Msn virus - Vedlagt Hijack logg

[DjShugaA]

Heisann Pcen til kjæresten min har visst noe drit på seg for Msn sender random meldinger til folk. Har kjørt SuperantiSpyware og den fant ingenting. MBAS ville ikke kjøre på pcen hennes.

 

Dette er meldingen jeg fikk fra henne:

 

This is like a dream come true for me and my Becky. We both are living proof that Acai pills work to lose weight quick, we both lost over 30 pounds and still losing, no diet or excercise they just burn the fat off. Get them now for only five dollars at hxxp://tillhave.com <- Ødela linken slik at ingen skulle trykke ved uhell

 

Her er Hijack loggen jeg fikk fra henne:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59:41, on 09.03.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\mstsc.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232559883929

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 7647 bytes

 

 

[raWrz]

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen.

• Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til.
  
• Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.
  

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

[DjShugaA]

Takker for svar

 

Her er Combofix loggen

 

 

ComboFix 09-03-06.02 - Fei Li 2009-03-09 22:34:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.181 [GMT 1:00]

Kjører fra: c:\documents and settings\Fei Li\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 )))))))))))))))))))))))))))))))))

.

 

2009-03-09 21:59 . 2009-03-09 21:59 <DIR> d-------- c:\program files\Trend Micro

2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\program files\MSXML 4.0

2009-03-02 23:19 . 2009-03-02 23:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia

2009-03-02 23:18 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys

2009-03-02 23:18 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys

2009-03-02 23:15 . 2009-03-02 23:18 <DIR> d-------- c:\program files\Nokia

2009-03-02 23:07 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2009-03-02 23:07 . 2008-04-14 00:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2009-03-02 23:07 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-03-02 23:07 . 2009-03-02 23:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-03-02 23:07 . 2009-03-02 23:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-03-02 23:06 . 2009-03-02 23:07 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\PC Suite

2009-03-02 23:06 . 2009-03-02 23:48 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Nokia

2009-03-02 23:06 . 2009-03-02 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite

2009-03-02 23:03 . 2009-03-02 23:03 <DIR> d-------- c:\program files\DIFX

2009-03-02 23:03 . 2009-03-02 23:03 <DIR> d-------- c:\program files\Common Files\PCSuite

2009-03-02 23:03 . 2009-03-02 23:15 <DIR> d-------- c:\program files\Common Files\Nokia

2009-03-02 23:03 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2009-03-02 23:02 . 2009-03-02 23:02 <DIR> d-------- c:\program files\PC Connectivity Solution

2009-03-02 23:02 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-03-02 23:02 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-03-02 23:02 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2009-03-02 23:02 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-03-02 23:02 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-03-02 23:02 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-03-02 23:02 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-03-02 22:58 . 2009-03-02 23:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

2009-03-02 14:21 . 2009-03-02 14:21 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Codemonster

2009-03-02 14:15 . 2009-03-02 14:15 <DIR> d-------- c:\program files\Codemonster

2009-03-02 09:43 . 2009-03-02 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\SUPERAntiSpyware.com

2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\documents and settings\Fei Li\Application Data\Malwarebytes

2009-03-02 09:32 . 2009-03-02 09:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-02 09:32 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-02 09:32 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-25 22:14 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat

2009-02-16 13:29 . 2009-03-08 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania

2009-02-14 13:26 . 2009-02-14 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 00:09 --------- d-----w c:\program files\Opera

2009-03-07 23:55 --------- d-----w c:\documents and settings\Fei Li\Application Data\Skype

2009-03-07 23:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\skypePM

2009-03-04 22:24 --------- d-----w c:\program files\eMule

2009-02-26 08:54 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-20 10:46 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-14 15:08 --------- d-----w c:\documents and settings\Fei Li\Application Data\uTorrent

2009-02-07 15:54 --------- d-----w c:\program files\Reference Assemblies

2009-02-07 15:54 --------- d-----w c:\program files\MSBuild

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-02 19:46 --------- d-----w c:\program files\uTorrent

2009-01-23 19:46 --------- d-----w c:\program files\TTPlayer

2009-01-23 09:58 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-23 09:58 --------- d-----w c:\program files\Java

2009-01-22 11:51 --------- d-----w c:\program files\Foxit Software

2009-01-22 11:51 --------- d-----w c:\documents and settings\Fei Li\Application Data\Foxit

2009-01-22 10:14 409,600 ----a-w c:\windows\system32\wrap_oal.dll

2009-01-22 10:14 114,688 ----a-w c:\windows\system32\OpenAL32.dll

2009-01-22 10:14 --------- d-----w c:\program files\OpenAL

2009-01-22 10:13 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools Lite

2009-01-22 10:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools Pro

2009-01-22 10:09 --------- d-----w c:\documents and settings\Fei Li\Application Data\DAEMON Tools

2009-01-22 10:07 --------- d-----w c:\program files\DAEMON Tools Lite

2009-01-22 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-01-22 10:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-21 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard

2009-01-21 19:21 21,425 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-01-21 19:21 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel

2009-01-21 19:21 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel

2009-01-21 19:21 --------- d-----w c:\documents and settings\Fei Li\Application Data\Intel

2009-01-21 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Intel

2009-01-21 19:20 --------- d-----w c:\program files\Intel

2009-01-21 19:18 --------- d-----w c:\program files\Windows Live

2009-01-21 19:18 --------- d-----w c:\program files\Microsoft

2009-01-21 19:17 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-21 19:13 --------- d-----w c:\program files\Common Files\Windows Live

2009-01-21 19:09 --------- d-----w c:\program files\Windows Defender

2009-01-21 19:08 --------- d-----w c:\documents and settings\Fei Li\Application Data\vlc

2009-01-21 19:07 --------- d-----w c:\program files\VideoLAN

2009-01-21 19:03 --------- d-----w c:\program files\Skype

2009-01-21 19:03 --------- d-----w c:\program files\Common Files\Skype

2009-01-21 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-01-21 18:43 --------- d-----w c:\program files\Alwil Software

2009-01-21 18:17 --------- d-----w c:\documents and settings\Fei Li\Application Data\Windows Desktop Search

2009-01-21 18:16 --------- d-----w c:\program files\Windows Media Connect 2

2009-01-21 18:16 --------- d-----w c:\program files\Windows Desktop Search

2009-01-21 18:13 --------- d-----w c:\program files\Sigmatel

2009-01-21 18:10 --------- d-----w c:\program files\CONEXANT

2009-01-21 17:43 --------- d-----w c:\program files\Broadcom

2009-01-21 17:42 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-21 15:06 --------- d-----w c:\program files\microsoft frontpage

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"d:\\Spill\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spill\\Neverwinter Nights\\nwmain.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4662:TCP"= 4662:TCP:emule

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-21 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-21 20560]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-02 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-02 8320]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 22:36:37

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(860)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Tidspunkt ferdig: 2009-03-09 22:38:20

ComboFix-quarantined-files.txt 2009-03-09 21:38:15

 

Pre-Run: 3 690 995 712 bytes free

Post-Run: 3,850,489,856 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

redirect=usebiossettings

redirectbaudrate=

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

194 --- E O F --- 2009-03-05 20:57:23

 

 

[norbat]

Be kjæresten din om å endre passord på msn-kontoen. Se om ikke det får slutt på problemet.

 

Loggene viser ikke noe spesielt.

[DjShugaA]

okey vi får prøve det. Takker for hjelpen