Mer CID... Siste forsøk før Jeg formaterer HD

[Tvix675]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:41:35, on 11.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\sstray.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\MagicDisc\MagicDisc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Documents and Settings\[name]\Skrivebord\Ny mappe\jack.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [user defy rule long] C:\Documents and Settings\All Users\Programdata\The Rdr User Defy\axis send.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE66FB5-56C8-4688-AE54-A2D35B9E32DB}: NameServer = 217.13.4.24,217.13.7.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

 

--

End of file - 7956 bytes

 

Hei, har hatt CID: problem i flere mnd og er fremdeles ikke kvitt det. Har fulgt flere tråder her med andre som har hatt samme problem. Jeg har også fulgt "retningslinjene" som dere har listet for å prøve å bli kvitt det på egenhånd, men nå gir jeg opp. Dette er siste forsøk før jeg formaterer hele disken på nytt.

Jeg har kjørt CCleaner, mbam, nolop, combofix samt HJT men er nok ikke erfaren nok til å lese loggene å fjerne det som må fjernes.....

Legger ved loggene og håper det er noen som kan kikke gjennom..

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

O4 - HKLM\..\Run: [user defy rule long] C:\Documents and Settings\All Users\Programdata\The Rdr User Defy\axis send.exe

 

Kjør deretter Combofix på nytt og post loggen den lager.

[Tvix675]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

O4 - HKLM\..\Run: [user defy rule long] C:\Documents and Settings\All Users\Programdata\The Rdr User Defy\axis send.exe

 

Kjør deretter Combofix på nytt og post loggen den lager.

 

 

Hei, takk for kjapp respons. Trodde det ville ta noen dage før svar...

Har fjernet de linjer som du sa, og her er den nye combo fix loggen..

 

 

ComboFix 08-10-10.09 - [navn] 2008-10-11 21:24:02.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2104 [GMT 2:00]

Running from: C:\Documents and Settings\[Navn]\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

ADS - system32: deleted 33842 bytes in 1 streams.

 

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))

.

 

2008-10-11 15:10 . 2008-10-11 15:10 <DIR> d-------- C:\Programfiler\Sun

2008-10-11 14:28 . 2008-10-11 14:28 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\ATI

2008-10-11 12:30 . 2008-10-11 12:30 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-10-11 12:00 . 2008-10-11 12:00 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-11 12:00 . 2008-10-11 12:00 <DIR> d-------- C:\Documents and Settings\[Navn]\Programdata\Malwarebytes

2008-10-11 12:00 . 2008-10-11 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-11 12:00 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-11 12:00 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-11 11:59 . 2008-10-11 19:36 <DIR> dr-h----- C:\Documents and Settings\[Navn]\Siste

2008-10-11 11:56 . 2008-10-11 11:56 <DIR> d-------- C:\Programfiler\CCleaner

2008-10-11 10:59 . 2008-10-11 10:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-10-09 19:37 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-10-09 19:37 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

2008-09-25 21:55 . 2008-09-25 21:55 <DIR> d-------- C:\Documents and Settings\[Navn]\Programdata\Symantec

2008-09-19 20:11 . 2008-09-19 20:11 <DIR> d-------- C:\Documents and Settings\[Navn]\Programdata\Symantec

2008-09-16 21:45 . 2008-09-16 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2008-09-16 21:43 . 2008-09-16 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AOPSettings

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-11 19:20 --------- d-----w C:\Documents and Settings\[Navn]\Programdata\DNA

2008-10-11 13:09 --------- d-----w C:\Programfiler\Java

2008-10-11 12:31 636 ----a-w C:\delete.bat

2008-10-11 12:26 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-10-11 12:24 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-10-11 12:24 --------- d-----w C:\Programfiler\Spyware Doctor

2008-10-11 12:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-10-11 08:59 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-10-11 08:59 --------- d-----w C:\Documents and Settings\[Navn]\Programdata\SUPERAntiSpyware.com

2008-10-09 19:29 --------- d-----w C:\Programfiler\Fellesfiler\Nero

2008-10-09 19:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero

2008-10-09 17:38 --------- d-----w C:\Documents and Settings\[Navn]\Programdata\BitTorrent

2008-10-09 17:28 --------- d-----w C:\Programfiler\DNA

2008-10-05 16:27 --------- d-----w C:\Documents and Settings\[Navn]\Programdata\BitTorrent

2008-09-16 18:59 --------- d-----w C:\Programfiler\PC Health Optimizer

2008-09-10 01:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-20 01:00 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

1999-08-18 14:36 135,168 ----a-r C:\WINDOWS\inf\Agfa\Message.exe

.

 

((((((((((((((((((((((((((((( snapshot_2008-10-11_12.14.12,98 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-29 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 68856]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-10-09 289088]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-03-12 81920]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\WINDOWS\system32\ptipbmf.dll]

"nForce Tray Options"="sstray.exe" [2003-12-17 C:\WINDOWS\system32\sstray.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-29 15360]

 

C:\Documents and Settings\[Navn]\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - C:\Programfiler\MagicDisc\MagicDisc.exe [2008-04-18 546816]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]

R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1FD7781A-51FA-8D7D-F460-56BD21C4507A}]

C:\WINDOWS\system32:explorer.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-11 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

- C:\Programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-10-11 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

- C:\Programfiler\ErrorSmart []

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{4FE66FB5-56C8-4688-AE54-A2D35B9E32DB}: NameServer = 217.13.4.24,217.13.7.140

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-11 21:25:35

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-10-11 21:26:38

ComboFix-quarantined-files.txt 2008-10-11 19:26:34

ComboFix2.txt 2008-10-11 10:15:58

ComboFix3.txt 2008-05-02 14:38:06

 

Pre-Run: 30 790 791 168 byte ledig

Post-Run: 30,807,195,648 byte ledig

 

147 --- E O F --- 2008-09-17 01:00:25

 

 

[norbat]

Bruk utforsker og bla deg til C:\WINDOWS\Tasks (du må antakelig slå på "Vis skjulte filer og mapper" for å se Tasks-mappa)

 

I mappa, sletter du fila ErrorSmart Scheduled Scan.job

 

Restart pc'n og fortell hvordan det går med CiD probelmet.

[Tvix675]

Bruk utforsker og bla deg til C:\WINDOWS\Tasks (du må antakelig slå på "Vis skjulte filer og mapper" for å se Tasks-mappa)

 

I mappa, sletter du fila ErrorSmart Scheduled Scan.job

 

Restart pc'n og fortell hvordan det går med CiD probelmet.

 

 

Done, avventer litt for å sjekke CID problemet, tar nok en liten stund før det vil vise seg om det er forsvunnet. Har forsøkt å gjøre så mye som mulig selv før jeg "posted" forespørselen, men nå begynte det å gå på nervene løs...

[Tvix675]

Bruk utforsker og bla deg til C:\WINDOWS\Tasks (du må antakelig slå på "Vis skjulte filer og mapper" for å se Tasks-mappa)

 

I mappa, sletter du fila ErrorSmart Scheduled Scan.job

 

Restart pc'n og fortell hvordan det går med CiD probelmet.

 

 

Done, avventer litt for å sjekke CID problemet, tar nok en liten stund før det vil vise seg om det er forsvunnet. Har forsøkt å gjøre så mye som mulig selv før jeg "posted" forespørselen, men nå begynte det å gå på nervene løs...

 

 

Ser bra ut så langt. Takker så mye for hjelpen - sparte meg for noen timers arbeid med formatering og re-installasjon av programmer.

[norbat]

Uansett hvor nedlesset pc'n er av popup og andre malware-relaterte symptomer, så er det sjelden man behøver å reinstallere pc'n, om man da ikke ønsker det av flere årsaker.