Gå til innhold

Combofix rapport, noen som kan se?


Anbefalte innlegg

Hei her er en combofix rapport? Håper noen kan ta en kikk på den. Etter å ha kjørt combofix får jeg også denne mld når jeg skal åpne symantec antivirus: An error occured while loading savrt32.dll.

 

ComboFix 08-08-27.05 - HC 2008-08-28 8:04:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1025 [GMT 2:00]

Running from: C:\Documents and Settings\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Secure Solutions

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827180900062.log

C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\4S66C8M4\bin.clearspring.com

C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\4S66C8M4\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\actskn43.ocx

C:\WINDOWS\system32\kmweudtn.dll

C:\WINDOWS\system32\mmjshx.dll

C:\WINDOWS\system32\smoxnkwj.ini

C:\WINDOWS\system32\VuxIRqru.ini

C:\WINDOWS\system32\VuxIRqru.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))

.

 

2008-08-28 08:01 . 2008-08-28 08:02 2,835,705 -ra------ C:\Documents and Settings\ComboFix.exe

2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe

2008-08-27 21:49 . 2008-08-27 22:42 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-27 21:38 . 2008-08-27 21:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG

2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-08-27 21:38 . 2008-08-27 21:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-27 21:38 . 2008-08-27 21:38 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-27 21:38 . 2008-08-27 21:38 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe

2008-08-27 19:42 . 2008-08-27 19:42 111,108 --a------ C:\WINDOWS\system32\msxml71.dll

2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm

2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm

2008-08-27 18:18 . 2008-08-27 18:18 103,552 --a------ C:\WINDOWS\system32\jwknxoms.dll

2008-08-27 18:08 . 2008-08-27 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services

2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent

2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent

2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007

2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe

2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works

2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007

2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp

2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe

2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite

2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm

2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm

2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon

2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools

2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe

2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm

2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm

2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm

2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm

2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe

2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner

2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe

2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe

2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe

2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe

2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft

2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent

2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm

2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm

2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent

2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero

2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent

2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins

2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line

2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad

2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire

2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd

2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf

2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe

2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe

2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe

2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe

2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344]

 

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

"DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552]

"PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648]

"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440]

"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728]

"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 21:38 1177368]

"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]

"AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]

2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=mmjshx.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

 

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13]

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17]

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-07-08 23:06]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-09-23 16:48]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 21:38]

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-27 21:38]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 21:38]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 21:38]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 22:38]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]

R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15]

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-22 06:58]

S2 TACXDEV;Tacx I-magic Trainer USB Driver (I-magic.sys);C:\WINDOWS\system32\Drivers\I-magic.sys [2004-09-29 11:45]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14]

S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22]

S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22]

S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22]

S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22]

S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22]

S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22]

S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22]

S3 OemF0211;OemF0211;C:\WINDOWS\system32\DRIVERS\OemF0211.sys [2007-04-10 13:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

 

2008-08-27 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{635637DF-B84C-4861-8870-002F0B6FB55A} - C:\WINDOWS\system32\urqRIxuV.dll

BHO-{bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file)

HKCU-Run-A00F115A62.exe - C:\DOCUME~1\HC\LOCALS~1\Temp\_A00F115A62.exe

HKLM-Run-Microsoft WinUpdate - C:\WINDOWS\system32\Setup_ver1.1431.0.exe

HKLM-Run-inrhce1wj0ec61 - C:\Documents and Settings\HC\Local Settings\Temp\.ttF.tmp.exe

HKLM-Run-lphca1wj0ec61 - C:\WINDOWS\system32\lphca1wj0ec61.exe

ShellExecuteHooks-{FEEAD861-8455-42F3-8A7E-B7756084BB36} - C:\WINDOWS\system32\iifddeCs.dll

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.startsiden.no/

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 08:12:13

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\scardsvr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-08-28 8:18:09 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-28 06:18:03

 

Pre-Run: 2,966,671,360 bytes free

Post-Run: 2,967,904,256 byte ledig

 

295 --- E O F --- 2008-08-27 01:01:26

Lenke til kommentar
Videoannonse
Annonse

Hallo

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

[*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

 

 

Deretter en ny logg fra Combofix, og så HijackThis:

 

Gjør følgende:

Last ned 'HijackThis'.

Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile.

 

Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda.

 

Post alle tre loggene (MBAM, Combofix og HijackThis, så fortsetter vi med opprensingen etter det :)

 

 

edit: ser at du har installert SAS... Hvis du har kjørt det i det siste, poster du loggen til SAS (start programmet: preferences->statestics/logs)

Endret av r2d290
Lenke til kommentar

Takk for hjelp så langt, skal gjøre dette:)

 

Men skal inn på statoilhydro sin arbridstaker side ved og bruke koder osv og da bruker den en citrix "ting" for og komme inn på denne. Men får denne beskjeden: You do NOT have the Citrix ICA Client (ActiveX) for 32-bit Windows installed on your system. The Citrix Java Client will be used to launch your applications if you do not install a Citrix ICA Client on your system.

 

Og på den symantec virusprogrammet var det og en ting med 32 som ikke fungerte, vil dette fungere etter og ha gjort det dere sier? eller må jeg gjøre noe annet?

Lenke til kommentar

Slutta det å fungere før eller etter du kjørte Combofix?

 

Vi får starte med å gjøre maskinen din ren for malware, så får vi eventuelt se hva vi får gjort etterpå med det andre problemet. Mulig du må kontakte IT-ansvarlig for å få det installert på nytt. Vet ikke helt...

Lenke til kommentar

Malwarebytes' Anti-Malware 1.25

Database versjon: 1090

Windows 5.1.2600 Service Pack 2

 

13:58:14 28.08.2008

mbam-log-08-28-2008 (13-58-14).txt

 

Skanntype: Rask Skann

Objekter skannet: 51256

Tid tilbakelagt: 4 minute(s), 44 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 3

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 3

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f115a62.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhce1wj0ec61 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphca1wj0ec61 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\jwknxoms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

 

 

ComboFix 08-08-27.05 - HC 2008-08-28 14:02:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1381 [GMT 2:00]

Running from: C:\Documents and Settings\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))

.

 

2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe

2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix

2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT

2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe

2008-08-28 08:01 . 2008-08-28 08:02 2,835,705 -ra------ C:\Documents and Settings\ComboFix.exe

2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe

2008-08-27 21:49 . 2008-08-27 22:42 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-27 21:38 . 2008-08-27 21:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG

2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-08-27 21:38 . 2008-08-27 21:38 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-27 21:38 . 2008-08-27 21:38 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-27 21:38 . 2008-08-27 21:38 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe

2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm

2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm

2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services

2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent

2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent

2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007

2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe

2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works

2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007

2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp

2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe

2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite

2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm

2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm

2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon

2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools

2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe

2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm

2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm

2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm

2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm

2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe

2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner

2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe

2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe

2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe

2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe

2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft

2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent

2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm

2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm

2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent

2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero

2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent

2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins

2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line

2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad

2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire

2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd

2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf

2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe

2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe

2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe

2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe

2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-28_ 8.17.40.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-04-17 06:41:01 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe

+ 2008-08-28 06:20:58 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe

- 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

+ 2008-08-28 06:20:58 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

- 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

+ 2008-08-28 06:20:58 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

- 2007-03-03 20:40:48 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll

+ 2005-04-04 00:25:56 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344]

 

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

"DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552]

"PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648]

"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440]

"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728]

"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 21:38 1177368]

"AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]

2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=mmjshx.dllavgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

 

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13]

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17]

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-07-08 23:06]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-09-23 16:48]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 21:38]

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-27 21:38]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 21:38]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 21:38]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 22:38]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]

R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15]

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-22 06:58]

S2 TACXDEV;Tacx I-magic Trainer USB Driver (I-magic.sys);C:\WINDOWS\system32\Drivers\I-magic.sys [2004-09-29 11:45]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14]

S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22]

S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22]

S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22]

S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22]

S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22]

S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22]

S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22]

S3 OemF0211;OemF0211;C:\WINDOWS\system32\DRIVERS\OemF0211.sys [2007-04-10 13:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

 

2008-08-28 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{635637DF-B84C-4861-8870-002F0B6FB55A} - (no file)

BHO-{bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.startsiden.no/

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 14:04:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

Completion time: 2008-08-28 14:06:41

ComboFix-quarantined-files.txt 2008-08-28 12:06:31

ComboFix2.txt 2008-08-28 06:18:10

 

Pre-Run: 2,934,964,224 bytes free

Post-Run: 2,944,004,096 byte ledig

 

263 --- E O F --- 2008-08-27 01:01:26

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:53, on 28.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\o2flash.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {635637DF-B84C-4861-8870-002F0B6FB55A} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file)

O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 14000 bytes

 

 

 

 

Ja når det gjelder cintrix så virka det som den ordna seg etter combofix, men symantec kommer jeg ikke inn på

Lenke til kommentar

PS: dersom dette er en firmaPC, bør du få godkjennelse av IT-ansvarlig før du fortsetter...

 

 

Du har tre antivirusprogram (eller hvertfall rester av det):

 

avira, avg, norton

 

Å ha mer enn ett antivirusprogram vil skape uønskede konflikter. Bestem deg for et av de, og avinstaller de andre. Fortell meg hvilket du bestemmer deg for. Er du usikker på hvilket du skal velge, anbefaler jeg AviraAntivir.

 

 

Jeg ser disse to linjene i loggen din. Jeg skal ikke være den som snakker etisk eller uetisk om piratkopiering, men vær litt kritisk til keygens. De har en tendens til å dra med seg diverse uønskede filer. Mens vi holder på med opprensingen, ønsker jeg at du kvitter deg med Keygenen (dersom du har lastet den ned).

 

2008-07-31 22:03 . 2008-07-31 22:03 15,519 --a------ C:\Documents and Settings\Nero_8_Ultra_Edition_8.3.8.0_FULL____Keys.4218835.TPB.torrent

2008-07-31 22:00 . 2008-07-31 22:00 30,995 --a------ C:\Documents and Settings\Nero8___Keygen_Full_Version.4221858.TPB.torrent

 

 

Du har AskToolbar installert på maskinen din. Dette er en toolbar som som oftest ikke er ønsket. Hvis du ønsker å kvitte deg med den, kan du gjøre det via legg til/fjern programmer.

 

 

Start HijackThis

Velg: Do a systemscan only

 

Sett en hake i boksene foran disse linjene (hvis du finner de):

O2 - BHO: (no name) - {635637DF-B84C-4861-8870-002F0B6FB55A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {bec58b46-73e1-485a-8472-7d345fdd5d65} - (no file)

O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

 

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

 

 

Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

 

Post denne loggen i din neste post, sammen med ny Combofix-logg

 

 

 

edit: fortell også hvordan maskinen fungerer nå...

Endret av r2d290
Lenke til kommentar

ComboFix 08-08-28.06 - HC 2008-08-29 17:49:23.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT 2:00]

Running from: C:\Documents and Settings\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))

.

 

2008-08-29 14:42 . 2008-08-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-08-28 18:13 . 2008-08-29 17:46 <DIR> d-------- C:\hjt

2008-08-28 18:13 . 2008-08-28 18:13 812,344 --a------ C:\HJT.exe

2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe

2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix

2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT

2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe

2008-08-28 08:01 . 2008-08-29 17:48 2,840,086 -ra------ C:\Documents and Settings\ComboFix.exe

2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG

2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR

2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe

2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm

2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm

2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services

2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent

2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent

2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007

2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe

2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works

2008-08-26 18:46 . 2008-08-27 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007

2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp

2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe

2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite

2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm

2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm

2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon

2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools

2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe

2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm

2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm

2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm

2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm

2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe

2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner

2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe

2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe

2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe

2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe

2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft

2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent

2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm

2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero

2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-28 16:31 --------- d-----w C:\Program Files\Java

2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent

2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins

2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line

2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad

2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire

2008-07-17 18:07 --------- d-----w C:\Program Files\Common Files\LogiShrd

2008-07-17 18:04 --------- d-----w C:\Program Files\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech

2008-07-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf

2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe

2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe

2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe

2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe

2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-28_ 8.17.40.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-04-17 06:41:01 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe

+ 2008-08-29 15:49:05 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe

- 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

+ 2008-08-29 15:49:05 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

- 2007-04-17 06:41:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

+ 2008-08-29 15:49:05 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe

- 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2007-03-03 20:40:48 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll

+ 2005-04-04 00:25:56 24,848 ----a-w C:\WINDOWS\system32\Resource\en\ctxsetUI.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344]

 

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

"DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552]

"PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648]

"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440]

"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728]

"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]

"AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]

2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=mmjshx.dllavgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

 

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13]

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2007-01-15 19:17]

R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-15 00:11]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13]

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]

R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-19 01:08]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-18 07:15]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14]

S3 FlashDrv;FlashDrv;C:\WINDOWS\system32\DRIVERS\FlashDrv.sys [2007-04-10 13:22]

S3 FscBapi;FscBapi;C:\WINDOWS\system32\DRIVERS\FscBapi.sys [2007-04-10 13:22]

S3 FscCmos;FscCmos;C:\WINDOWS\system32\DRIVERS\FscCmos.sys [2007-04-10 13:22]

S3 FscCpuid;FscCpuid;C:\WINDOWS\system32\DRIVERS\FscCpuid.sys [2007-04-10 13:22]

S3 FscEfDmi;FscEfDmi;C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys [2007-04-10 13:22]

S3 FscGabi;FscGabi;C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2007-04-10 13:22]

S3 FscTime;FscTime;C:\WINDOWS\system32\DRIVERS\FscTime.sys [2007-04-10 13:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.startsiden.no/

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-29 18:02:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

ŠHýƒÀøöÁV„V [-1869574000] 0x7C910895

ŠHýƒÀøöÁV„V [-1869574000] 0x87845550

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

Completion time: 2008-08-29 18:24:58

ComboFix-quarantined-files.txt 2008-08-29 16:23:04

ComboFix2.txt 2008-08-29 13:52:27

ComboFix3.txt 2008-08-28 12:06:45

ComboFix4.txt 2008-08-28 06:18:10

 

Pre-Run: 2,785,656,832 bytes free

Post-Run: 2,782,703,616 byte ledig

 

249 --- E O F --- 2008-08-27 01:01:26

 

 

 

 

 

 

 

 

Fikk slettet avg, men avira fant jeg ikke, slettet også to keygenen, den ask baren fant jeg ikke i kontrollpanelet. Ellers fungerer ikke java, fikk det til i går. Men ville ikke idag og det var før det siste jeg har gjort. ordna også de 5 røde punktene du nevnte. Maskina går fint og virker for meg virus fri. Men de to punktene java og symantec fungerer ennå ikke, og java skulle jeg ihvertfall hatt igang.:)

Endret av grane11
Lenke til kommentar
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

Kommer i alle logger,de er veldig få som har RECOVERY CONSOLE innstalert.

Denne betyr at du får et valg om og starte RECOVERY CONSOLE når du booter pcen.

 

Loggen ser fin ut.

 

Post en ny hijackthis logg.

Lenke til kommentar

Ja den loggen der var helt ny så har ikke skjedd noe etter det tror jeg.

Når det gjelder java , får jeg opp et lite vindu det står java(™) Plug-in Fatal Error

The Java runtime environment cannot be loaded.

 

har nå prøvd og slette og legge inn på nytt, så nå står det:several java virtuell machines running in the same process caused an error

Endret av grane11
Lenke til kommentar

1. Etter at jeg (og snippsat) ba deg om å poste HijackThis og Combofix-logg, har du bare postet combofix-logg (som du har postet i post #8.) Legg da også ut en HijackThis-logg :)

 

2. Har du restartet maskinen etter at du prøvde å avinstallere java?

Lenke til kommentar

ok det var en glipp, her kommer hijack loggen

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:47:03, on 29.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 13107 bytes

 

 

 

ja har restarta og, er ikke noen verdens mester på pc. Og utrolig irriterende.

Lenke til kommentar

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:10:39, on 29.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\o2flash.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\hjt\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 13436 bytes

Lenke til kommentar

hehe flott, til informasjon funker java i oprah men ikke explorer

 

 

og får opp en mld etter og ha prøvd og bruke java i explorer instruksjonen i "0x00000000" refererte til adresse "0x00000000". Minnet kunne ikke våre "read" klikk ok for og avslutte programmet

Endret av grane11
Lenke til kommentar

Punkt 1:

Slå av Teatimer (spybot)

 

Punkt 2:

Se om du får avinstallerte Ask Toolbar fra legg til/fjern programmer

 

Punkt 3:

Lukk alle nettlesere

 

Punkt 4:

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O20 - AppInit_DLLs: mmjshx.dllavgrsstx.dll

 

Punkt 5:

Hent ny combofix som du kjører, og hjt på nytt, og post begge loggene

Lenke til kommentar

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:02:03, on 31.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\o2flash.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\hjt\HijackThis.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [sSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143230470629

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 13130 bytes

 

 

 

 

 

ComboFix 08-08-28.06 - HC 2008-08-30 21:02:35.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1463 [GMT 2:00]

Running from: C:\Documents and Settings\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))

.

 

2008-08-29 22:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-29 22:54 . 2008-08-29 22:55 <DIR> d-------- C:\Program Files\Java

2008-08-29 22:54 . 2008-08-29 22:54 <DIR> d-------- C:\Program Files\Common Files\Java

2008-08-29 19:52 . 2008-08-29 19:52 382,352 --a------ C:\Documents and Settings\jre-6u7-windows-i586-p-iftw.exe

2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN70.tmp

2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN6F.tmp

2008-08-29 19:28 . 2008-08-29 19:28 0 --a------ C:\WINDOWS\system32\REN6E.tmp

2008-08-29 19:02 . 2008-08-29 19:02 268 --ah----- C:\sqmdata17.sqm

2008-08-29 19:02 . 2008-08-29 19:02 244 --ah----- C:\sqmnoopt17.sqm

2008-08-29 14:42 . 2008-08-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-08-28 18:13 . 2008-08-30 20:03 <DIR> d-------- C:\hjt

2008-08-28 18:13 . 2008-08-28 18:13 812,344 --a------ C:\HJT.exe

2008-08-28 13:51 . 2008-08-28 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-28 13:51 . 2008-08-28 13:51 2,085,280 --a------ C:\Documents and Settings\mbam-setup.exe

2008-08-28 13:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-28 13:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-28 13:19 . 2008-08-28 13:49 <DIR> d-------- C:\Documents and Settings\HC\Citrix

2008-08-28 13:19 . 2008-08-28 13:19 81 --a------ C:\CTX.DAT

2008-08-28 13:17 . 2008-08-28 13:18 2,817,536 --a------ C:\Documents and Settings\ica32t.exe

2008-08-28 08:01 . 2008-08-29 17:48 2,840,086 -ra------ C:\Documents and Settings\ComboFix.exe

2008-08-28 07:50 . 2008-08-28 07:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-08-28 07:50 . 2008-08-28 07:50 7,926,688 --a------ C:\Documents and Settings\Free-SpyHunter-Scanner-Install.exe

2008-08-27 21:38 . 2008-08-27 21:38 <DIR> d-------- C:\Program Files\AVG

2008-08-27 21:38 . 2008-08-27 21:48 <DIR> d-------- C:\Documents and Settings\HC\Application Data\AVGTOOLBAR

2008-08-27 21:13 . 2008-08-27 21:14 49,607,536 --a------ C:\Documents and Settings\avg_free_stf_all_8_101a1327.exe

2008-08-27 19:35 . 2008-08-27 19:35 268 --ah----- C:\sqmdata16.sqm

2008-08-27 19:35 . 2008-08-27 19:35 244 --ah----- C:\sqmnoopt16.sqm

2008-08-27 18:08 . 2008-08-28 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services

2008-08-27 17:09 . 2008-08-27 17:09 5,300 --a------ C:\Documents and Settings\Winzip_PRO_11.2_with_Keygen.zip_[mininova].torrent

2008-08-27 15:35 . 2008-08-27 15:35 162,803 --a------ C:\Documents and Settings\Microsoft_OFFICE_2007_Complete_PRO_Edition_&_CD_Keys!_[mininova].torrent

2008-08-26 18:57 . 2008-08-26 18:57 <DIR> d-------- C:\Temp\EN_Office_Visio_Professional_2007

2008-08-26 18:50 . 2008-08-26 18:51 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Visio_Professional_2007.exe

2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Microsoft Works

2008-08-26 18:46 . 2008-08-29 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-08-26 18:42 . 2008-08-26 18:42 <DIR> d-------- C:\Temp\EN_Office_Project_Professional_2007

2008-08-26 18:37 . 2008-08-26 18:58 <DIR> d-------- C:\Temp

2008-08-26 18:37 . 2008-08-26 18:37 413,696 --a------ C:\Documents and Settings\Skole deamon\Downloader_for_Project_Professional_2007.exe

2008-08-26 18:32 . 2008-08-26 18:32 <DIR> d-------- C:\Documents and Settings\Skole deamon\DAEMON Tools Lite

2008-08-26 18:28 . 2008-08-26 18:28 268 --ah----- C:\sqmdata15.sqm

2008-08-26 18:28 . 2008-08-26 18:28 244 --ah----- C:\sqmnoopt15.sqm

2008-08-26 18:27 . 2008-08-26 18:58 <DIR> d-------- C:\Documents and Settings\Skole deamon

2008-08-26 18:27 . 2008-08-26 18:27 <DIR> d-------- C:\Documents and Settings\HC\Application Data\DAEMON Tools

2008-08-26 18:27 . 2008-08-26 18:27 4,743,112 --a------ C:\Documents and Settings\Skole deamon\daemon4301-lite.exe

2008-08-26 18:27 . 2008-08-26 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmnoopt14.sqm

2008-08-24 22:43 . 2008-08-24 22:43 172 --ah----- C:\sqmdata14.sqm

2008-08-24 16:13 . 2008-08-24 16:13 268 --ah----- C:\sqmdata13.sqm

2008-08-24 16:13 . 2008-08-24 16:13 244 --ah----- C:\sqmnoopt13.sqm

2008-08-24 10:48 . 2008-08-24 10:48 268 --ah----- C:\sqmdata12.sqm

2008-08-24 10:48 . 2008-08-24 10:48 244 --ah----- C:\sqmnoopt12.sqm

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\HC\Application Data\SUPERAntiSpyware.com

2008-08-24 10:28 . 2008-08-24 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-08-24 10:27 . 2008-08-24 10:27 6,634,008 --a------ C:\Documents and Settings\SUPERAntiSpyware.exe

2008-08-24 10:21 . 2008-08-24 10:21 <DIR> d-------- C:\Program Files\CCleaner

2008-08-24 10:20 . 2008-08-24 10:20 860,120 --a------ C:\Documents and Settings\ccsetup210_slim.exe

2008-08-24 01:20 . 2008-08-24 01:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-27 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-24 01:20 . 2008-08-24 01:20 15,083,520 --a------ C:\Documents and Settings\spybotsd160.exe

2008-08-23 20:46 . 2008-08-23 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-08-23 20:45 . 2008-08-23 20:45 19,153,264 --a------ C:\Documents and Settings\aaw2008.exe

2008-08-23 20:28 . 2008-08-23 20:28 25,049,240 --a------ C:\Documents and Settings\antivir_workstation_winu_en_h.exe

2008-08-23 20:22 . 2008-08-23 20:46 <DIR> d-------- C:\Program Files\Lavasoft

2008-08-23 20:18 . 2008-08-23 20:18 2,380 --a------ C:\Documents and Settings\AdAware_6.0_Professional___Serial.3377972.TPB.torrent

2008-08-07 00:54 . 2008-08-07 00:54 268 --ah----- C:\sqmdata11.sqm

2008-08-07 00:54 . 2008-08-07 00:54 244 --ah----- C:\sqmnoopt11.sqm

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Simple Star

2008-07-31 21:58 . 2008-07-31 21:58 <DIR> d-------- C:\Documents and Settings\HC\Application Data\Nero

2008-07-31 21:54 . 2008-08-23 14:46 <DIR> d-------- C:\Program Files\AskTBar

2008-07-18 08:44 . 2008-07-18 08:44 268 --ah----- C:\sqmdata10.sqm

2008-07-18 08:44 . 2008-07-18 08:44 244 --ah----- C:\sqmnoopt10.sqm

2008-07-17 20:07 . 2008-02-06 04:21 4,658,456 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys

2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Program Files\Logitech

2008-07-17 20:04 . 2008-07-17 20:07 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-07-17 20:04 . 2008-07-17 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 21:09 --------- d-----w C:\Program Files\Google

2008-08-28 06:10 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-08-27 16:03 --------- d-----w C:\Documents and Settings\HC\Application Data\uTorrent

2008-08-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip

2008-08-24 08:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-23 22:39 --------- d-----w C:\Program Files\VstPlugins

2008-08-23 22:32 --------- d-----w C:\Program Files\Image-Line

2008-08-23 20:30 --------- d-----w C:\Documents and Settings\HC\Application Data\LimeWire

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs

2008-08-06 21:41 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad

2008-07-29 18:30 --------- d-----w C:\Program Files\LimeWire

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-11-26 12:01 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe

2007-10-16 11:37 40,836 ----a-w C:\Program Files\nexus.fpf

2007-09-27 12:21 13,179,392 ----a-w C:\Program Files\m5900mux.exe

2007-09-27 12:01 959,896 ----a-w C:\Program Files\wzcline22.exe

2007-09-27 11:54 9,974,784 ----a-w C:\Program Files\M6100enx.exe

2007-09-13 11:34 3,378,248 ----a-w C:\Program Files\LimeWireWin.exe

2007-09-13 11:27 51,418,424 ----a-w C:\Program Files\iTunesSetup.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-31 21:54 57344]

 

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 16:05 122368]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 06:05 204288]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

"DAEMON Tools Lite"="C:\Documents and Settings\Skole deamon\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-29 23:02 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 20:03 761946]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 03:41 45056]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 22:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 22:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 22:10 94208]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 22:39 151552]

"PSUtility"="c:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 22:39 118784]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 02:40 155648]

"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-02 06:12 353792]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-02 06:06 61440]

"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-21 00:23 90112]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 23:08 73728]

"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 20:10 233472]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 12:38 52840]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 05:29 125632]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 00:21 94208]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2006-11-30 20:46 89541 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 23:49 16126464 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-08 15:56:10 36864]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]

2006-03-10 04:58 32768 C:\WINDOWS\system32\PSUWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

 

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 21:13]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 21:13]

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

S3 DiWan;Eicon Driver for all DIVA PnP cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 21:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ac20e9-5e78-11db-80c9-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-30 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.startsiden.no/

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-30 21:07:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

Completion time: 2008-08-30 21:34:08

ComboFix-quarantined-files.txt 2008-08-30 19:31:12

ComboFix2.txt 2008-08-30 18:17:44

ComboFix3.txt 2008-08-29 16:25:21

ComboFix4.txt 2008-08-29 13:52:27

ComboFix5.txt 2008-08-30 19:02:25

 

Pre-Run: 1,744,748,544 bytes free

Post-Run: 1,727,901,696 byte ledig

 

232 --- E O F --- 2008-08-29 20:59:26

 

 

 

 

Prøvde og fjerneask toolbar,men finner den ikke i legg til fjern i kontrollpanel.

Haka også av ved de du sa på hjt:)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...