Hijack This logg

[Axl91]

Lurte på om noen kunne tatt en titt innom denne.

Fikk noen beskjeder om viruset Virut.

 

Lurer på om jeg burde hatt en nyere version av hijackthis?

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:12:33, on 25.08.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\DellTPad\Apoint.exe

C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Programfiler\DellTPad\HidFind.exe

C:\Programfiler\DellTPad\Apntex.exe

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

c:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Xfire\Xfire.exe

c:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

c:\progra~1\felles~1\instal~1\update~1\isuspm.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\agent.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Contacts\wlcomm.exe

C:\Programfiler\Norman\nse\bin\NSESVC.EXE

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

D:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=lo

alhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O1 - Hosts: HP3E34B6 HP001CC43E34B6

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [KADxMain] c:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [ATICCC] "c:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\fyak3009.VGSA\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211190411190

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.vgsa.no

O17 - HKLM\Software\..\Telephony: DomainName = local.vgsa.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lan.bleiker.vgs.no

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Programfiler\Norman\nse\bin\NSESVC.EXE" -daemon (file missing)

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

 

 

 

[Atiks]

Du bruker en gammel version av hijackthis så kan du laste ned den nyeste her fra ,og post en ny logg.

Prøv også MBAM oppdater det fult ,ta en full skann og post loggen.

Endret 25. august 2009 av snippern

[Axl91]

Tusen takk, jeg har gjort det nå.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:23, on 25.08.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\DellTPad\Apoint.exe

C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Programfiler\DellTPad\HidFind.exe

C:\Programfiler\DellTPad\Apntex.exe

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

c:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Xfire\Xfire.exe

c:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

c:\progra~1\felles~1\instal~1\update~1\isuspm.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\agent.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Contacts\wlcomm.exe

C:\Programfiler\Norman\nse\bin\NSESVC.EXE

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Norman\Nvc\BIN\nvcod.exe

C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=lo

alhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O1 - Hosts: HP3E34B6 HP001CC43E34B6

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programfiler\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [KADxMain] c:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [ATICCC] "c:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\fyak3009.VGSA\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211190411190

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.vgsa.no

O17 - HKLM\Software\..\Telephony: DomainName = local.vgsa.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lan.bleiker.vgs.no

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

 

--

End of file - 11015 bytes

 

 

 

 

 

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2693

Windows 5.1.2600 Service Pack 3

 

25.08.2009 12:30:35

mbam-log-2009-08-25 (12-30-26).txt

 

Skanntype: Rask Skann

Objekter skannet: 129845

Tid tilbakelagt: 13 minute(s), 40 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 1

Registernøkler infisert: 1

Registerverdier infisert: 3

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

C:\WINDOWS\system32\users64.dat (Trojan.FakeAlert) -> No action taken.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\pr (Trojan.FakeAlert) -> No action taken.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\10 (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\di (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\lk1 (Trojan.FakeAlert) -> No action taken.

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\users64.dat (Trojan.FakeAlert) -> No action taken.

 

 

[Atiks]

Hijackthis loggen din ser greit ut. Men ta en full skann med MBAM og Husk! å slette de infiserte filene som MBAM finner for det gjorde du ikke i den raske skannen.

Endret 25. august 2009 av snippern