Poster utskilt fra veiledertråden-2

norbat · 2. juli 2007

Egen post: https://www.diskusjon.no/index.php?showtopic=791214

toffaen · 22. september 2007

Loggene dine viser ingen tegn på noen infeksjoner. Det er allikevel lurt å kjøre en scan med antivirus / antispyware programmet ditt.

9550517[/snapback]

Jeg kjørte en full scan med avast i går.. fant ingen virus..

odderling · 25. september 2007

nå har jeg nokk et proble som jeg ikke kan hanskes med! Når jeg prøver å logge meg på PC-en blir jeg bare logget ut igjenn av seg selv og for å få tillgang må jeg starte den i sikkerhetsmodus.

HijackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:07, on 24.09.2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Nero\Nero 7\Nero ShowTime\ShowTime.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [E-Gold] C:\WINDOWS\TEMP\VRR4B.tmp

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Odd erling\Skrivebord\P95\PRIME95.EXE (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 4418 bytes

ComboFix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-09-18.4 - "Odd erling" 2007-09-24 18:48:22.3 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1044.18.1764 [GMT 2:00]

.

((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))

.

2007-09-20 21:04 <DIR> dr-h----- C:\DOCUME~1\ODDERL~1\Siste

2007-09-19 17:47 <DIR> d-------- C:\Programfiler\Vietcong2

2007-09-19 16:36 <DIR> d-------- C:\WINDOWS\CAVTemp

2007-09-19 16:26 62,464 --a------ C:\WINDOWS\NirCmd.exe

2007-09-18 21:39 <DIR> d-------- C:\Programfiler\Trend Micro

2007-09-18 21:03 1,021,504 --a------ C:\WINDOWS\system32\vete.dll

2007-09-18 19:55 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\MailFrontier

2007-09-18 19:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-09-18 19:06 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-09-18 19:06 <DIR> d-------- C:\Programfiler\Microsoft AntiSpyware

2007-09-18 18:50 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\AdobeUM

2007-09-18 18:47 55,296 --a------ C:\Programfiler\hlpsrv.exe

2007-09-18 18:46 15,360 --a------ C:\WINDOWS\system32\drvdesr.dll

2007-09-18 18:46 103,936 --a------ C:\WINDOWS\system32\drvdes.dll

2007-09-18 18:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Adobe Systems

2007-09-18 18:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2007-09-17 21:54 <DIR> d-------- C:\DOCUME~1\ODDERL~1\Contacts

2007-09-17 21:51 <DIR> d-------- C:\Programfiler\MSN Messenger

2007-09-17 18:36 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\teamspeak2

2007-09-17 17:52 <DIR> d-------- C:\Programfiler\uTorrent

2007-09-17 17:52 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\uTorrent

2007-09-17 17:49 991,232 --a------ C:\WINDOWS\system32\esent.dll

2007-09-17 17:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-09-17 17:44 <DIR> d-------- C:\WINDOWS\system32\bits

2007-09-17 15:49 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll

2007-09-17 15:49 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll

2007-09-17 15:49 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll

2007-09-17 15:49 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2007-09-17 15:49 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll

2007-09-17 15:49 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll

2007-09-17 15:49 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

2007-09-17 15:49 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2007-09-17 15:49 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-09-17 15:48 1,152 --a------ C:\WINDOWS\mozver.dat

2007-09-17 15:46 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-09-17 15:46 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-09-17 15:46 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-09-17 15:46 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-09-17 15:46 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-09-17 15:46 169,240 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-09-16 19:23 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-09-16 19:22 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll

2007-09-16 19:22 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll

2007-09-16 19:22 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys

2007-09-16 19:22 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys

2007-09-16 19:22 <DIR> d-------- C:\Programfiler\Belkin

2007-09-16 19:21 <DIR> d-------- C:\Programfiler\Fellesfiler\muvee Technologies

2007-09-16 19:20 <DIR> d-------- C:\Programfiler\muvee Technologies

2007-09-16 19:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\muvee Technologies

2007-09-16 19:15 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-09-16 19:15 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-09-16 19:14 5,120 --a------ C:\WINDOWS\TBManage.dll

2007-09-16 19:14 36,864 --a------ C:\WINDOWS\GWLib.dll

2007-09-16 19:14 32,768 --a------ C:\WINDOWS\TBPanelExt.dll

2007-09-16 19:14 208,384 --a------ C:\WINDOWS\DXTool.exe

2007-09-16 19:14 2,173,744 --a------ C:\WINDOWS\TBPanel.exe

2007-09-16 19:14 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys

2007-09-16 19:14 103,936 --a------ C:\WINDOWS\TBZoom.exe

2007-09-16 19:14 <DIR> d-------- C:\WINDOWS\UI

2007-09-16 18:15 <DIR> d-------- C:\Programfiler\VentriloMIX

2007-09-16 18:15 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\Ventrilo

2007-09-16 16:23 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2007-09-16 16:23 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-09-16 16:23 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2007-09-16 16:23 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2007-09-16 16:22 <DIR> d-------- C:\Programfiler\Futuremark

2007-09-16 14:04 <DIR> d-------- C:\Programfiler\Nero

2007-09-16 14:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-09-16 14:04 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\Ahead

2007-09-16 14:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Nero

2007-09-16 10:39 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\dvdcss

2007-09-16 10:36 <DIR> d-------- C:\Programfiler\DAEMON Tools

2007-09-16 10:35 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-15 15:12 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll

2007-09-15 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys

2007-09-15 15:12 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys

2007-09-15 15:12 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys

2007-09-15 15:12 <DIR> d-------- C:\Programfiler\ASUS

2007-09-15 14:01 <DIR> d-------- C:\Programfiler\OpenAL

2007-09-15 13:55 <DIR> d-------- C:\Spell

2007-09-15 13:40 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\vlc

2007-09-15 13:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2007-09-15 13:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2007-09-15 13:30 <DIR> d-------- C:\Programfiler\Plato DVD to AVI Converter

2007-09-15 13:30 <DIR> d-------- C:\Programfiler\Cheat Engine

2007-09-15 13:28 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-09-15 09:05 0 --a------ C:\WINDOWS\nsreg.dat

2007-09-15 08:53 <DIR> d-------- C:\Seria

2007-09-15 08:53 <DIR> d-------- C:\Filma

2007-09-15 08:45 <DIR> d-------- C:\Programfiler\Dvd shrink Kopierte filma

2007-09-15 08:14 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2007-09-15 08:14 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-09-15 08:13 9,728,000 -r------- C:\WINDOWS\RTLCPL.exe

2007-09-15 08:13 4,395,008 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys

2007-09-15 08:13 2,822,144 -r------- C:\WINDOWS\alcwzrd.exe

2007-09-15 08:13 2,169,856 -r------- C:\WINDOWS\MicCal.exe

2007-09-15 08:13 180,224 -r------- C:\WINDOWS\Alcmtr.exe

2007-09-15 08:13 16,139,776 -ra------ C:\WINDOWS\RTHDCPL.exe

2007-09-15 08:13 131,072 -r------- C:\WINDOWS\SoundMan.exe

2007-09-15 08:13 1,835,008 -r------- C:\WINDOWS\SkyTel.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-18 21:03 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys

2007-09-18 21:03 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys

2007-09-16 16:23 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2007-09-15 17:29 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-09-14 21:58 --------- d-------- C:\Programfiler\microsoft frontpage

2007-09-14 21:56 --------- d-------- C:\Programfiler\Fellesfiler\Tjenester

2007-09-14 21:56 --------- d-------- C:\Programfiler\Fellesfiler\MSSoap

2007-09-14 21:55 --------- d-------- C:\Programfiler\Elektroniske tjenester

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll

2007-06-29 00:43 831488 --a------ C:\WINDOWS\system32\nvcplui.exe

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll

2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll

2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll

2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll

2007-06-29 00:43 487424 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-06-29 00:43 471040 --a------ C:\WINDOWS\system32\keystone.exe

2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll

2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll

2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll

2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll

2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll

2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll

2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2007-06-29 00:43 266308 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll

2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll

2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-06-29 00:43 159744 --a------ C:\WINDOWS\system32\nvcolor.exe

2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll

2007-06-29 00:43 1417216 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll

2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll

2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin

2006-06-24 00:48 77824 -ra------ C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((( snapshot_2007-09-19_164500.60 )))))))))))))))))))))))))))))))))))))))))

.

----a-r 53,084 2007-03-20 14:36:18 C:\WINDOWS\RaidTool\xInsIDE.exe

----a-w 326,656 2007-07-22 16:39:27 C:\WINDOWS\system32\swreg.exe

----a-w 256,512 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe

----a-w 97,860 2006-11-27 00:34:46 C:\WINDOWS\system32\VFind.exe

----a-w 16,384 2007-09-24 16:34:29 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

----a-w 32,768 2007-09-24 16:34:29 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

---ha-w 262,144 2007-09-19 15:16:43 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat

----a-w 32,768 2007-09-24 16:34:29 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat

----a-w 62,888 2007-09-24 14:01:33 C:\WINDOWS\system32\ZoneLabs\boot.dat

----a-w 685,752 2007-09-19 16:25:22 C:\WINDOWS\system32\ZoneLabs\qrbase.dll

----a-w 644,792 2007-09-19 16:25:22 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll

----a-w 5,642,223 2007-09-23 20:30:05 C:\WINDOWS\system32\ZoneLabs\spyware.dat

----a-w 1,406,648 2007-09-19 16:25:22 C:\WINDOWS\system32\ZoneLabs\srescan.dll

----a-w 12,406,936 2007-09-24 14:01:33 C:\WINDOWS\system32\ZoneLabs\vet.dat

----a-w 5,642,223 2007-09-23 20:30:05 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

----a-w 849,920 2007-09-24 16:32:32 C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat

.

------r 53,084 2007-03-20 14:36:18 C:\WINDOWS\RaidTool\xInsIDE.exe

----a-w 359,424 2007-07-22 16:39:27 C:\WINDOWS\system32\swreg.exe

----a-w 223,744 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe

----a-w 65,092 2006-11-27 00:34:46 C:\WINDOWS\system32\VFind.exe

----a-w 16,384 2007-09-19 14:37:03 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

----a-w 32,768 2007-09-19 14:37:03 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

----a-w 32,768 2007-09-19 14:37:03 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat

----a-w 62,888 2007-09-18 19:03:04 C:\WINDOWS\system32\ZoneLabs\boot.dat

----a-w 685,752 2007-09-18 20:52:34 C:\WINDOWS\system32\ZoneLabs\qrbase.dll

----a-w 644,792 2007-09-18 20:52:34 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll

----a-w 5,553,835 2007-09-18 20:52:23 C:\WINDOWS\system32\ZoneLabs\spyware.dat

----a-w 1,406,648 2007-09-18 20:52:34 C:\WINDOWS\system32\ZoneLabs\srescan.dll

----a-w 12,240,264 2007-09-18 19:03:05 C:\WINDOWS\system32\ZoneLabs\vet.dat

----a-w 5,553,835 2007-09-18 20:52:23 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36]

"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 18:23]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-29 00:43]

"nwiz"="nwiz.exe" []

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-02-13 20:29]

"DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2006-12-06 22:30]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-29 00:43]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 C:\WINDOWS\RTHDCPL.exe]

"Ai Nap"="C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 14:49]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-04-23 13:18]

"gcasServ"="C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]

"Zone Labs Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-16 16:00]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-08-29 17:09]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-18 18:47]

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

C:\DOCUME~1\ODDERL~1\START-~1\PROGRA~1\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\System32\DRIVERS\JGOGO.sys

R0 JRAID;JRAID;C:\WINDOWS\System32\DRIVERS\jraid.sys

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\System32\drivers\dadder.sys

S2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

S2 TBPanel;TBPanel;C:\WINDOWS\System32\drivers\TBPanel.sys

S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-24 18:49:18

Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-24 18:50:04

C:\ComboFix-quarantined-files.txt ... 2007-09-24 18:49

C:\ComboFix2.txt ... 2007-09-24 18:22

C:\ComboFix3.txt ... 2007-09-19 16:47

.

--- E O F ---

norbat · 25. september 2007

Heisann,

Du kunne ha prøvd en systemgjenoppretting fra sikker modus

(Tilbehør->systemverktøy->systemgjenoppretting. Velg en dato der ting og tang virket ok)

odderling · 25. september 2007

Det virket ikke

Andre forslag?

norbat · 25. september 2007

Det ligger en trojaner i loggen, så vi kan forsøke følgende:

Start i sikker modus m/nettverk og kjør en onlinescan med housecall:

http://housecall.trendmicro.com/

odderling · 25. september 2007

Et problem med housecall er at en må innstalere java runtime på nytt uansett om det er innstalert på PC-en fra før for å kunne bruke det!

norbat · 25. september 2007

Fra Sikker modus m/nettverk:

Hent deretter DrWeb

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

xzzy · 29. september 2007

grimsbo:

Hent Smitfraudfix, legg det på skrivebordet

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør Smitfraudfix, velg valg 2.

Logg: Vanligvis å finne i C:\rapport.txt. Den poster du sammen med en HJT-logg.

Fint om du oppretter en egen tråd der du legger loggene dine.

9356586[/snapback]

xzzy · 29. september 2007

Har fått en liten satan av en pop-up, som popper opp hvert 5. minutt; 'Windows security alert! Warning! Potential spyware operation! Your computer is making unauthorized copies of your system and internet files. Run full scan...' (Stavefeil i ruta: 'pervent' og 'unatorised')

Har prøvd noen metoder for å få beistet fjerna, men den dukker opp igjen og igjen. Tror jeg trenger litt hjelp for å få den bort for godt. Håper noen kan hjelpe meg, for jeg er i ferd med å bli gal, og jeg har liten lyst til å formatere.

Vennlig hilsen xzzy

Fatmouse · 30. september 2007

Halloen. Får en popup hele tiden hvor det står

"System performance monitor: Warning"

Summary:

System perfomance slowed down by: 47 %

Internet connection speed decreased by 39 %

Probable reason: Spyware applications/Adware popup windows

Jeg har ikke peiling på hvordan jeg løser dette. Har førsøkt å laste ned avast! men funker ikke. Sannsynlighetene taler for at de aller fleste av dere har mer peil på slikt enn meg. Jeg håper på hjelp.

Klikk for å se/fjerne innholdet nedenfor

<Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:48, on 30.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\Programfiler\Online Video Add-on\icthis.exe

C:\Programfiler\Online Video Add-on\icmntr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Windows Live Toolbar\msn_sl.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adressa.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxus.flataasen.ad:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Programfiler\Online Video Add-on\ictmdl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [MMTray] C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AntiSpyGolden 5.1] "C:\Programfiler\AntiSpyGolden 5.1\AntiSpyGolden 5.1.exe" /h

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [3COM] C:\Programfiler\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\Online Video Add-on\icthis.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?20cc55a24ae6414eb4a229baa57d4389

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?20cc55a24ae6414eb4a229baa57d4389

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q105&bd=pavilion&pf=laptop

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://no.pixaco.com/static/download/pixacodndupload.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab

O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.kongehuset.no/svideo3.cab

O22 - SharedTaskScheduler: checkman - {8a96d76c-97fc-42c8-8e68-5613bacef854} - C:\WINDOWS\system32\rmtdvc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12614 bytes>

norbat · 30. september 2007

Fatmouse:

Hent Smitfraudfix, legg det på skrivebordet

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør Smitfraudfix, velg valg 2. Følg veiledningen...

Når Smitfraudfix er ferdig, laster du ned SAS, installer, oppdater og kjør en full (Complete) scan.

Post Smitfraudfix-loggen (C:\rapport.txt), SAS-loggen (preferences->statistics/logs) + ny HJT-logg.

Fatmouse · 30. september 2007

Dette ser straks lysere ut!

HighJackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:26:59, on 30.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\msiexec.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE