse den ??????)?????e filen, men den er der ennå ser jeg

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Har også fått dette på min andre maskin! Her er loggen til den:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:04, on 2007-12-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programfiler\McAfee\MPF\MPFSrv.exe

C:\Programfiler\McAfee\MSK\MskSrver.exe

C:\Programfiler\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe

C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe

C:\Programfiler\Multimedia Card Reader\shwicon2k.exe

C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe

C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinCinemaMgr] C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197051377453

O23 - Service: McAfee Application Installer Cleanup (0038611198866456) (0038611198866456mcinstcleanup) - Unknown owner - C:\DOCUME~1\Eier\LOKALE~1\Temp\003861~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe

--

End of file - 7572 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kjør Combofix på begge pc'n og post loggene. Combofix fjerner en hel del kjent rammel + lager en logg som viser litt mer enn hva hjt gjør.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

ComboFix 07-12-29.5 - Administrator 2007-12-29 17:56:45.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.804 [GMT 1:00]

Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Eier\Programdata\systemerrorrepairinstallfull_no[1].exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))

.

2007-12-29 17:53 . 2004-01-01 17:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS

2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2007-12-29 17:53 . 2004-01-01 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec

2007-12-29 17:53 . 2004-01-01 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Sonic

2007-12-29 17:53 . 2004-01-01 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SampleView

2007-12-29 17:53 . 2004-01-01 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterTrust

2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2007-12-29 17:53 . 2007-11-14 04:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2007-12-29 17:53 . 2007-12-29 17:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2007-12-29 17:53 . 2007-11-14 04:37 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2007-12-29 17:53 . 2004-01-01 15:10 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Programfiler\Lavasoft

2007-12-29 15:49 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2007-12-29 15:48 . 2007-12-29 15:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\minnesparere

2007-12-28 19:33 . 2007-12-28 19:33 <DIR> d-------- C:\Programfiler\Fellesfiler\MinneSparere

2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Programfiler\SiteAdvisor

2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\LocalService\Skrivebord

2007-12-28 19:30 . 2007-12-29 14:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\SiteAdvisor

2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\SiteAdvisor

2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SiteAdvisor

2007-12-28 19:30 . 2007-12-29 17:51 8,821 --a------ C:\WINDOWS\system32\Config.MPF

2007-12-28 19:29 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2007-12-28 19:27 . 2007-12-28 19:27 <DIR> d-------- C:\Programfiler\McAfee.com

2007-12-28 19:27 . 2007-12-28 19:27 <DIR> d-------- C:\Programfiler\Fellesfiler\McAfee

2007-12-28 19:27 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-12-28 19:27 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-12-28 19:27 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-12-28 19:27 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-12-28 19:27 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-12-28 19:27 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-12-28 19:26 . 2007-12-28 19:29 <DIR> d-------- C:\Programfiler\McAfee

2007-12-28 19:20 . 2007-12-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\McAfee

2007-12-25 13:32 . 2007-12-25 20:31 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\BitTorrent

2007-12-25 13:31 . 2007-12-25 13:31 <DIR> d-------- C:\Programfiler\DNA

2007-12-25 13:31 . 2007-12-25 13:31 <DIR> d-------- C:\Programfiler\BitTorrent

2007-12-25 13:31 . 2007-12-29 17:51 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\DNA

2007-12-24 13:18 . 2007-12-24 22:34 <DIR> d-------- C:\Documents and Settings\Eier\Shared

2007-12-24 13:18 . 2007-12-25 03:01 <DIR> d-------- C:\Documents and Settings\Eier\Incomplete

2007-12-24 13:17 . 2007-12-24 13:17 <DIR> d-------- C:\Programfiler\LimeWire

2007-12-24 13:17 . 2007-12-24 22:37 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\LimeWire

2007-12-23 23:19 . 2007-12-25 18:40 23 --a------ C:\WINDOWS\BlendSettings.ini

2007-12-23 21:55 . 2007-12-23 21:55 <DIR> d-------- C:\Programfiler\Bethesda Softworks

