[LØST]To security center,får ikke fjernet ett.. Virus? m/logg

Tusull · 25. mai 2008

Ser jo ut til at den har tatt over datan min, og etter litt surfig skjønner jeg nå at den ikke hører hjemme her..

Men jeg har jo ikke peilig, og får ikke fjerna den heller..

Ser ut til at jeg har litt av hvert av grums og det som værre er på maskina mi nå..

Burde jeg bare levere den inn for å få bukt med alt sammen eller, og hva vil det koste..??

Håper noen kan gi meg noen tips her nå, ellers er jeg redd hele møkkasjiten får en kort flyvetur ute i det fri..

Endret 26. mai 2008 av Tusull

Tusull · 25. mai 2008

Ser jo ut til at den har tatt over datan min, og etter litt surfig skjønner jeg nå at den ikke hører hjemme her..
Men jeg har jo ikke peilig, og får ikke fjerna den heller..

Ser ut til at jeg har litt av hvert av grums og det som værre er på maskina mi nå..

Burde jeg bare levere den inn for å få bukt med alt sammen eller, og hva vil det koste..??

Håper noen kan gi meg noen tips her nå, ellers er jeg redd hele møkkasjiten får en kort flyvetur ute i det fri..

Ojj, skal forte meg å legge ved en logg jeg.. leste jo ikke det som sto over innlegget her først..

Tusull · 25. mai 2008

Legger ved en logg... :dontgetit:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:24, on 24.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\TEMP\YX8BD3.EXE

C:\WINDOWS\system32\mqtgsvc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dinside.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AROReminder] C:\Programfiler\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://192.168.1.10/officescan/console/Cli...ll/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://192.168.1.10/officescan/console/Cli...ll/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://192.168.1.10/officescan/console/Cli...stall/setup.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://192.168.1.10/officescan/console/html/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://192.168.1.10/officescan/console/Cli.../RemoveCtrl.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: epdqfcik - C:\WINDOWS\SYSTEM32\epdqfcik.dll

O23 - Service: Microsoft DDE+ server (09c24ee3) - Unknown owner - C:\WINDOWS\system32\.09c24ee39c24ee3.exe (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--

End of file - 12368 bytes

Endret 25. mai 2008 av Tusull

snippsat · 25. mai 2008

Hei!

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 25. mai 2008 av SNIPPSAT

Tusull · 25. mai 2008

[hide]ComboFix 08-05-25.3 - User 2008-05-25 23:11:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.488 [GMT 2:00]

Running from: C:\Documents and Settings\User\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))

.

2008-05-25 01:14 . 2008-05-25 01:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-05-25 01:14 . 2008-05-25 01:14 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-05-25 01:14 . 2008-05-25 01:14 <DIR> d-------- C:\Programfiler\MSBuild

2008-05-25 01:13 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-05-24 22:53 . 2008-05-24 22:53 <DIR> d-------- C:\Programfiler\Debugging Tools for Windows (x86)

2008-05-23 08:39 . 2008-05-23 08:39 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-05-21 22:52 . 2008-05-21 22:55 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6

2008-05-18 21:06 . 2008-05-18 21:07 <DIR> d-------- C:\Programfiler\Windows Defender

2008-05-18 13:38 . 2008-05-18 13:38 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-05-18 13:36 . 2008-05-18 13:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-17 17:49 . 2008-05-17 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg8

2008-05-17 15:18 . 2008-05-17 15:18 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-17 15:18 . 2008-05-17 15:18 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-17 15:18 . 2008-05-17 15:18 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-17 15:12 . 2008-05-17 15:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-17 14:42 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-05-16 23:51 . 2008-05-21 23:54 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-16 23:51 . 2008-05-16 23:51 <DIR> d-------- C:\Documents and Settings\User\Programdata\SUPERAntiSpyware.com

2008-05-16 23:51 . 2008-05-16 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-16 23:50 . 2008-05-16 23:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-16 23:50 . 2008-05-16 23:50 6,342,680 --a------ C:\SUPERAntiSpyware.exe

2008-05-15 22:29 . 2008-05-17 17:39 <DIR> d-------- C:\Documents and Settings\User\Programdata\AVGTOOLBAR

2008-05-15 22:24 . 2008-05-15 22:24 48,347,376 --a------ C:\avg_free_stf_all_8_100a1295.exe

2008-05-15 13:38 . 2008-05-15 13:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\AdobeUM

2008-05-15 12:48 . 2008-05-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira

2008-05-15 12:47 . 2008-05-15 12:47 22,311,160 --a------ C:\antivir_workstation_winu_en_h.exe

2008-05-15 00:12 . 2008-05-15 00:12 <DIR> d-------- C:\Documents and Settings\User\Programdata\Sammsoft

2008-05-14 22:42 . 2008-05-14 22:42 249,856 --a------ C:\WINDOWS\system32\epdqfcik.dll

2008-05-03 11:24 . 2008-05-03 11:24 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-05-03 00:40 . 2008-05-16 23:23 <DIR> d--h----- C:\WINDOWS\system32\.09c24ee3

2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Documents and Settings\Roar`s rot

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-24 21:00 --------- d-----w C:\Programfiler\Trend Micro

2008-05-18 11:36 --------- d-----w C:\Programfiler\Windows Media Connect

2008-05-17 15:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-11 21:53 --------- d-----w C:\Documents and Settings\User\Programdata\Apple Computer

2008-05-11 12:11 --------- d-----w C:\Documents and Settings\User\Programdata\LimeWire

2008-05-11 12:06 --------- d-----w C:\Documents and Settings\User\Programdata\Windows Desktop Search

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

2007-12-17 12:12 56360 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 15:05 68856]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"AROReminder"="C:\Programfiler\Advanced Registry Optimizer\ARO.exe" [ ]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-21 23:54 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="regsvr32 /s mqrt.dll" []

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 20:04 761945]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 15:39 131072]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]

"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2004-07-06 21:11 335872]

"fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 12:12 243240]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

C:\Documents and Settings\User\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-08 23:18:02 113664]

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693]

DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2006-10-20 13:06:11 184320]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 23:54 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\epdqfcik]

epdqfcik.dll 2008-05-14 22:42 249856 C:\WINDOWS\system32\epdqfcik.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09c24ee3]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\mqsvc.exe"=

"C:\\Programfiler\\Sony Ericsson\\Update Service\\ma3platform.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]

R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-12-17 12:13]

S2 09c24ee3;Microsoft DDE+ server;C:\WINDOWS\system32\.09c24ee3\09c24ee3.exe []

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-05-01 12:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-05-25 21:06:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-25 23:16:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@?????xc??????(?@???????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\epdqfcik.dll

.

Completion time: 2008-05-25 23:19:18

ComboFix-quarantined-files.txt 2008-05-25 21:18:21

Pre-Run: 43,533,873,152 byte ledig

Post-Run: 43,902,791,680 byte ledig

245 --- E O F --- 2008-05-23 06:36:51[/hide]

snippsat · 25. mai 2008

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O20 - Winlogon Notify: epdqfcik - C:\WINDOWS\SYSTEM32\epdqfcik.dll

---

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

File::

C:\WINDOWS\system32\epdqfcik.dll

C:\WINDOWS\TEMP\YX8BD3.EXE

---

Start->kjør->cmd

Skriv inn.

sc stop 09c24ee3

sc delete 09c24ee3

---

opprydding.

Slett mapper og filer

C:\Documents and Settings\All Users\Programdata\Avg8

C:\Documents and Settings\User\Programdata\AVGTOOLBAR

C:\avg_free_stf_all_8_100a1295.exe

C:\Documents and Settings\All Users\Programdata\Avira

C:\antivir_workstation_winu_en_h.exe

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Kjør full scan med sas som du har.

Post loggen fra SAS (preferences->statistics/logs)

---

Restart og ny hijackthis-logg.

Tusull · 26. mai 2008

ComboFix 08-05-25.3 - User 2008-05-26 8:28:13.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.511 [GMT 2:00]

Running from: C:\Documents and Settings\User\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))