Poster utskilt fra veiledningestråden

[Thorvis]

Er det noe galt med pcen min?

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:16:16, on 11.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Documents and Settings\Ole\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\gyabjpdu.dll (file missing)

O2 - BHO: (no name) - {F58C7851-C404-4E9B-BCE0-BE2A2EEC3FBA} - C:\WINDOWS\system32\jkkjh.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Policies\Explorer\Run: [{5C9B5518-0AE9-1044-0517-04022405002f}] "C:\Programfiler\Fellesfiler\{5C9B5518-0AE9-1044-0517-04022405002f}\Update.exe" te-110-12-0000073

O4 - HKUS\S-1-5-21-3364746796-3836892856-2458456877-1006\..\Policies\Explorer\Run: [{5C9B5518-0AE9-1044-0517-04022405002f}] "C:\Programfiler\Fellesfiler\{5C9B5518-0AE9-1044-0517-04022405002f}\Update.exe" te-110-12-0000073 (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\Run: [smw] C:\Programfiler\??mantec\w?aclt.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AlexaToolbar] C:\WINDOWS\system32\alexa.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Web Rebates. - file://C:\Programfiler\WebRebates4\websrebates\webtrebates\toprC0.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\nglsapi.dll (file missing)

O20 - Winlogon Notify: h618 - C:\WINDOWS\g66145093.dll (file missing)

O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\guard.tmp (file missing)

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O22 - SharedTaskScheduler: g322 - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - (no file)

O22 - SharedTaskScheduler: Windowz Updater - {259BA022-2005-45E9-A965-10EDB9C00618} - C:\WINDOWS\g66145093.dll (file missing)

O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - (no file)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

 

--

End of file - 6797 bytes

[norbat]

Hei, Thorvis

 

Avinstaller, om mulig, fra legg til/fjern programmer:

WebRebates

Yahoo toolbar

 

 

start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\gyabjpdu.dll (file missing)

O2 - BHO: (no name) - {F58C7851-C404-4E9B-BCE0-BE2A2EEC3FBA} - C:\WINDOWS\system32\jkkjh.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

O4 - HKCU\..\Policies\Explorer\Run: [{5C9B5518-0AE9-1044-0517-04022405002f}] "C:\Programfiler\Fellesfiler\{5C9B5518-0AE9-1044-0517-04022405002f}\Update.exe" te-110-12-0000073

O4 - HKUS\S-1-5-21-3364746796-3836892856-2458456877-1006\..\Policies\Explorer\Run: [{5C9B5518-0AE9-1044-0517-04022405002f}] "C:\Programfiler\Fellesfiler\{5C9B5518-0AE9-1044-0517-04022405002f}\Update.exe" te-110-12-0000073 (User '?')

O4 - HKUS\S-1-5-18\..\Run: [smw] C:\Programfiler\??mantec\w?aclt.exe (User '?')

O8 - Extra context menu item: Web Rebates. - file://C:\Programfiler\WebRebates4\websrebates\webtrebates\toprC0.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\nglsapi.dll (file missing)

O20 - Winlogon Notify: h618 - C:\WINDOWS\g66145093.dll (file missing)

O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\guard.tmp (file missing)

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O22 - SharedTaskScheduler: g322 - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - (no file)

O22 - SharedTaskScheduler: Windowz Updater - {259BA022-2005-45E9-A965-10EDB9C00618} - C:\WINDOWS\g66145093.dll (file missing)

O22 - SharedTaskScheduler: z - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - (no file)O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)

 

 

Gå til Start->Kjør

Skriv: services.msc

 

Finn og stopp følgende tjeneste, høyreklikk på tjenesten og velg egenskaper, og under oppstartstype velger du deaktivert:

COM+ Messages

 

 

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

(De fleste vil antakelig ikke bli funnet da de er fjernet fra før)

 

Files to delete:

C:\WINDOWS\system32\guard.tmp

C:\WINDOWS\system32\nglsapi.dll

C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\g66145093.dll

C:\WINDOWS\system32\svchosts.exe

 

Folders to delete:

C:\Programfiler\Yahoo!

C:\Programfiler\Fellesfiler\{5C9B5518-0AE9-1044-0517-04022405002f}

C:\Programfiler\??mantec

C:\Programfiler\WebRebates4

 

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den.

 

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny HJT-logg.

Endret 11. juli 2007 av norbat

[Thorvis]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:54:04, on 12.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Ole\Skrivebord\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce

O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

 

--

End of file - 5402 bytes

 

 

Klikk for å se/fjerne innholdet nedenfor

"Ole" - 2007-07-12 13:07:29 - ComboFix 07-07-10.1 - Service Pack 2

 

 

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))

 

 

2007-07-11 18:22 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-11 18:01 212 --a------ C:\delete.bat

2007-07-10 17:08 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-07-10 12:59 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste

2007-07-10 12:57 <DIR> d-------- C:\WINDOWS\LastGood

2007-07-10 12:53 <DIR> d-------- C:\Programfiler\Mozilla Sunbird

2007-07-10 12:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-07-10 00:33 <DIR> dr-h----- C:\DOCUME~1\Ole\Siste

2007-07-09 21:31 <DIR> d-------- C:\DOCUME~1\Gjest\PROGRA~1\MSN6

2007-07-03 12:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Propellerhead Software

2007-07-02 20:12 <DIR> d-------- C:\DOCUME~1\Gjest\PROGRA~1\Real

2007-07-01 18:13 <DIR> d-------- C:\Programfiler\Activision

2007-07-01 18:08 92,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys

2007-07-01 18:08 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2007-07-01 18:08 <DIR> d-------- C:\Programfiler\MagicDisc

2007-06-28 10:41 <DIR> d-------- C:\Programfiler\Gabest

2007-06-25 09:34 77,824 --a------ C:\WINDOWS\SYSTEM32\FLKill.exe

2007-06-25 09:34 35,363 --a------ C:\WINDOWS\SYSTEM32\windrvNT.sys

2007-06-25 09:34 112 --a------ C:\sccfg.sys

2007-06-25 09:34 110,592 --a------ C:\WINDOWS\SYSTEM32\suppdll.dll

2007-06-24 13:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\home box office dir

2007-06-21 14:27 <DIR> d-------- C:\Programfiler\Rockstar Games

2007-06-12 13:45 54,272 --a------ C:\WINDOWS\SYSTEM32\DrvTrNTm.dll

2007-06-12 13:45 106,496 --a------ C:\WINDOWS\SYSTEM32\DrvTrNTl.dll

2007-06-12 13:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec

2007-06-12 13:25 77,824 --a------ C:\WINDOWS\SYSTEM32\MediaScale.dll

2007-06-12 13:25 491,520 --a------ C:\WINDOWS\SYSTEM32\mp3lib.dll

2007-06-12 13:19 8,704 --a------ C:\WINDOWS\SYSTEM32\ogg.dll

2007-06-12 13:19 71,680 --a------ C:\WINDOWS\SYSTEM32\macdll.dll

2007-06-12 13:19 61,952 --a------ C:\WINDOWS\SYSTEM32\vorbisenc.dll

2007-06-12 13:19 237,568 --a------ C:\WINDOWS\SYSTEM32\oggds.dll

2007-06-12 13:19 112,128 --a------ C:\WINDOWS\SYSTEM32\vorbis.dll

2007-06-12 10:59 4,608 --a------ C:\WINDOWS\SYSTEM32\W95Inf32.DLL

2007-06-12 10:59 2,272 --a------ C:\WINDOWS\SYSTEM32\W95Inf16.DLL

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-11 16:58:19 -------- d-----w C:\DOCUME~1\Ole\PROGRA~1\uTorrent

2007-07-10 11:02:15 -------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2007-07-10 10:53:53 -------- d-----w C:\Programfiler\DivX

2007-07-01 16:16:45 -------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-06-25 10:31:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-06-12 12:26:02 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-06-08 14:39:00 -------- d-----w C:\DOCUME~1\Ole\PROGRA~1\Azureus

2007-06-05 12:52:40 -------- d-----w C:\Programfiler\iTunes

2007-06-05 12:52:33 -------- d-----w C:\Programfiler\iPod

2007-05-27 09:28:48 6,986 ----a-w C:\WINDOWS\mozver.dat

2007-05-27 01:19:00 -------- d-----w C:\DOCUME~1\Ole\PROGRA~1\Propellerhead Software

2007-05-27 01:12:38 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll

2007-05-27 01:12:37 225,280 ----a-w C:\WINDOWS\system32\ReWire.dll

2007-05-27 01:11:44 -------- d-----w C:\Programfiler\Propellerhead

2007-05-23 23:21:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-23 17:25:49 -------- d-----w C:\Programfiler\Last.fm

2007-05-18 10:10:30 -------- d-----w C:\Programfiler\Kaspersky Lab

2007-05-18 10:07:02 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2005-02-13 09:42:23 56 -csh--r C:\WINDOWS\SYSTEM32\C98739B8AD.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"pgwktjrg"="C:\lvdiomrw.bat" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"<NO NAME>"=C:\WINDOWS\WNSXS~1\MCONFI~1.EXE

"Smw"=C:\Programfiler\??mantec\w?aclt.exe

"AlexaToolbar"=C:\WINDOWS\system32\alexa.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="C:\Programfiler\Logitech\Easy Synchronization\shellexecutehook.dll" [2004-09-03 16:44]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^BitTorrent.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\BitTorrent.lnk

backup=C:\WINDOWS\pss\BitTorrent.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^GreatMemo.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\GreatMemo.lnk

backup=C:\WINDOWS\pss\GreatMemo.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^MagicDisc.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\MagicDisc.lnk

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^OpenOffice.org 2.0.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\OpenOffice.org 2.0.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^Weather.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\Weather.lnk

backup=C:\WINDOWS\pss\Weather.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^Xfire.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\Xfire.lnk

backup=C:\WINDOWS\pss\Xfire.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlexaToolbar]

C:\WINDOWS\system32\alexa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b3b5c4fc.exe]

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\b3b5c4fc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

"C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Programfiler\D-Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

C:\\defender25.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dfxquoe]

C:\Programfiler\?dobe\spool32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

C:\WINDOWS\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]

C:\Programfiler\Fellesfiler\mc-110-12-0000140.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Messaging]

C:\Programfiler\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]

C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Programfiler\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

C:\WINDOWS\kdx\KHost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

C:\WINDOWS\NCLAUNCH.EXe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omou]

C:\PROGRA~1\FELLES~1\omou\omoum.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]

C:\WINDOWS\System32\ossproxy.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2pnetworking]

p2pnetworking.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pbca]

"C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"C:\Programfiler\Logitech\MediaLife\MediaLifeService.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Programfiler\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Programfiler\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]

"C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]

C:\Programfiler\Norton Internet Security\UrlLstCk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"C:\Programfiler\Windows Defender\MSASCui.exe" -hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate]

C:\Programfiler\winupdate\winupdate.exe /auto

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yil]

C:\WINDOWS\W?nSxS\m?config.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]

"C:\Documents and Settings\Ole\Skrivebord\utorrent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Usnsvc usnsvc

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\Setup\rsrc\autorun.exe

dinstall\command- F:\Directx\dxsetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005a874b-27ed-11dc-9f12-000cf1f9f7ed}]

AutoRun\command- I:\Setup\rsrc\autorun.exe

dinstall\command- I:\Directx\dxsetup.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-26 08:12:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-02 11:30:00 C:\WINDOWS\tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 13:12:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\renxlngm]

"ImagePath"="system32\drivers\mqfqjovk.sys"

 

Completion time: 2007-07-12 13:12:55

C:\ComboFix-quarantined-files.txt ... 2007-07-12 13:12

C:\ComboFix2.txt ... 2007-07-12 00:04

C:\ComboFix3.txt ... 2007-07-11 18:47

 

--- E O F ---

 

Så, hva skal jeg gjøre videre?

[norbat]

Hvis du ikke selv har lagt til http://locator.cdn.imageservr.com i Trusted zone, så fjerner du denne. Du kan gjøre det på følgende måte:

 

Høyreklikk på følgende fil og lagre den på skrivebordet: DelDomains.inf

Høyreklikk på fila igjen, og velg Installer/Install.

Lukk og start IE igjen.

 

Post ny HJT-logg (NB: fra normal modus)

 

Hvordan kjører forøvrig pc'n?

[Thorvis]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:34, on 14.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Ole\Skrivebord\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\Run: [rstvstef] C:\rnuoyjlr.bat

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

 

--

End of file - 5241 bytes

 

 

Problemet jeg har med pcen min er at når kommer til inlogging står det "Windows starter" i ca. 5-10 min. Når jeg først får logget meg inn kan jeg nesten bare bruke programmer som tar lite ressurser (notepad osv. alt annet tar uendelig lang tid eller så virker det ikke i det hele tatt), startlinjen er borte, og har ikke noe nett. Når jeg skrur av pcen står den også lenge på "lagrer instillinger"

[norbat]

Gjør følgende:

 

Kopier innholdet under (i fet) og lim det inn i notisblokk. Velg 'Lagre som', sett filtype til 'Alle filer', og lagre som fix.reg. Legg fila på skrivebordet og dobbeltklikk. Si ja til å legge inn informasjonen i registeret:

 

Windows Registry Editor Version 5.00

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dfxquoe]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omou]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pbca]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yil]

 

Fix følgende linje med HJT:

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

 

 

Kjør Avener igjen og sett inn følgende (i fet):

Start Avenger igjen og sett inn følgende:

 

Files to delete:

C:\defender25.exe

C:\Programfiler\Fellesfiler\mc-110-12-0000140.exe

C:\WINDOWS\System32\ossproxy.exe

C:\lvdiomrw.bat

 

Folders to delete:

C:\PROGRA~1\FELLES~1\omou

C:\WINDOWS\WNSXS~1

C:\WINDOWS\STEM32~1

C:\ComboFix

 

 

Etter restart laster du ned Combofix på ny og lager en logg som du poster.

Fortell også hvordan pc'n kjører.

Endret 14. juli 2007 av norbat

[derbipwnz]

Hei Jeg lurte på om noen kunne sjekke Hijackthis-loggen min? Jeg har vært litt plaget av små popups, selv etter formatering... I tillegg når jeg spiller WoW så er det noe rart som har skjedd med 3D'en visse steder. Den er bugget på en måte, vises ikke helt skikkelig.

 

Takk

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:53:51, on 15.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\MessengerPlus! 3\MsgPlus.exe

C:\Programfiler\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Agnitum\Outpost Firewall\outpost.exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

c:\programfiler\steam\steamapps\greys650\counter-strike\hl.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [CashBibRectRdr] C:\Documents and Settings\All Users\Programdata\setupobjcashbib\Softwareacid.exe

O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programfiler\Agnitum\Outpost Firewall\outpost.exe" /waitservice

O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programfiler\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKCU\..\Run: [that else] C:\DOCUME~1\RUBENB~1\PROGRA~1\SITENE~1\uploadhideplay.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?a782daee00c743999898b11b2baa30d4

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?a782daee00c743999898b11b2baa30d4

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programfiler\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programfiler\Agnitum\Outpost Firewall\outpost.exe

 

--

End of file - 4800 bytes

 

[Thorvis]

snip...

9072773[/snapback]

 

Ny Combofix log:

Klikk for å se/fjerne innholdet nedenfor

"Ole" - 2007-07-15 11:13:35 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))

 

 

2007-07-15 10:57 <DIR> dr-h----- C:\DOCUME~1\Ole\Siste

2007-07-12 21:51 <DIR> d-------- C:\kav

2007-07-11 18:22 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-11 18:01 318 --a------ C:\delete.bat

2007-07-10 17:08 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-07-10 12:59 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste

2007-07-10 12:57 <DIR> d-------- C:\WINDOWS\LastGood

2007-07-10 12:53 <DIR> d-------- C:\Programfiler\Mozilla Sunbird

2007-07-10 12:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-07-09 21:31 <DIR> d-------- C:\DOCUME~1\Gjest\PROGRA~1\MSN6

2007-07-03 12:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Propellerhead Software

2007-07-02 20:12 <DIR> d-------- C:\DOCUME~1\Gjest\PROGRA~1\Real

2007-07-01 18:13 <DIR> d-------- C:\Programfiler\Activision

2007-07-01 18:08 92,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys

2007-07-01 18:08 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2007-07-01 18:08 <DIR> d-------- C:\Programfiler\MagicDisc

2007-06-28 10:41 <DIR> d-------- C:\Programfiler\Gabest

2007-06-25 09:34 77,824 --a------ C:\WINDOWS\SYSTEM32\FLKill.exe

2007-06-25 09:34 35,363 --a------ C:\WINDOWS\SYSTEM32\windrvNT.sys

2007-06-25 09:34 112 --a------ C:\sccfg.sys

2007-06-25 09:34 110,592 --a------ C:\WINDOWS\SYSTEM32\suppdll.dll

2007-06-24 13:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\home box office dir

2007-06-21 14:27 <DIR> d-------- C:\Programfiler\Rockstar Games

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-15 08:57:23 10,852,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-07-14 08:48:06 -------- d-----w C:\DOCUME~1\Ole\PROGRA~1\uTorrent

2007-07-13 21:14:37 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-07-12 11:14:10 427,552 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2007-07-10 11:02:15 -------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2007-07-10 10:53:53 -------- d-----w C:\Programfiler\DivX

2007-07-02 11:30:50 43,124 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2007-07-02 11:30:49 147,956 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-07-01 16:16:45 -------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-06-25 10:31:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-06-12 12:26:02 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-06-05 12:52:40 -------- d-----w C:\Programfiler\iTunes

2007-06-05 12:52:33 -------- d-----w C:\Programfiler\iPod

2007-05-27 09:28:48 6,986 ----a-w C:\WINDOWS\mozver.dat

2007-05-27 01:19:00 -------- d-----w C:\DOCUME~1\Ole\PROGRA~1\Propellerhead Software

2007-05-27 01:12:38 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll

2007-05-27 01:12:37 225,280 ----a-w C:\WINDOWS\system32\ReWire.dll

2007-05-27 01:11:44 -------- d-----w C:\Programfiler\Propellerhead

2007-05-23 23:21:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-23 17:25:49 -------- d-----w C:\Programfiler\Last.fm

2007-05-18 10:17:34 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2007-05-18 10:17:34 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2007-05-18 10:10:30 -------- d-----w C:\Programfiler\Kaspersky Lab

2007-05-18 10:07:02 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2006-08-09 23:53:47 47,360 ----a-w C:\DOCUME~1\Ole\PROGRA~1\pcouffin.sys

2005-02-13 09:42:23 56 -csh--r C:\WINDOWS\SYSTEM32\C98739B8AD.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"pgwktjrg"="C:\lvdiomrw.bat" []

"rstvstef"="C:\rnuoyjlr.bat" []

"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

"xooqobcc"="C:\bcghyxhs.bat" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"<NO NAME>"=C:\WINDOWS\WNSXS~1\MCONFI~1.EXE

"Smw"=C:\Programfiler\??mantec\w?aclt.exe

"AlexaToolbar"=C:\WINDOWS\system32\alexa.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="C:\Programfiler\Logitech\Easy Synchronization\shellexecutehook.dll" [2004-09-03 16:44]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll --a------ 2005-12-06 21:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^BitTorrent.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\BitTorrent.lnk

backup=C:\WINDOWS\pss\BitTorrent.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^GreatMemo.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\GreatMemo.lnk

backup=C:\WINDOWS\pss\GreatMemo.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^MagicDisc.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\MagicDisc.lnk

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^OpenOffice.org 2.0.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\OpenOffice.org 2.0.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^Weather.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\Weather.lnk

backup=C:\WINDOWS\pss\Weather.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ole^Start-meny^Programmer^Oppstart^Xfire.lnk]

path=C:\Documents and Settings\Ole\Start-meny\Programmer\Oppstart\Xfire.lnk

backup=C:\WINDOWS\pss\Xfire.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlexaToolbar]

C:\WINDOWS\system32\alexa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b3b5c4fc.exe]

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\b3b5c4fc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

"C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Programfiler\D-Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

C:\\defender25.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dfxquoe]

C:\Programfiler\?dobe\spool32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

C:\WINDOWS\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]

C:\Programfiler\Fellesfiler\mc-110-12-0000140.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Messaging]

C:\Programfiler\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]

C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Programfiler\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

C:\WINDOWS\kdx\KHost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

C:\WINDOWS\NCLAUNCH.EXe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omou]

C:\PROGRA~1\FELLES~1\omou\omoum.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]

C:\WINDOWS\System32\ossproxy.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2pnetworking]

p2pnetworking.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pbca]

"C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"C:\Programfiler\Logitech\MediaLife\MediaLifeService.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Programfiler\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Programfiler\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]

"C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]

C:\Programfiler\Norton Internet Security\UrlLstCk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"C:\Programfiler\Windows Defender\MSASCui.exe" -hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate]

C:\Programfiler\winupdate\winupdate.exe /auto

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yil]

C:\WINDOWS\W?nSxS\m?config.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]

"C:\Documents and Settings\Ole\Skrivebord\utorrent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mnmsrvc"=3 (0x3)

"Fax"=2 (0x2)

"AVP"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Usnsvc usnsvc

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\Setup\rsrc\autorun.exe

dinstall\command- F:\Directx\dxsetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005a874b-27ed-11dc-9f12-000cf1f9f7ed}]

AutoRun\command- I:\Setup\rsrc\autorun.exe

dinstall\command- I:\Directx\dxsetup.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-26 08:12:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-02 11:30:00 C:\WINDOWS\tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-15 11:17:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-15 11:17:48

C:\ComboFix-quarantined-files.txt ... 2007-07-12 13:12

C:\ComboFix2.txt ... 2007-07-12 13:12

C:\ComboFix3.txt ... 2007-07-12 00:04

 

--- E O F ---

 

Pcen kjører likt som før med probleme jeg beskrev i posten min over.

Det skal også nevnes at jeg ikke er helt sikker på om problemene er forårsaket av spyware/virus/drit på pcen min, men det er greit å være sikker.

[norbat]

derbipwnz:

Du har en liten Lop-infeksjon.

Kjør gjennom langversjonen i veiledningen i første post. Opprett deretter en ny, egen post, der du legger ut en ny HJT-logg.

[norbat]

Thorvis:.

Du har nok vært utsatt for spyware, og det skjer i en del tilfeller at pc'n oppleves slik du nevner.

 

Du bør uansett ta backup av viktige data. Den siste Combofix-loggen din viser at det ikke skjedde så mye ved siste fix, så om du har tålmodighet, så prøver vi videre:

 

------------

Sjekk manuelt om de registeroppføringene som ble forsøkt fjernet, fortsatt ligger der:

Klikk Start->Kjør

Skriv: regedit

 

Gå til HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

Slett de om de ligger der

------------

------------

Last ned SDFix til skrivebordet.

 

Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix

 

Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet

Velg Y for å starte rensingen

Pc'n vil restarte, og SDFix vil fortsette.

 

Når du har gjort dette, poster du en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa).

[Thorvis]

SDFix:

Klikk for å se/fjerne innholdet nedenfor

SDFix: Version 1.91

 

Run by Ole on 15.07.2007 at 16:19

 

Microsoft Windows XP [Versjon 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing SharedAccess Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted

C:\WINDOWS\SYSTEM32\RESKO.DLL - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Documents and Settings\\Ole\\Skrivebord\\utorrent.exe"="C:\\Documents and Settings\\Ole\\Skrivebord\\utorrent.exe:*:Enabled:æTorrent"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\I-Doser\I-Doser\Thumbs.db

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\I-Doser\I-Doser\Skins\Buttons\Thumbs.db

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\I-Doser\I-Doser\Skins\Default\Thumbs.db

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\I-Doser\I-Doser\Skins\SteelRain\Thumbs.db

C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\I-Doser\I-Doser\Skins\Titanium\Thumbs.db

C:\Documents and Settings\Ole\Mine dokumenter\Min musikk\Beck\Beck - The Information (2006) - Rock [www.torrentazos.com]\Thumbs.db

C:\Documents and Settings\Ole\Mine dokumenter\Min musikk\Marilyn Manson\Holy Wood [www.TodoCVCD.com][Johnnygan]\Thumbs.db

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Outlook Express\msimn.exe

C:\Programfiler\Windows Media Player\mplayer2.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\WINDOWS\SYSTEM32\C98739B8AD.sys

C:\WINDOWS\LastGood.Tmp\INF\oem41.inf

C:\WINDOWS\LastGood.Tmp\INF\oem41.PNF

C:\WINDOWS\SYSTEM32\hjkkj.tmp

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SAM.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.tmp.LOG

 

Finished

 

Hijack this:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:54:50, on 15.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programfiler\Unlocker\UnlockerAssistant.exe

C:\Documents and Settings\Ole\Skrivebord\utorrent.exe

C:\Documents and Settings\Ole\Skrivebord\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\Run: [rstvstef] C:\rnuoyjlr.bat

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [xooqobcc] C:\bcghyxhs.bat

O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Ole\Skrivebord\utorrent.exe"

O4 - HKUS\S-1-5-21-3364746796-3836892856-2458456877-1006\..\Run: [uTorrent] "C:\Documents and Settings\Ole\Skrivebord\utorrent.exe" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\Run: [smw] C:\Programfiler\??mantec\w?aclt.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AlexaToolbar] C:\WINDOWS\system32\alexa.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

 

--

End of file - 5260 bytes

[norbat]

Fix med HJT:

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\Run: [rstvstef] C:\rnuoyjlr.bat

O4 - HKLM\..\Run: [xooqobcc] C:\bcghyxhs.bat

O4 - HKUS\S-1-5-18\..\Run: [smw] C:\Programfiler\??mantec\w?aclt.exe (User '?')

 

Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper")

 

Bruk utforsker til å finne, om mulig, og slette (i fet)

(Du må antakelig ut i sikker modus for å få slettet)

 

C:\Programfiler\??mantec <- ?=vilkårlig tegn. Se etter ei mappe med ..mantec og som har fila w.aclt.exe

C:\lvdiomrw.bat

C:\rnuoyjlr.bat

C:\bcghyxhs.bat

C:\defender25.exe

C:\WINDOWS\WNSXS~1 <- ~1 = forkortelse.

C:\Programfiler\?dobe <- ikke adobe

C:\Programfiler\Fellesfiler\mc-110-12-0000140.exe

C:\WINDOWS\System32\ossproxy.exe

C:\WINDOWS\STEM32~1

 

Hent deretter DrWeb

 

Restart i Sikker modus (tapp F8 under oppstart)

 

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

 

Fra normal tilstand lager du en ny HJT-logg.

[derbipwnz]

Takk for hjelpen Jeg har laget en egen tråd om det her nå.

Endret 16. juli 2007 av derbipwnz

[Thorvis]

Bruk utforsker til å finne, om mulig, og slette (i fet)

(Du må antakelig ut i sikker modus for å få slettet)

 

C:\Programfiler\??mantec <- ?=vilkårlig tegn. Se etter ei mappe med ..mantec og som har fila w.aclt.exe

C:\lvdiomrw.bat

C:\rnuoyjlr.bat

C:\bcghyxhs.bat

C:\defender25.exe

C:\WINDOWS\WNSXS~1 <- ~1 = forkortelse.

C:\Programfiler\?dobe <- ikke adobe

C:\Programfiler\Fellesfiler\mc-110-12-0000140.exe

C:\WINDOWS\System32\ossproxy.exe

C:\WINDOWS\STEM32~1

9079432[/snapback]

 

Klarte ikke å finne noen av disse (Fjernet også haken ved "Skjul beskyttede operativsystemfiler)

 

Det eneste dr.web fant var SDFix.

 

Ny Hijack this log:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:09, on 17.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programfiler\Unlocker\UnlockerAssistant.exe

C:\Documents and Settings\Ole\Skrivebord\utorrent.exe

C:\Documents and Settings\Ole\Skrivebord\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [pgwktjrg] C:\lvdiomrw.bat

O4 - HKLM\..\Run: [rstvstef] C:\rnuoyjlr.bat

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [xooqobcc] C:\bcghyxhs.bat

O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Ole\Skrivebord\utorrent.exe"

O4 - HKUS\S-1-5-21-3364746796-3836892856-2458456877-1006\..\Run: [uTorrent] "C:\Documents and Settings\Ole\Skrivebord\utorrent.exe" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\Run: [smw] C:\Programfiler\??mantec\w?aclt.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AlexaToolbar] C:\WINDOWS\system32\alexa.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\wuauboot.dll ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

 

--

End of file - 5260 bytes

[Henrik Salthe]

Jeg tror jeg har noe svineri på PCen, har slitt veldig med nettlinja, og tror det kan være noe spyware e.l. som spiser opp båndbredden. Noen som kan se på hijackthis-loggen min?

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:41:14, on 22.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\xampp\apache\bin\apache.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\trlrm\RMHSvc.exe

C:\Program Files\xampp\apache\bin\apache.exe

C:\WINDOWS\System32\1XConfig.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe

C:\Programfiler\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe

C:\Programfiler\TOSHIBA\PadTouch\PadExe.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Programfiler\TOSHIBA\TOSHIBA-kontroller\TFncKy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\cmd.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:\Programfiler\TOSHIBA\Free Update Service\splash.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Programfiler\TOSHIBA\Free Update Service\splash.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Trlokom IE Toolbar - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Programfiler\SpyWall\TrlIETool.dll

O3 - Toolbar: Trlokom IE Toolbar - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Programfiler\SpyWall\TrlIETool.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Programfiler\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [PadTouch] "C:\Programfiler\TOSHIBA\PadTouch\PadExe.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file:///C:\Programfiler\TOSHIBA\Free Update Service\splash.html

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: Trlokom Central Management Helper 1.4.1 0 (trlokom_rmhsvc) - Trlokom, Inc. - C:\WINDOWS\trlrm\RMHSvc.exe

 

--

End of file - 9665 bytes

 

På forhånd takk!

[Gjest medlem-105082]

Har du tatt en scan med SAS for å skjekke om du finner noe spyware? Link i første post.

[1915]

Det spretter opp masse poppupp fra ie. blir ikke kvitt det. bruker BARE firefox.

hvordan blir jeg kvitt det?

OS: XP pro sp2

 

Logfile of HijackThis v1.99.1

Scan saved at 21:42:59, on 22.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Klikk for å se/fjerne innholdet nedenfor

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Eset\nod32krn.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Eset\nod32kui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\programfiler\powerstrip\pstrip.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\progra~1\valve\steam\steam.exe

C:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Creative\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Last.fm\LastFMHelper.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\Last.fm\LastFM.exe

D:\Install\VirusProg\hijackthis_sfx\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fettnerd.org/new/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.partypoker.com/news/items/scanda...?wm=2854809&p=1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Programdata\close poke frag ooze\Hole file.exe

O4 - HKLM\..\Run: [store fork ref scr] C:\Documents and Settings\All Users\Programdata\MAGS ADMIN SCR CLOSE\play balm settings.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "c:\progra~1\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [skipSetup] C:\DOCUME~1\admin\PROGRA~1\LOGOSE~1\typespampoke.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{E692BF2B-40D4-499C-A3C6-9B731758119E}: NameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1EB40B7-2735-4651-B0D5-58C08CF355DA}: NameServer = 10.0.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\Creative\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Endret 22. juli 2007 av 1915

[Gjest medlem-105082]

Kjør en "complete scan" med SAS. Link i første post. Legg så ut SAS loggen (preferences->statistics/logs) og en ny Hijackthis logg.

Endret 22. juli 2007 av medlem-105082

[icedragon1990]

Hva ska ikke være her??

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:34:52, on 29.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Gigabyte\Gigabyte WMKG Wireless Cardbus Adapter\Installer\WINXP\GNConfig.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Documents and Settings\Alex\Skrivebord\HiJackThis.exe

C:\Programfiler\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...=MjI6Ojg5&lid=2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: MSVPS System - {6F4DB301-0698-4AF4-A8A2-473996DF425A} - C:\WINDOWS\qnxplugin.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: GN-WMKG Utility.lnk = C:\Programfiler\Gigabyte\Gigabyte WMKG Wireless Cardbus Adapter\Installer\WINXP\GNConfig.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/18/...IPSUploader.cab

O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll.hook.dll (file missing)

O21 - SSODL: msddx - {8B3E0F31-F5E5-48EE-9C10-B20B81C9844D} - C:\WINDOWS\msddx.dll

O21 - SSODL: msqnx - {7D758493-0AA7-4054-B1D7-E952815BDA69} - C:\WINDOWS\msqnx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

 

--

End of file - 6101 bytes

[norbat]

Hei, icedragon1990

 

Du har noen ekle saker, så gjør følgende:

 

Last ned SDFix.exe.

Pakk ut programmet.

 

Last ned SAS, installer og oppdater.

 

Restart i sikker modus (tapp f8 under oppstart)

 

Kjør RunThis.bat i SDfix-mappa.

Det lages en rapport (Report.txt) som du poster senere.

 

Kjør en full scan med SAS.

 

Restart i normal modus

 

Post en ny HJT-logg sammen med loggen fra SDfix og SAS (Preferences->statistics/logs)

 

NB. Loggene poster du i din egen tråd https://www.diskusjon.no/index.php?showtopic=804931

Endret 29. juli 2007 av norbat