2007-12-23 21:40 . 2007-12-23 21:40 <DIR> dr-h----- C:\Documents and Settings\Eier\Programdata\SecuROM

2007-12-23 21:40 . 2007-12-23 21:40 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-12-23 21:32 . 2007-12-29 17:51 30,888 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx

2007-12-23 21:32 . 2007-12-29 17:51 30,888 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx

2007-12-23 21:32 . 2007-12-29 17:51 29,952 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx

2007-12-23 21:32 . 2007-12-29 17:51 29,952 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx

2007-12-23 21:32 . 2007-12-29 17:51 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20051102}.rfx

2007-12-23 21:32 . 2007-12-29 17:51 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm

2007-12-23 21:32 . 2007-12-29 17:51 1,080 --a------ C:\WINDOWS\system32\settings.sfm

2007-12-23 21:31 . 2007-12-23 21:33 <DIR> d-------- C:\WINDOWS\system32\Defaults

2007-12-23 21:31 . 2007-12-29 17:51 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20051102}.CDF

2007-12-23 21:31 . 2007-12-29 17:51 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20051102}.BAK

2007-12-23 21:31 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2

2007-12-23 21:30 . 2007-12-23 21:30 <DIR> d-------- C:\WINDOWS\system32\Data

2007-12-23 21:30 . 2007-12-23 21:30 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-12-23 21:30 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini

2007-12-23 21:30 . 2007-12-23 21:30 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2007-12-23 21:30 . 2006-08-11 14:57 11,776 --a------ C:\WINDOWS\INRES.DLL

2007-12-23 21:30 . 2006-08-11 14:55 10,240 --a------ C:\WINDOWS\CTDCRES.DLL

2007-12-23 21:30 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL

2007-12-23 21:30 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini

2007-12-23 21:16 . 2007-12-23 21:16 <DIR> d-------- C:\WINDOWS\system32\nb-NO

2007-12-23 21:16 . 2007-12-23 21:16 <DIR> d-------- C:\Programfiler\MSXML 6.0

2007-12-23 21:14 . 2007-12-23 21:14 <DIR> d-------- C:\Programfiler\MSBuild

2007-12-23 21:12 . 2007-12-23 21:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-12-23 21:12 . 2007-12-23 21:12 <DIR> d-------- C:\Programfiler\Reference Assemblies

2007-12-23 21:11 . 2007-12-23 21:11 <DIR> d-------- C:\d1e431d2584a48885ccf

2007-12-23 21:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-12-23 20:46 . 2007-12-23 20:46 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2007-12-23 20:46 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb

2007-12-23 20:46 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2007-12-23 20:46 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb

2007-12-23 20:45 . 2007-12-23 20:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-12-23 20:45 . 2007-12-23 20:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-23 20:31 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-12-23 20:31 . 2007-11-07 04:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys

2007-12-23 20:31 . 2007-11-07 04:40 106,496 --a------ C:\WINDOWS\system32\atinppt2.ax

2007-12-23 20:31 . 2005-12-02 23:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod

2007-12-23 20:30 . 2007-12-23 20:33 <DIR> d-------- C:\Programfiler\ATI Technologies

2007-12-19 12:43 . 2007-12-19 12:43 <DIR> d-------- C:\Programfiler\Hothouse Creations

2007-12-16 17:54 . 2007-12-16 17:54 <DIR> d-------- C:\Programfiler\Google

2007-12-16 11:38 . 2007-12-16 18:25 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Ahead

2007-12-16 11:36 . 2003-12-11 13:34 1,318,912 --------- C:\WINDOWS\UNNMP.exe

2007-12-16 11:36 . 2003-12-31 09:24 50,523 --------- C:\WINDOWS\UNNMP.cfg

2007-12-16 11:35 . 2001-07-09 12:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-16 11:34 . 2003-12-11 13:34 1,318,912 --------- C:\WINDOWS\UNNeroVision.exe

2007-12-16 11:34 . 2003-12-31 09:24 105,105 --------- C:\WINDOWS\UNNeroVision.cfg

2007-12-16 11:34 . 2001-03-08 18:30 24,064 -ra------ C:\WINDOWS\system32\msxml3a.dll

2007-12-16 11:33 . 2007-12-16 11:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-12-16 11:33 . 2007-12-16 11:36 <DIR> d-------- C:\Programfiler\Ahead

2007-12-16 11:33 . 2007-12-16 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead

2007-12-16 11:33 . 2001-07-06 15:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll

2007-12-16 11:33 . 2001-07-06 13:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-23 20:54 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-23 20:31 --------- d-----w C:\Programfiler\Creative

2007-12-23 19:32 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-12-23 14:44 --------- d-----w C:\Documents and Settings\Eier\Programdata\Canon

2007-12-16 16:55 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-09 19:03 --------- d-----w C:\Programfiler\Snapshot Viewer

2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-11-24 10:11 --------- d-----w C:\Programfiler\Brother's Keeper 6

2007-11-20 20:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\SBT

2007-11-20 19:51 --------- d-----w C:\Programfiler\microsoft frontpage

2007-11-20 19:48 --------- d-----w C:\Documents and Settings\Eier\Programdata\Microsoft Web Folders

2007-11-18 22:27 --------- d-----w C:\Programfiler\MSXML 4.0

2007-11-18 15:20 --------- d-----w C:\Documents and Settings\Eier\Programdata\Arcsoft

2007-11-14 03:38 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-11-13 21:58 --------- d-----w C:\Programfiler\NewSoft

2007-11-13 21:58 --------- d-----w C:\Programfiler\Canon

2007-11-13 21:58 --------- d-----w C:\Documents and Settings\Eier\Programdata\NewSoft

2007-11-13 21:57 --------- d-----w C:\Programfiler\ScanSoft

2007-11-13 21:57 --------- d-----w C:\Programfiler\Fellesfiler\ScanSoft Shared

2007-11-13 21:57 --------- d-----w C:\Documents and Settings\Eier\Programdata\ScanSoft

2007-11-13 21:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\SSScanWizard

2007-11-13 21:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\SSScanAppDataDir

2007-11-13 21:56 --------- d-----w C:\Programfiler\ArcSoft

2007-11-13 20:47 --------- d-----w C:\Programfiler\Java

2007-11-13 20:34 --------- d-----w C:\Programfiler\Alwil Software

2007-11-13 19:48 3,794 --sha-r C:\WINDOWS\system32\drivers\HP_PC008A-ABN t570.no_YW_Pavi_QCZB422_E42NOheBLF3_4_IOxford_SASUSTeK Computer INC._V1.xx_B3.28_T040827_WXH1_L414_M1024_J320_7Intel_8Pentium 4_93,2_1104C8023_N10EC8139_P_Z14F12F00_K_A_U808624D2_G_O_D.MRK

2007-11-13 19:46 --------- d-----w C:\Programfiler\InterVideo

2007-11-13 19:45 --------- d-----w C:\Programfiler\Multimedia Card Reader

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"RemoteCenter"="C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-25 13:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]

"HPHUPD05"="c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:19]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]

"WinCinemaMgr"="C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe" [2003-09-16 17:01]

"Home Theater SchSvr"="C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2003-11-24 17:40]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]

"VTTimer"="VTTimer.exe" []

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]

"Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 11:17]

"Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]

"mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57]

"cookw"="C:\PROGRA~1\FELLES~1\MINNES~1\cookw.exe" [2007-08-15 11:09]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-13 23:04:18]

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 11:42]

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-05-09 10:16]

R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-04-28 22:33]

S2 0038611198866456mcinstcleanup;McAfee Application Installer Cleanup (0038611198866456);C:\DOCUME~1\Eier\LOKALE~1\Temp\003861~1.EXE C:\PROGRA~1\FELLES~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

.

Contents of the 'Scheduled Tasks' folder

"2007-12-28 18:27:25 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2007-12-28 18:27:24 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-29 18:00:10

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-29 18:01:37 - machine was rebooted [Eier]

.

2007-12-22 01:46:06 --- E O F ---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Folder::

C:\Documents and Settings\Eier\Programdata\minnesparere

C:\Programfiler\Fellesfiler\MinneSparere

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cookw"=-

Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan.

Den lager en logg som du kan poste om du vil (preferences->statistics/logs)

Fortell så hvordan det går med 'problemet'.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Her er loggen fra da jeg kjørte SAS:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/30/2007 at 02:59 AM

Application Version : 3.9.1008

Core Rules Database Version : 3370

Trace Rules Database Version: 1365

Scan type : Complete Scan

Total Scan Time : 01:02:04

Memory items scanned : 542

Memory threats detected : 0

Registry items scanned : 6766

Registry threats detected : 5

File items scanned : 87074

File threats detected : 37

Adware.Tracking Cookie

C:\Documents and Settings\Eier\Cookies\eier@questionmarket[2].txt

C:\Documents and Settings\Eier\Cookies\eier@videoegg.adbureau[2].txt

C:\Documents and Settings\Eier\Cookies\eier@mediaplex[1].txt

C:\Documents and Settings\Eier\Cookies\eier@ad.yieldmanager[2].txt

C:\Documents and Settings\Eier\Cookies\eier@2o7[1].txt

C:\Documents and Settings\Eier\Cookies\eier@adrevolver[3].txt

C:\Documents and Settings\Eier\Cookies\eier@adrevolver[1].txt

C:\Documents and Settings\Eier\Cookies\eier@atdmt[2].txt

C:\Documents and Settings\Eier\Cookies\eier@bs.serving-sys[1].txt

C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[1].txt

C:\Documents and Settings\Eier\Cookies\eier@specificclick[2].txt

C:\Documents and Settings\Eier\Cookies\eier@msnportal.112.2o7[1].txt

C:\Documents and Settings\Eier\Cookies\eier@statse.webtrendslive[2].txt

C:\Documents and Settings\Eier\Cookies\eier@rocku.adbureau[1].txt

C:\Documents and Settings\Eier\Cookies\eier@ads.us.e-planning[1].txt

C:\Documents and Settings\Eier\Cookies\eier@tribalfusion[2].txt

C:\Documents and Settings\Eier\Cookies\eier@track.adform[1].txt

C:\Documents and Settings\Eier\Cookies\eier@date.ventivmedia[1].txt

C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[1].txt

C:\Documents and Settings\Eier\Cookies\eier@serving-sys[2].txt

C:\Documents and Settings\Eier\Cookies\eier@adtech[1].txt

C:\Documents and Settings\Eier\Cookies\eier@indextools[1].txt

C:\Documents and Settings\Eier\Cookies\eier@1064234106[1].txt

C:\Documents and Settings\Eier\Cookies\eier@ads.adbrite[2].txt

C:\Documents and Settings\Eier\Cookies\eier@affiliates.chichiclicks[1].txt

C:\Documents and Settings\Eier\Cookies\eier@tripod[2].txt

C:\Documents and Settings\Eier\Cookies\eier@ads.vg.basefarm[2].txt

C:\Documents and Settings\Eier\Cookies\eier@findexa.adbureau[2].txt

C:\Documents and Settings\Eier\Cookies\eier@premiumtv.122.2o7[1].txt

C:\Documents and Settings\Eier\Cookies\eier@media.adrevolver[2].txt

C:\Documents and Settings\Eier\Cookies\eier@advertising[2].txt

C:\Documents and Settings\Eier\Cookies\eier@doubleclick[2].txt

C:\Documents and Settings\Eier\Cookies\eier@ehg-ati.hitbox[1].txt

C:\Documents and Settings\Eier\Cookies\eier@statcounter[1].txt

C:\Documents and Settings\Eier\Cookies\eier@ads.no.webdeal[1].txt

C:\Documents and Settings\Eier\Cookies\eier@adbrite[2].txt

Malware.LocusSoftware Inc/PCPrivacyTool

HKLM\Software\Purchased Products

HKLM\Software\Purchased Products\System Error Repair

HKLM\Software\Purchased Products\System Error Repair#domain

HKLM\Software\Purchased Products\System Error Repair#pname

HKLM\Software\Purchased Products\System Error Repair#cname

Endret av vaagnes
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvordan kjører XP pc'n, fortsatt popups?

Og hvordan går det med Vista-maskinen?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg har fått spyware på en gammel maskin som jeg ikke blir kvitt:( Pop up med reklame hver gang jeg starter den. Har prøvd ad-ware, spy-bot & destroy og flere andre men det går ikke vekk. Nå har jeg lastet ned combifix men den eneste forandringen er at ikonene på skrivebordet ikke virker lengre:( Hvordan fikser jeg det? (ikonene og spywaren)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Du kan kjøre en systemgjenoppretting til før du kjørte Combofix (tilbehør->systemverktøy->systemgjenoppretting).

Deretter legger du ut en hjt-logg:

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

Edit: og så oppretter du din egen tråd der du legger loggen.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok nå har jeg postet loggene i egen tråd.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hverken Vista eller Xp-maskinen har noen popups nå. Jeg fikk ikke postet loggen fra combofix fra vista-maskinen, fordi den dukker ikke opp etter jeg har kjørt combofix. Det er ett eller annet som skaper trøbbel for combofix, det kommer opp out of memory og at administrator må gi godkjenning for at det skal kjøre. Etter jeg trykker på enter så kjører den likevel, men når den er ferdig så greier den ikke å starte maskinen på nytt, det må jeg gjøre manuelt, og loggen kommer ikke opp.

Jeg tenkte å kjøre SAS på vista-maskinen også, skal gjøre det senere i dag. Jeg merker ingenting av viruset på noen av de, men det trenger vel kanskje ikke å bety at jeg er kvitt det

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja, kjør SAS på Vista.

Neste gang du poster en hjt-logg fra Vista så kjør den fra normal tilstand (mener å se at du har kjørt den fra sikker modus?)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52, on 2007-12-29

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {25C29129-E95F-4564-BFE3-000000006400} (KvikVideo 6.4) - http://www.123hjemmeside.no/builder/pages/...deo-6-4-0-0.CAB

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - cmd.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 6896 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er Xp HJT logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:33, on 2007-12-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe

C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe

C:\Programfiler\Multimedia Card Reader\shwicon2k.exe

C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\McAfee.com\Agent\mcagent.exe

C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe

C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programfiler\McAfee\MPF\MPFSrv.exe

C:\Programfiler\McAfee\MSK\MskSrver.exe

C:\Programfiler\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WinCinemaMgr] C:\Programfiler\InterVideo\Common\bin\WinCinemaMgr.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Programfiler\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197051377453

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: McAfee Application Installer Cleanup (0038721199016975) (0038721199016975mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003872~1.EXE

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6253\SAService.exe

--

End of file - 8244 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Loggen fra Vista: Det er en gammel logg kjørt i sikker modus. Kunne du ha laget en ny fra vanlig tilstand?

Loggen fra XP: Ser ok ut. Du bør vurder om BitTorrent er noe du må ha.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

VG med flere, sliter med denne trojan/malwaren (minnesparere.com) via sitt reklamesystem, så om du har scannet med ditt antispyware/virusprogram og fortsatt plages når du er inne på eks. VG, så skyldes det VG sin nettside og ikke noe som ligger på din pc..

Mer info: http://oppdatert.blogspot.com/2007/12/vgno...prer-virus.html

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

er bittorrent et skummelt program med tanke på spyware og lignende?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

er bittorrent et skummelt program med tanke på spyware og lignende?

Selve klientene er helt ren, feks azureus, utorrent, bitcomet, så det blir hva man laster ned som kan være korrupt, men med gode sider og bra kommentarfelt er det lite problemer.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive