[LØST] Noen som vil se på denne?

Inz- · 30. august 2008

Hei!

Lurte på om noen kunne se på denne for meg..

har Xp x64, så Combofix går ikke, og SAS fant ingenting,

men lurte på om noen ville se på denne..

HJT-logg med /ihatewhitelists:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:58:36, on 30.08.2008

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SysWOW64\acs.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files (x86)\DynDNS Updater\DynDNS.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe

C:\Program Files (x86)\NETGEAR\WG311T\wlancfg5.exe

C:\Program Files (x86)\DAEMON Tools\daemon.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files (x86)\NETGEAR\WG311TSU\Utility\Gear311T.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\SysWOW64\IoctlSvc.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\MSN Messenger\usnsvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=userinit

O1 - Hosts: #

O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

O1 - Hosts: #

O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each

O1 - Hosts: # entry should be kept on an individual line. The IP address should

O1 - Hosts: # be placed in the first column followed by the corresponding host name.

O1 - Hosts: # The IP address and the host name should be separated by at least one

O1 - Hosts: # space.

O1 - Hosts: #

O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual

O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.

O1 - Hosts: #

O1 - Hosts: # For example:

O1 - Hosts: #

O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: # 38.25.63.10 x.acme.com # x client host

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Progz\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"

O4 - HKLM\..\Run: [AS00_Gear311T] "C:\Program Files (x86)\NETGEAR\WG311TSU\Utility\Gear311T.exe" -hide

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files (x86)\Common Files\Nero\Lib\NMFirstStart.exe"

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311T\wlancfg5.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Progz\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Progz\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Progz\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\syswow64\msvidctl.dll

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SysWOW64\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll

O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll

O18 - Protocol: msdaipp - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll

O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\syswow64\msvidctl.dll

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll

O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\syswow64\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\syswow64\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SysWOW64\acs.exe

O23 - Service: Application Experience Lookup Service (AeLookupSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINDOWS\System32\alg.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe

O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Computer Browser (Browser) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: ClipBook (ClipSrv) - Microsoft Corporation - C:\WINDOWS\system32\clipsrv.exe

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

O23 - Service: .NET Runtime Optimization Service v2.0.50727_x64 (clr_optimization_v2.0.50727_64) - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINDOWS\system32\dllhost.exe

O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files (x86)\DynDNS Updater\DynDNS.exe

O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: HID Input Service (HidServ) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IAS Jet Database Access (IASJet) - Microsoft Corporation - C:\WINDOWS\SysWOW64\svchost.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Server (lanmanserver) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Workstation (lanmanworkstation) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINDOWS\system32\msiexec.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Network DDE (NetDDE) - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe

O23 - Service: Network DDE DSDM (NetDDEdsdm) - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)

O23 - Service: Office Source Engine (ose) - Microsoft Corporation - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SysWOW64\IoctlSvc.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Remote Registry (RemoteRegistry) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Microsoft Corporation - C:\WINDOWS\system32\locator.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe

O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINDOWS\System32\ups.exe

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Microsoft Corporation - C:\Program Files (x86)\MSN Messenger\usnsvc.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Microsoft Corporation - C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe

O23 - Service: Security Center (wscsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe

O23 - Service: Wireless Configuration (WZCSVC) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

O23 - Service: Network Provisioning Service (xmlprov) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

--

End of file - 23859 bytes

tenkte først og fremst på disse:

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

på forhånd takk

Endret 30. august 2008 av Inz-

Svenni212000 · 30. august 2008

1. Slå av Systemgjenopprettingsfunksjonen.

http://support.microsoft.com/kb/310405/no

2. Last ned > Installer > Oppdater > og kjør scan med Spybot S&D

PS: Manuelt søk etter oppdatering før du utfører en scan. Hender at ikke all oppdatering blir lastet ned ved update under installering.

3. Kjør ewido micro

4. Kjør LSP Fix

5. Kjør CCleaner

Kjør Renser til det ikke er mer skrotfiler.

Kjør register til du får "Ingen filer funnet"

Alle programmene kan du laste ned fra denne linken:

http://www.mediafire.com/?tstcanmkgdj

---

EDIT: Glemte å nevne - Post en ny HJT logg når dette er utført.

---

Endret 30. august 2008 av Svenni212000

norbat · 30. august 2008

Alt. så gjør du ingen ting da loggen ser grei ut.

Har du mistanke om noe eller var det bare en sjekk?

r2d290 · 30. august 2008

Du har kjørende en fil fra Avast (C:\Program Files\Alwil Software\Avast4\ashServ.exe) sammen med Avira.

Å ha to antivirusprogrammer samtidig vil skape konflikt, og er ikke anbefalt. Kvitt deg med ett av dem...

Inz- · 30. august 2008

Dette var stort sett bare for å sjekke.. ewido fant 5 filer..

LSP Fix fant ikke noe spennende..

Ny HJT logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:22, on 30.08.2008

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\SysWOW64\acs.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files (x86)\NETGEAR\WG311T\wlancfg5.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files (x86)\DAEMON Tools\daemon.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files (x86)\NETGEAR\WG311TSU\Utility\Gear311T.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\SysWOW64\IoctlSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files (x86)\DynDNS Updater\DynDNS.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=userinit

O1 - Hosts: #

O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

O1 - Hosts: #

O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each

O1 - Hosts: # entry should be kept on an individual line. The IP address should

O1 - Hosts: # be placed in the first column followed by the corresponding host name.

O1 - Hosts: # The IP address and the host name should be separated by at least one

O1 - Hosts: # space.

O1 - Hosts: #

O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual

O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.

O1 - Hosts: #

O1 - Hosts: # For example:

O1 - Hosts: #

O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server

O1 - Hosts: # 38.25.63.10 x.acme.com # x client host

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Progz\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll