Hjelp med HJT og Combofix

[nibter]

Hei.

 

Kan noen her hjelpe meg litt med noen logger. Har hatt virus på maskinen, har prøv å fjerne det men er ikke helt sikker på om det er borte. så hvis noen kunne sett litt på det så hadde det vært fint.

 

Combofix

ComboFix 08-12-20.05 - Dalveien 2008-12-21 17:15:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.523 [GMT 1:00]

Kjører fra: c:\documents and settings\Dalveien\Skrivebord\Ny mappe\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Rune og May-Britt.PC996723863318\Mine dokumenter\My Documents.url

c:\documents and settings\Rune og May-Britt.PC996723863318\Mine dokumenter\My Music\My Music.url

c:\documents and settings\Rune og May-Britt.PC996723863318\Mine dokumenter\My Pictures\My Pictures.url

c:\documents and settings\Rune og May-Britt.PC996723863318\Mine dokumenter\My Videos\My Video.url

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-21 til 2008-12-21 )))))))))))))))))))))))))))))))))

.

 

2008-12-21 16:51 . 2008-10-16 21:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-12-21 16:51 . 2008-10-16 21:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-12-21 16:50 . 2008-10-16 21:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-12-21 16:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-12-21 16:50 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-12-21 16:50 . 2008-10-16 21:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-12-21 16:50 . 2008-10-16 21:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-12-21 16:50 . 2008-10-16 21:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-12-21 16:50 . 2008-10-16 14:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-12-21 16:29 . 2008-12-21 16:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\documents and settings\Dalveien\Programdata\Malwarebytes

2008-12-21 16:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-21 16:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-21 16:05 . 2008-12-21 16:04 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-21 16:05 . 2008-12-21 16:04 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-21 15:59 . 2008-12-21 16:11 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-12-21 15:59 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys

2008-12-21 15:59 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys

2008-12-21 15:57 . 2008-08-14 10:57 2,185,984 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-12-21 15:57 . 2008-08-14 10:55 2,142,720 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-12-21 15:57 . 2008-08-14 10:18 2,062,976 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-21 15:57 . 2008-08-14 10:18 2,020,864 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-12-21 15:57 . 2008-09-15 12:57 1,846,016 --------- c:\windows\system32\dllcache\win32k.sys

2008-12-21 15:56 . 2008-12-21 16:26 <DIR> d-------- c:\documents and settings\Dalveien\Programdata\uTorrent

2008-12-21 15:56 . 2008-06-11 02:58 2,330,624 --------- c:\windows\system32\dllcache\WMVCore.dll

2008-12-21 15:56 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll

2008-12-21 15:56 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-12-21 15:56 . 2008-05-01 15:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll

2008-12-21 15:56 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys

2008-12-21 15:55 . 2008-09-04 17:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-12-21 15:55 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll

2008-12-21 15:55 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll

2008-12-21 15:50 . 2008-10-17 02:08 3,593,216 --------- c:\windows\system32\dllcache\mshtml.dll

2008-12-21 15:12 . 2008-12-21 15:12 <DIR> d-------- c:\documents and settings\Dalveien\Programdata\SUPERAntiSpyware.com

2008-12-21 15:11 . 2008-12-21 15:11 <DIR> d---s---- c:\documents and settings\Dalveien\UserData

2008-12-21 14:09 . 2008-12-21 14:09 <DIR> d-------- c:\documents and settings\Dalveien\Programdata\vlc

2008-12-21 14:05 . 2008-12-21 14:05 <DIR> d--hs---- c:\documents and settings\Dalveien\Temporary Internet Files

2008-12-21 14:05 . 2008-12-21 16:55 <DIR> dr------- c:\documents and settings\Dalveien\Skrivebord

2008-12-21 14:05 . 2008-12-21 16:06 <DIR> dr-h----- c:\documents and settings\Dalveien\Siste

2008-12-21 14:05 . 2008-12-21 16:48 <DIR> d-------- c:\documents and settings\Dalveien\Programdata

2008-12-21 14:05 . 2008-12-21 17:10 <DIR> dr------- c:\documents and settings\Dalveien\Mine dokumenter

2008-12-21 14:05 . 2008-12-21 14:05 <DIR> d--hs---- c:\documents and settings\Dalveien\Logg

2008-12-21 14:05 . 2008-12-21 17:10 <DIR> dr------- c:\documents and settings\Dalveien\Favoritter

2008-12-21 14:05 . 2008-12-21 14:05 <DIR> d--h----- c:\documents and settings\Dalveien\AndrMask

2008-12-21 14:04 . 2008-12-21 14:04 1,786 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_Presario V6000 (RR732EA#UUW)_YN_0Pres_QCNF6443SY8_E419857DH1_46_I30BB_SQuanta_V66.21_BF.06_T061026_WXP2_L

09_M1015_J120_7Intel_8T2050_91.6_#060913_N80861092_(RR732EA#UUW)_XMOBILE_CN10_Z_2Rev 1.MRK

2008-12-21 14:03 . 2006-12-16 05:12 <DIR> d-------- c:\documents and settings\Dalveien\Lokale innstillinger

2008-12-21 14:03 . 2008-12-21 16:26 <DIR> d-------- c:\documents and settings\Dalveien

2008-12-21 14:02 . 2006-12-16 05:12 <DIR> d-------- c:\windows\system32\config\systemprofile\Lokale innstillinger

2008-12-21 14:02 . 2008-12-21 22:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec

2008-12-21 14:02 . 2008-12-21 13:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com

2008-12-21 13:59 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2008-12-21 13:59 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll

2008-12-21 13:59 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-21 13:59 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2008-12-21 13:55 . 2008-12-21 13:55 <DIR> d-------- c:\documents and settings\Bjørn-Terje.PC996723863318\Programdata\Malwarebytes

2008-12-21 13:03 . 2008-12-21 13:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-21 21:31 --------- d-----w c:\program files\Windows XP MUI Pack

2008-12-21 21:31 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-21 21:29 --------- d-----w c:\program files\NetWaiting

2008-12-21 21:29 --------- d-----w c:\program files\Microsoft Works

2008-12-21 21:27 --------- d-----w c:\program files\Google

2008-12-21 21:27 --------- d-----w c:\program files\CONEXANT

2008-12-21 21:26 --------- d-----w c:\program files\Common Files\SureThing Shared

2008-12-21 21:26 --------- d-----w c:\program files\Common Files\Sonic Shared

2008-12-21 21:26 --------- d-----w c:\program files\Common Files\LightScribe

2008-12-21 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic

2008-12-21 21:21 --------- d-----w c:\documents and settings\Administrator\Application Data\Symantec

2008-12-21 15:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-12-21 14:45 --------- d-----w c:\program files\Symantec

2008-12-21 14:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-12-21 14:45 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-21 12:59 --------- d-----w c:\program files\HPQ

2008-12-21 12:55 --------- d-----w c:\program files\SUPERAntiSpyware

2008-12-09 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-15 13:41 --------- d-----w c:\documents and settings\Rune og May-Britt.PC996723863318\Programdata\HP

2008-11-09 19:39 --------- d-----w c:\documents and settings\Rune og May-Britt.PC996723863318\Programdata\Malwarebytes

2008-11-09 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-09 18:13 --------- d-----w c:\program files\Trend Micro

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 10:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll

2008-10-16 10:20 151,040 ------w c:\windows\system32\dllcache\cdfview.dll

2008-10-16 10:20 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll

2008-10-16 10:20 1,054,208 ------w c:\windows\system32\dllcache\danim.dll

2008-10-16 10:20 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2007-02-15 19:53 164 ----a-w c:\documents and settings\Stine\Programdata\wklnhst.dat

2007-02-10 16:16 0 ----a-w c:\documents and settings\Bjørn-Terje\Programdata\wklnhst.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-16 15360]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-21 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"MsmqIntCert"="mqrt.dll" [2006-03-16 c:\windows\system32\mqrt.dll]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-16 15360]

 

c:\documents and settings\Christina.RUNE\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-08 101440]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Photosmart Premier Hurtigstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-04 599312]

Ressursoverv†king for Extender-enhet.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-21 18432]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-21 111184]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-11 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-28 55024]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-21 20560]

R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-17 4096]

 

*Newly Created Service* - PROCEXP90

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-21 c:\windows\Tasks\Internett-tjenester.job

- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 11:23]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=pavilion&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=pavilion&pf=laptop

IE: &Google-søk - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Oversett engelsk ord - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Koblinger bakover - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Lignende sider - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Øyeblikksbilde av siden i hurtigbufferen - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-21 17:17:18

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???`U??????`?@?????L?@

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2008-12-21 17:18:03

ComboFix-quarantined-files.txt 2008-12-21 16:18:00

 

Pre-Run: 67 191 537 664 bytes free

Post-Run: 67,391,369,216 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

 

210 --- E O F --- 2008-12-21 15:54:01

 

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:19:16, on 21.12.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

O4 - Global Startup: Ressursovervåking for Extender-enhet.lnk = C:\WINDOWS\ehome\RMSysTry.exe

O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

 

--

End of file - 7392 bytes

 

 

 

 

Mvh

[norbat]

Loggene ser grei ut.

Fant MBAM el. SAS noe?

[nibter]

har funnet noe før, men nå på slutten fant den ikke noe.

Ser ut så den kansje er fin nå

 

Takk for hjelpen.

[r2d290]

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• ComboFix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

 

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din.

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-