Kan noen hjelpe meg med denne HiJackthis fila?

MrLuni · 17. februar 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:13:18, on 17.02.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Frank Robert\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"

O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nl2plwrk] C:\Windows\System32\svsccs.exe

O4 - HKLM\..\Run: [spywareCease.exe] C:\Program Files\Spyware Cease\SpywareCease.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nl2plwrk] C:\Windows\System32\svsccs.exe

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe

O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 8637 bytes

snippsat · 17. februar 2009

Du har litt grums,så vi kjører noe mere.

legg logger i spoilere(more option->insert special item->spoiler)

Last ned MBAM til skrivebordet.

Velg Norsk språkdrakt-->kjør hurtig systemskann.

Når MBAM er ferdig åpner den en logg,den poster du.

---

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

MrLuni · 17. februar 2009

hmm har det problemet at programmer ikke vil starte, og at jeg blir nektet adgang til sider f.eks. Combofix, men jeg lasted den ned med en annen maskin, så jeg har programmene på skrivebordet

Endret 17. februar 2009 av MrSmile

snippsat · 17. februar 2009

Prøv i sikkerhetmodus.

Boot trykk F8 flere ganger,velg sikkehetmodus med nettverk.

Prøv dete samme der.

MrLuni · 17. februar 2009

skjer ikke noe nå heller som jeg er i sikkerhetsmodus. Er bare HiJackthis som vil funke av dei 3 programma

Endret 17. februar 2009 av MrSmile

snippsat · 17. februar 2009

Last ned DDS.scr

Se om du får kjørt denne post loggen den lager.

prøv også Roguefix

Vi fjerner de de som vise i loggen,kan hjelpe.

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O4 - HKLM\..\Run: [nl2plwrk] C:\Windows\System32\svsccs.exe

O4 - HKLM\..\Run: [spywareCease.exe] C:\Program Files\Spyware Cease\SpywareCease.exe

O4 - HKCU\..\Run: [nl2plwrk] C:\Windows\System32\svsccs.exe

Resart.

Prøv igjen.

Endret 17. februar 2009 av SNIPPSAT

MrLuni · 17. februar 2009

Var bare den DDS som funket. Kom opp 2 vinduer

DDS (Ver_09-02-01.01) - NTFSx86

Run by Frank Robert at 20:04:17,93 on 17.02.2009

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3581.2388 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\lxdicoms.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Windows\system32\STacSV.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Frank Robert\Desktop\HiJackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Frank Robert\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wuauclt.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [steam] c:\program files\valve\steam\\Steam.exe -silent

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"

mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"

mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [win system] c:\windows\winav.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

StartupFolder: c:\users\frankr~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

Notify: psfus - c:\windows\system32\psqlpwd.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\frankr~1\appdata\roaming\mozilla\firefox\profiles\j61rl92e.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.diskusjon.no/index.php?autocom=my_forum

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-31 73728]

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-5-19 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-5-19 7424]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]

S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2009-2-7 28672]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-5-19 209408]

=============== Created Last 30 ================

2009-02-17 12:41 <DIR> --d----- c:\program files\Spyware Cease

2009-02-08 13:45 <DIR> --d----- c:\users\frankr~1\appdata\roaming\SUPERAntiSpyware.com

2009-02-08 13:45 <DIR> --d----- c:\program files\SUPERAntiSpyware

2009-02-07 00:11 28,672 a------- c:\windows\system32\drivers\RKHit.sys

2009-01-31 10:30 163,378 a------- C:\awsxy.scr

2009-01-31 00:45 <DIR> --d----- c:\program files\AVG

2009-01-31 00:15 163,378 a------- C:\roflj.scr

2009-01-31 00:12 33,365 a------- C:\xyjtc.scr

2009-01-31 00:12 0 a------- C:\xyjtc.exe

2009-01-31 00:12 163,378 a------- C:\xbydx.scr

2009-01-31 00:06 163,378 a------- C:\lsqjr.scr

2009-01-31 00:06 33,365 a------- C:\zroce.scr

2009-01-31 00:06 0 a------- C:\zroce.exe

2009-01-31 00:01 0 a------- C:\tlwfm.exe

2009-01-31 00:01 33,365 a------- C:\tlwfm.scr

2009-01-30 23:57 163,378 a------- C:\hipxp.scr

2009-01-30 23:51 163,378 a------- C:\jqrgm.scr

2009-01-30 23:49 163,378 ---sh--- c:\windows\system32\svsccs.exe

2009-01-30 16:30 29,184 a------- C:\vthmu.scr

2009-01-30 16:17 29,184 a------- C:\zbgze.scr

2009-01-30 16:17 29,184 a------- C:\kopzd.scr

2009-01-30 11:26 29,184 a------- C:\kibfa.scr

2009-01-27 12:21 <DIR> --d----- c:\users\frank robert\Tracing

2009-01-27 12:21 <DIR> --d----- c:\program files\Microsoft

2009-01-27 12:20 <DIR> --d----- c:\program files\Windows Live SkyDrive

2009-01-27 12:10 <DIR> --d----- c:\program files\common files\Windows Live

2009-01-27 11:58 161,792 a------- c:\windows\SWREG.exe

2009-01-27 11:58 98,816 a------- c:\windows\sed.exe

2009-01-27 11:55 48,690 a------- c:\windows\winav.exe

2009-01-27 11:55 102,912 a------- C:\dok.exe

2009-01-27 01:14 9,216 a------- C:\p8.exe

2009-01-26 21:52 33,365 a------- c:\windows\system32\ilegiqv.exe

2009-01-26 21:41 33,365 a------- c:\windows\system32\tctj.exe

2009-01-26 21:41 4,014 a------- C:\pps.exe

2009-01-19 21:55 <DIR> --d----- c:\windows\Left 4 Dead

2009-01-19 21:55 <DIR> --d----- c:\program files\Left 4 Dead

==================== Find3M ====================

2009-02-17 19:55 462,270 a------- c:\windows\system32\perfh014.dat

2009-02-17 19:55 81,198 a------- c:\windows\system32\perfc014.dat

2009-02-17 19:15 2,484 a------- c:\windows\bthservsdp.dat

2009-02-14 19:25 55,428 a------- c:\users\frankr~1\appdata\roaming\nvModes.dat

2009-02-04 16:41 143,360 a------- c:\windows\inf\infstrng.dat

2009-02-04 16:41 51,200 a------- c:\windows\inf\infpub.dat

2009-01-13 13:57 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-01-13 13:54 86,016 a------- c:\windows\inf\infstor.dat

2009-01-13 13:48 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2008-12-20 15:07 22,328 a------- c:\users\frankr~1\appdata\roaming\PnkBstrK.sys

2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll

2008-06-11 19:55 665,600 a------- c:\windows\inf\drvindex.dat

2008-06-04 12:42 61,224 a------- c:\users\frank robert\GoToAssistDownloadHelper.exe

2008-05-25 10:59 174 a--sh--- c:\program files\desktop.ini

2006-11-21 06:12 294,254 a------- c:\windows\inf\perflib414\perfi.dat

2006-11-21 06:12 294,254 a------- c:\windows\inf\perflib414\perfh.dat

2006-11-21 06:12 35,166 a------- c:\windows\inf\perflib414\perfd.dat

2006-11-21 06:12 35,166 a------- c:\windows\inf\perflib414\perfc.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfi.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfh.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfd.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfc.dat

2008-05-19 15:51 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 20:04:45,47 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 19.05.2008 16:38:46

System Uptime: 17.02.2009 19:56:20 (1 hours ago)

Motherboard: Dell Inc. | | 0D501F

Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 174 GiB total, 47,619 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5,744 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP003

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP003

Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN-miniport (L2TP)

Device ID: ROOT\MS_L2TPMINIPORT000

Manufacturer: Microsoft

Name: WAN-miniport (L2TP)

PNP Device ID: ROOT\MS_L2TPMINIPORT000

Service: Rasl2tp

==== System Restore Points ===================

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.3

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Mobile Device Support

Apple Software Update

Audiosurf

Azureus Vuze

Browser Address Error Redirector

Brukerveiledninger

CDDRV_Installer

Choice Guard

Compatibility Pack for 2007 Office

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

Fingerprint Reader Suite 5.6

Garry's Mod

Half-Life 2: Deathmatch

Half-Life® 2

HijackThis 2.0.2

Intel® Matrix Storage Manager

Intel® PROSet/Wireless-programvare

iTunes

Java 6 Update 10

Java 6 Update 7

Java SE Runtime Environment 6

KhalSetup

Laptop Integrated Webcam Driver (1.04.01.1011)

Last.fm 1.5.2.38918

Left 4 Dead

Lexmark 3500-4500 Series

Lexmark faksprogram

LimeWire PRO 4.14.8

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

mCorev32.ism_new

mCPlug

mDriver

MediaDirect

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB929729)

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Language Pack - nor

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Norwegian (Bokmål)) 2007

Microsoft Office Proof (Norwegian (Nynorsk)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Norwegian (Bokmål)) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Norwegian (Bokmål)) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

mMHouse

Mozilla Firefox (3.0.6)

mPfMgr

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

neroxml

Nokia Connectivity Cable Driver

Nokia Flashing Cable Driver

Nokia PC Suite

Nokia Software Updater

NVIDIA Drivers

OpenAL

OpenOffice.org 3.0

Opplastingsverktøy for Windows Live

PC Connectivity Solution

Påloggingsassistent for Windows Live

QuickSet

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB958439)

Security Update for Microsoft Office Excel 2007 (KB958437)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

SetPoint

SigmaTel Audio

Skype™ 3.8

Spotify

Språkpakke for Microsoft .NET Framework 3.5 – NOR

Spyware Cease v3.1

Steam

SUPERAntiSpyware Professional

TVersity Codec Pack 1.2

TVersity Media Server 1.0.0.8 RC5

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Microsoft Office Access 2007 Help (KB957241)

Update for Microsoft Office Excel 2007 Help (KB957242)

Update for Microsoft Office InfoPath 2007 Help (KB957243)

Update for Microsoft Office OneNote 2007 Help (KB957245)

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office PowerPoint 2007 Help (KB957247)

Update for Microsoft Office Publisher 2007 Help (KB957249)

Update for Microsoft Office Word 2007 Help (KB957252)

Update for Microsoft Script Editor Help (KB957253)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb959141)

Update for Outlook 2007 Junk Email Filter (kb959634)

Ventrilo Client

VideoLAN VLC media player 0.8.6f

WIDCOMM Bluetooth Software 6.0.1.3100

Winamp

Windows-driverpakke - Nokia Modem (10/27/2008 3.9)

Windows-driverpakke - Nokia Modem (10/27/2008 7.01.0.1)

Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows-driverpakke - NVIDIA (nvlddmkm) Display (06/25/2008 7.15.11.7766)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

Windows Vista Upgrade Advisor

WinRAR archiver

World of Warcraft

==== End Of File ===========================

snippsat · 17. februar 2009

Ja du har litt grums,får ikke tid idag.

Har sent pm til norbat om han kan se på det,eller så ser jeg på det imorgen.

MrLuni · 17. februar 2009

Ja du har litt grums,får ikke tid idag.
Har sent pm til norbat om han kan se på det,eller så ser jeg på det imorgen.

Fantastiskt!

norbat · 17. februar 2009

Hei, beklager litt sein respons.

Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe

Klikk Start->Kjør

Skriv: cmd

Fra ledetekst skriv følgende, klikk Enter etter hver linje:

sc stop RkHit

sc delete RkHit

Åpne notisblokk, kopier inn det som står i fet tekst under, lagre fila på skrivebordet som slett.bat

erase "c:\windows\system32\drivers\RKHit.sys"

erase "C:\awsxy.scr"

erase "C:\roflj.scr"

erase "C:\xyjtc.scr"

erase "C:\xyjtc.exe"

erase "C:\xbydx.scr"

erase "C:\lsqjr.scr"

erase "C:\zroce.scr"

erase "C:\zroce.exe"

erase "C:\tlwfm.exe"

erase "C:\tlwfm.scr"

erase "C:\hipxp.scr"

erase "C:\jqrgm.scr"

erase "c:\windows\system32\svsccs.exe"

erase "C:\vthmu.scr"

erase "C:\zbgze.scr"

erase "C:\kopzd.scr"

erase "C:\kibfa.scr"

erase "c:\windows\winav.exe"

erase "C:\dok.exe"

erase "C:\p8.exe"

erase "c:\windows\system32\ilegiqv.exe"

erase "c:\windows\system32\tctj.exe"

erase "C:\pps.exe"

Restart pc'n i sikker modus

Kjør fila Slett.bat

Bruk utforsker til å sjekk at filene ble fjernet

(du trenger ikke å sjekke alle, men se i C: og disse .scr-filene)

Restart i normal modus.

Se om du får kjørt noen av prog. som er nevnt (malwarebytes, Combofix, Superantispyware, hjt etc. -> kjør den i prioritert rekkefølge. FÅr du kjørt de i fet tekst, holde det.)

Post logger.

MrLuni · 18. februar 2009

Såg ingen spor av dei filene på C: Men får heller ikke opnet dei samme programmene.

Kan vell nemne at WoW og Torrent nedlastinger sluttet å fungere igår.

ufattelig bra at noen hjelper til

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:55:16, on 18.02.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\mobsync.exe