Poster utskilt fra veiledertråden-2

norbat · 7. oktober 2007

Hvis du har tid , kan du kjøre gjennom langversjonen i 1.post, så tar vi det derfra da din nåværende hjt-logg ikke sier så mye.

Edit: og som det står i 1. post: Opprett en egen post/tråd ved å klikke Nytt emne der du legger evt. logger :thumbup:

Endret 7. oktober 2007 av norbat

Jorgens71 · 12. oktober 2007

Fatmouse:

Hent Smitfraudfix, legg det på skrivebordet

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør Smitfraudfix, velg valg 2. Følg veiledningen...

Når Smitfraudfix er ferdig, laster du ned SAS, installer, oppdater og kjør en full (Complete) scan.

Post Smitfraudfix-loggen (C:\rapport.txt), SAS-loggen (preferences->statistics/logs) + ny HJT-logg.

Flere som sliter litt her... HJELP!

Jeg har lastet ned Smitfraudfix og forsøkt oppskriften ovenfor.

Fikk fjernet en del grums, men jeg sittter fortsatt igjen med en "security toolbar 7.1" i nettleser'n min (std explorer)

Har også kjørt Spybot - Search and destroy uten at det hjalp noe...

Forslag?!

norbat · 12. oktober 2007

Hei Jorgens71 og velkommen til forumet.

Du kan gjøre følgende (antar du har XP):

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

PC-en vil restarte og det vil bli laget en logg når programmet er ferdig. Den poster du senere.

Last deretter ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile".

Loggfilen kopierer du og poster sammen med loggen fra combofix (c:\combofix.txt)

(Alt dette står i første post men ettersom du er ny så skal jeg ikke mase om du har kjørt gjennom den veiledningen )

EDIT: Og loggene legger du i en egen tråd som du oppretter ved å klikke på 'Nytt Emne'-knappen. Gi tråden er forklarende emnetittel.

Endret 12. oktober 2007 av norbat

Gaardon · 6. november 2007

Takk for den som laget denne tråden veldig hjelpfull!

skal prøve å poste loggen etterpå har funnet 177 threats til nå.

norbat · 6. november 2007

Det gjør du bare :thumbup:

mansallica · 15. november 2007

ComboFix-logg

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-11-08.1 - De Voksne 2007-11-15 17:58:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.500 [GMT 1:00]

Running from: D:\Documents and Settings\De Voksne\Skrivebord\ComboFix.exe

* Created a new restore point

.

ADS - system32: deleted 20480 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\SecCenter

C:\Programfiler\SecCenter\scprot4.exe

C:\WINDOWS\system32\fibagbia

C:\WINDOWS\system32\fibagbia\bg1.gif

C:\WINDOWS\system32\fibagbia\bgtop.gif

C:\WINDOWS\system32\fibagbia\bottom1.gif

C:\WINDOWS\system32\fibagbia\essentials.gif

C:\WINDOWS\system32\fibagbia\fibagbia1.exe

C:\WINDOWS\system32\fibagbia\fibagbia2.exe

C:\WINDOWS\system32\fibagbia\fibagbia3.exe

C:\WINDOWS\system32\fibagbia\icon1.ico

C:\WINDOWS\system32\fibagbia\install1.gif

C:\WINDOWS\system32\fibagbia\left1.gif

C:\WINDOWS\system32\fibagbia\li.gif

C:\WINDOWS\system32\fibagbia\logo.gif

C:\WINDOWS\system32\fibagbia\main.htm

C:\WINDOWS\system32\fibagbia\mainframe.htm

C:\WINDOWS\system32\fibagbia\reinstall1.gif

C:\WINDOWS\system32\fibagbia\right1.gif

C:\WINDOWS\system32\fibagbia\s1.htm

C:\WINDOWS\system32\fibagbia\s2.htm

C:\WINDOWS\system32\fibagbia\s3.htm

C:\WINDOWS\system32\fibagbia\SMTop1.gif

C:\WINDOWS\system32\fibagbia\SMTop2.gif

C:\WINDOWS\system32\fibagbia\SMTop3.gif

C:\WINDOWS\system32\fibagbia\SMTop4.gif

C:\WINDOWS\system32\fibagbia\soft1_off.gif

C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif

C:\WINDOWS\system32\fibagbia\soft1_on.gif

C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif

C:\WINDOWS\system32\fibagbia\soft2_off.gif

C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif

C:\WINDOWS\system32\fibagbia\soft2_on.gif

C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif

C:\WINDOWS\system32\fibagbia\soft3_off.gif

C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif

C:\WINDOWS\system32\fibagbia\soft3_on.gif

C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif

C:\WINDOWS\system32\fibagbia\softbottom_off.gif

C:\WINDOWS\system32\fibagbia\softbottom_on.gif

C:\WINDOWS\system32\fibagbia\softleft_off.gif

C:\WINDOWS\system32\fibagbia\softleft_on.gif

C:\WINDOWS\system32\fibagbia\top1.gif

C:\WINDOWS\system32\fibagbia\top2.gif

C:\WINDOWS\system32\fibagbia\turnoff1.gif

C:\WINDOWS\system32\fibagbia\turnon1.gif

.

((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))

.

2007-11-15 17:58 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-15 17:52 <DIR> dr-h----- D:\Documents and Settings\De Voksne\Siste

2007-11-15 17:50 <DIR> d-------- C:\Programfiler\Yahoo!

2007-11-15 17:50 <DIR> d-------- C:\Programfiler\CCleaner

2007-11-15 14:45 <DIR> d-------- D:\Documents and Settings\LocalService\Start-meny

2007-11-15 14:45 <DIR> d-------- D:\Documents and Settings\LocalService\Skrivebord

2007-11-15 14:45 <DIR> dr-h----- D:\Documents and Settings\LocalService\Siste

2007-11-15 14:45 <DIR> dr------- D:\Documents and Settings\LocalService\Mine dokumenter

2007-11-15 14:45 <DIR> dr------- D:\Documents and Settings\LocalService\Favoritter

2007-11-15 14:05 <DIR> d-------- D:\Documents and Settings\LocalService\Programdata\Webroot

2007-11-15 14:05 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Webroot

2007-11-15 14:05 <DIR> d-------- C:\Programfiler\Webroot

2007-11-15 14:05 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2007-11-15 14:05 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2007-11-15 14:05 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-11-15 14:05 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2007-11-15 14:04 <DIR> d-------- D:\Documents and Settings\De Voksne\Programdata\Webroot

2007-11-15 12:27 <DIR> d-------- D:\Documents and Settings\De Voksne\Programdata\GetRightToGo

2007-11-15 12:00 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-11-15 11:52 <DIR> d-------- C:\VundoFix Backups

2007-11-15 00:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-11-15 00:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-11-15 00:39 <DIR> d-------- C:\Programfiler\Google

2007-11-14 17:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-11-14 17:19 <DIR> d-------- C:\Programfiler\GiPo@Utilities

2007-11-14 17:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Gibinsoft Shared

2007-11-14 15:46 <DIR> d-------- C:\Programfiler\Enigma Software Group

2007-11-14 14:58 <DIR> d-------- C:\Programfiler\Ewlmmtix

2007-11-14 14:58 <DIR> d-------- C:\Programfiler\byfululc

2007-11-14 14:58 339 --a------ C:\WINDOWS\17PHolmes1000272.exe

2007-11-11 12:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-11-11 12:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-11-11 12:27 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-11-11 12:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-11 12:27 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-11 12:27 3,452 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-11 12:24 <DIR> d-------- C:\WINDOWS\pss

2007-11-11 01:46 <DIR> d-------- C:\Programfiler\ziduhwlm

2007-11-11 01:46 <DIR> d-------- C:\Programfiler\Mjfrbrnn

2007-11-11 01:46 22,528 --a------ C:\WINDOWS\system32\winhld32.dll

2007-11-09 19:26 <DIR> d-------- C:\Programfiler\CDRWIN

2007-11-09 19:26 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL

2007-11-07 18:42 <DIR> d-------- C:\Programfiler\MagicDVDRipper

2007-11-01 21:31 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe

2007-11-01 21:30 <DIR> d-------- C:\Programfiler\Realtek

2007-11-01 21:30 520,192 --a------ C:\WINDOWS\RtlExUpd.dll

2007-11-01 21:30 315,392 --a------ C:\WINDOWS\HideWin.exe

2007-10-25 15:29 12,300,995 --------- C:\AVG7QT.DAT

2007-10-23 16:36 162,304 --a------ C:\UNWISE.EXE

2007-10-22 18:54 <DIR> d-------- D:\Documents and Settings\De Voksne\Programdata\Canon

2007-10-22 18:54 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ScanSoft

2007-10-22 18:52 <DIR> d-------- D:\Documents and Settings\De Voksne\Programdata\ArcSoft

2007-10-21 22:58 <DIR> d--h----- D:\Documents and Settings\All Users\Programdata\CanonBJ

2007-10-21 22:58 140,288 --a------ C:\WINDOWS\system32\CNMLM7K.DLL

2007-10-21 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-10-21 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2007-10-21 22:58 8,704 --a------ C:\WINDOWS\system32\CNMVS7K.DLL

2007-10-21 22:56 <DIR> d-------- D:\Documents and Settings\De Voksne\Programdata\ScanSoft

2007-10-21 22:56 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SSScanWizard

2007-10-21 22:56 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\SSScanAppDataDir

2007-10-21 22:56 <DIR> d-------- C:\Programfiler\ScanSoft

2007-10-21 22:56 <DIR> d-------- C:\Programfiler\Fellesfiler\ScanSoft Shared

2007-10-21 22:20 <DIR> d-------- C:\Programfiler\ArcSoft

2007-10-21 22:20 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL

2007-10-21 22:17 <DIR> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information

2007-10-21 22:17 <DIR> d-------- C:\WINDOWS\StartHtmico

2007-10-21 22:17 <DIR> d--h----- C:\CanonMP

2007-10-21 22:17 221,184 --a------ C:\WINDOWS\system32\CNCC150.DLL

2007-10-21 22:17 139,264 --a------ C:\WINDOWS\system32\CNCL150.DLL

2007-10-21 22:17 69,632 --a------ C:\WINDOWS\system32\CNCI150.DLL

2007-10-21 22:17 49,152 --a------ C:\WINDOWS\system32\cncisco.dll

2007-10-21 22:16 <DIR> d-------- C:\Programfiler\Canon

2007-10-21 21:34 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-10-21 21:34 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2007-10-16 23:38 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Grisoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-15 13:11 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\AVG7

2007-11-15 13:06 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\uTorrent

2007-11-14 23:31 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Skype

2007-11-14 20:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-11-14 20:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-11-14 17:15 --------- d-----w C:\Programfiler\uTorrent

2007-11-14 16:23 --------- d-----w D:\Documents and Settings\All Users\Programdata\Avg7

2007-11-08 13:26 --------- d-----w D:\Documents and Settings\Barne\Programdata\AVG7

2007-11-08 10:32 --------- d-----w C:\Programfiler\MagicDVDCopier

2007-11-03 15:45 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-22 13:05 --------- d-----w D:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-10-19 22:35 --------- d-----w C:\Programfiler\Opera

2007-10-16 17:38 4,615,168 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys

2007-10-16 17:30 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe

2007-10-16 14:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-10-15 18:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-10-15 00:37 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP

2007-10-12 08:07 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\AdobeUM

2007-10-11 17:22 --------- d-----w D:\Documents and Settings\Barne\Programdata\PC Suite

2007-10-11 17:22 --------- d-----w D:\Documents and Settings\Barne\Programdata\Nero

2007-10-11 14:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-10-11 14:32 --------- d--h--r D:\Documents and Settings\De Voksne\Programdata\SecuROM

2007-10-11 14:17 --------- d-----w C:\Programfiler\Electronic Arts

2007-10-11 14:16 --------- d-----w C:\Programfiler\AGEIA Technologies

2007-10-11 10:04 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe

2007-10-10 17:10 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Vso

2007-10-07 16:34 --------- d-----w C:\Programfiler\AskTBar

2007-10-07 12:31 --------- d-----w D:\Documents and Settings\LocalService\Programdata\AVG7

2007-10-07 12:31 --------- d-----w D:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2007-10-06 21:03 --------- d-----w D:\Documents and Settings\All Users\Programdata\Lavasoft

2007-10-06 21:03 --------- d-----w C:\Programfiler\Lavasoft

2007-10-06 13:10 --------- d-----w C:\Programfiler\GameSpy Arcade

2007-10-06 13:09 87,608 ----a-w D:\Documents and Settings\De Voksne\Programdata\ezpinst.exe

2007-10-06 13:09 47,360 ----a-w D:\Documents and Settings\De Voksne\Programdata\pcouffin.sys

2007-10-06 13:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2007-10-06 11:10 --------- d-----w C:\Programfiler\EA GAMES

2007-10-06 09:52 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Nero

2007-10-06 09:51 --------- d-----w C:\Programfiler\Fellesfiler\Nero

2007-10-06 09:43 --------- d-----w D:\Documents and Settings\All Users\Programdata\Nero

2007-10-06 09:43 --------- d-----w C:\Programfiler\Nero

2007-10-05 21:12 --------- d-----w C:\Programfiler\MSBuild

2007-10-05 21:12 --------- d-----w C:\Programfiler\Microsoft Works

2007-10-05 21:11 --------- d-----w C:\Programfiler\Microsoft.NET

2007-10-05 20:54 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared

2007-10-05 16:33 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\CyberLink

2007-10-05 16:33 --------- d-----w D:\Documents and Settings\All Users\Programdata\CyberLink

2007-10-05 16:14 --------- d-----w C:\Programfiler\Java

2007-10-05 16:10 --------- d-----w C:\Programfiler\Alcohol Soft

2007-10-02 22:05 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-10-02 20:25 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Sonic

2007-10-02 20:23 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Leadertech

2007-10-02 17:30 --------- d-----w D:\Documents and Settings\All Users\Programdata\Skype

2007-10-02 17:30 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2007-10-02 17:29 --------- d-----w C:\Programfiler\MSXML 4.0

2007-10-02 17:26 --------- d-----w C:\Programfiler\Fellesfiler\logishrd

2007-10-02 16:19 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Ulead Systems

2007-10-02 16:15 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Nokia

2007-10-02 16:12 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\PC Suite

2007-10-02 16:12 --------- d-----w C:\Programfiler\Nokia

2007-10-02 16:11 --------- d-----w D:\Documents and Settings\All Users\Programdata\PC Suite

2007-10-02 16:11 --------- d-----w D:\Documents and Settings\All Users\Programdata\Downloaded Installations

2007-10-02 16:11 --------- d-----w C:\Programfiler\Fellesfiler\PCSuite

2007-10-02 16:11 --------- d-----w C:\Programfiler\Fellesfiler\Nokia

2007-10-02 16:06 320,512 ----a-w C:\WINDOWS\Tele2Uninstall.exe

2007-10-02 16:03 --------- d-----w D:\Documents and Settings\All Users\Programdata\Symantec

2007-10-02 15:45 --------- d-----w C:\Programfiler\DIFX

2007-10-02 15:31 --------- d-----w D:\Documents and Settings\De Voksne\Programdata\Symantec

2007-10-02 15:29 --------- d-----w C:\Programfiler\NVIDIA Corporation

2007-10-02 15:28 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-10-02 15:02 --------- d-----w C:\Programfiler\Lavalys

2007-09-30 15:03 --------- d-----w C:\Programfiler\Sonic

2007-09-30 15:03 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared

2007-09-30 15:02 --------- d-----w C:\Programfiler\CyberLink

2007-09-30 15:01 --------- d-----w C:\Programfiler\Windows Media Components

2007-09-30 15:01 --------- d-----w C:\Programfiler\Ulead Systems

2007-09-30 15:01 --------- d-----w C:\Programfiler\Fellesfiler\Ulead Systems

2007-09-30 15:00 --------- d-----w D:\Documents and Settings\All Users\Programdata\Ulead Systems

2007-09-30 14:59 --------- d-----w C:\Programfiler\Real

2007-09-30 14:59 --------- d-----w C:\Programfiler\QuickTime

2007-09-30 14:59 --------- d-----w C:\Programfiler\Fellesfiler\xing shared

2007-09-30 14:59 --------- d-----w C:\Programfiler\Fellesfiler\Real

2007-09-30 14:58 --------- d-----w D:\Documents and Settings\All Users\Programdata\QuickTime

2007-09-30 14:58 --------- d-----w C:\Programfiler\GMixon

2007-09-30 14:56 --------- d-----w D:\Documents and Settings\Barne\Programdata\Symantec

2007-09-30 14:49 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-09-17 00:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys

2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll

2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]

2007-11-14 14:58 114688 --a------ C:\Programfiler\Ewlmmtix\cdyhiyfk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]

C:\Programfiler\Mjfrbrnn\kkcdokmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D1121FE-0987-429D-9DF6-142C1AD63F9F}]

C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-30 15:59]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 17:23]

"OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 18:30 C:\WINDOWS\RTHDCPL.exe]

"SpyHunter"="" []

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 21:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 12:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gos1DC]

gos1DC.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gosBA7]

gosBA7.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

"C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8235016-6f66-11dc-8bac-806d6172696f}]

\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]

C:\WINDOWS\system32:svchost.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-15 18:00:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-15 18:01:04

.

--- E O F ---

SuperAntiSpyware-logg

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 11/15/2007 at 06:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3345

Trace Rules Database Version: 1346

Scan type : Complete Scan

Total Scan Time : 00:35:03

Memory items scanned : 467

Memory threats detected : 0

Registry items scanned : 7629

Registry threats detected : 11

File items scanned : 29156

File threats detected : 17

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}

HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}

HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32

HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32#ThreadingModel

HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32#t

C:\PROGRAMFILER\EWLMMTIX\CDYHIYFK.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}

HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D1121FE-0987-429D-9DF6-142C1AD63F9F}

HKCR\CLSID\{6D1121FE-0987-429D-9DF6-142C1AD63F9F}

HKCR\CLSID\{6D1121FE-0987-429D-9DF6-142C1AD63F9F}\InprocServer32

HKCR\CLSID\{6D1121FE-0987-429D-9DF6-142C1AD63F9F}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\GEEDD.DLL

Malware.Ultimate Defender

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\FIBAGBIA1.EXE.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\FIBAGBIA2.EXE.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FIBAGBIA\FIBAGBIA3.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP86\A0013316.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP92\A0013776.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP92\A0013777.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP92\A0013778.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP95\A0014288.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP95\A0014289.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP95\A0014290.EXE

Trojan.Downloader-CREW

C:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP94\A0014147.DLL

Trojan.Unknown Origin/System

C:\WINDOWS\SYSTEM32\WINHLD32.DLL

Adware.Tracking Cookie

D:\Documents and Settings\Barne\Cookies\[email protected][1].txt

Trojan.Downloader-Gen/MobRules

D:\SYSTEM VOLUME INFORMATION\_RESTORE{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP94\A0014028.DLL

HijackThis-logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:21:20, on 15.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\apps\ABoard\ABoard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\apps\ABoard\AOSD.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Webroot\Spy Sweeper\SSU.EXE

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Outlook Express\msimn.exe

D:\Documents and Settings\De Voksne\Skrivebord\ng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Programfiler\Mjfrbrnn\kkcdokmk.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: gos1DC - gos1DC.tmp (file missing)

O20 - Winlogon Notify: gosBA7 - gosBA7.tmp (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 10373 bytes

Rootlog-logg

Klikk for å se/fjerne innholdet nedenfor

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh

15.11.2007 19:23:12,04

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-15 19:23:12

Windows 5.1.2600 Service Pack 2

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:65cd5df5

"s2"=dword:637fb300

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04]

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0

hidden services: 0

hidden files: 0

Håper dere kan hjelpe meg.

Har blitt plaget av dette lenge ..

norbat · 15. november 2007

Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Programfiler\Mjfrbrnn\kkcdokmk.dll (file missing)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O20 - Winlogon Notify: gos1DC - gos1DC.tmp (file missing)

O20 - Winlogon Notify: gosBA7 - gosBA7.tmp (file missing)

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\system32\winhld32.dll

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\WS2Fix.exe

Folders to delete:

C:\Programfiler\Ewlmmtix

C:\Programfiler\byfululc

C:\Programfiler\ziduhwlm

C:\Programfiler\Mjfrbrnn

Klikk på Trafikklyset. Restart PC-en.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den.

Fortell hvoran PC-en kjører og litt om hva som er/var problemet.

mansallica · 15. november 2007

tusen takk for hjelpen, jeg gir beskjed om hvordan pc`n fungerer om noen dager

mansallica · 16. november 2007

til norbat. det ser ut som alt er vel og bra nå. tusen tusen takk.

norbat · 16. november 2007

Hei,

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Surf trygt.

mansallica · 16. november 2007

tusen takk igjen. :dribble:

25. november 2007

Kan noen se igjennom denne hijackthis loggen fra en bærbar tilhørende ei "ooh, gratis ting, ja takk" jente?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:32, on 25.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqgalry.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx.exe

C:\DOCUME~1\THORKI~1\LOKALE~1\Temp\IXP000.TMP\install.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\MsiExec.exe

C:\Programfiler\BitComet\BitComet.exe

C:\Documents and Settings\Thorkildsen\Lokale innstillinger\Temporary Internet Files\Content.IE5\J3LH55TI\HiJackThis[1].exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A0C1D18F-0D98-EE55-749F-87C290ECFD92} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\THORKI~1\LOKALE~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sP2 Connection Patcher] "C:\Programfiler\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 6915 bytes

norbat · 25. november 2007

Mest opprydding

Start hjt, sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A0C1D18F-0D98-EE55-749F-87C290ECFD92} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

Oppdater javaen din: http://java.com/en/download/index.jsp

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Antar du har kjørt SuperAntispyware 'nylig'. Hvis ikke, kan du gjøre det til slutt.

25. november 2007

Tusen takk! Har som du antok kjørt sas, og fjernet 200 ting og tang. Er veldig usikker på hijackthis logs så fant ut at jeg skulle overlate det til kyndig personell!

norbat · 25. november 2007

Det høres fornuftig ut

Surf trygt.

bruker234 · 8. desember 2007

lastet nettop ned HijackThis..

fikk denne loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:38, on 08.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Microsoft Office\Office\1044\OLFSNT40.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Espenh\LOKALE~1\Temp\~DPE.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-3097683721-4136516729-643897162-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Frank')

O4 - HKUS\S-1-5-21-3097683721-4136516729-643897162-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ingvild')

O4 - HKUS\S-1-5-21-3097683721-4136516729-643897162-1008\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background (User 'Ingvild')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Programfiler\Microsoft Office\Office\1044\OLFSNT40.EXE

O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167580027218

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Documents and Settings\Espenh\Mine dokumenter\Espen\Annet\PROGRAMMER\PrfldSvc.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 10835 bytes

kan noen skjekke loggen og si hva jeg burde gjøre?? PC-en fryser seg helt under spill, kanskje noen kan si om det kan være et problem dere kan se her i loggen?

norbat · 8. desember 2007

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Espenh\LOKALE~1\Temp\~DPE.dll

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan.

Post loggen fra SAS (preferences->statistics/logs) + ny hjt-logg

bruker234 · 8. desember 2007

ser at SAS tar litt tid..gjør det i morgen.

bruker234 · 9. desember 2007

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/08/2007 at 11:22 PM

Application Version : 3.9.1008

Core Rules Database Version : 3358

Trace Rules Database Version: 1357

Scan type : Complete Scan

Total Scan Time : 00:15:55

Memory items scanned : 533

Memory threats detected : 0

Registry items scanned : 6462

Registry threats detected : 16

File items scanned : 10163

File threats detected : 113

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{598F4775-6FB6-477B-9842-E0426824E077}

HKCR\CLSID\{598F4775-6FB6-477B-9842-E0426824E077}

HKCR\CLSID\{598F4775-6FB6-477B-9842-E0426824E077}\InprocServer32

HKCR\CLSID\{598F4775-6FB6-477B-9842-E0426824E077}\InprocServer32#ThreadingModel

C:\DOCUME~1\ESPENH\LOKALE~1\TEMP\~DPE.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}

Adware.Tracking Cookie

C:\Documents and Settings\Espenh\Cookies\espenh@serving-sys[2].txt

C:\Documents and Settings\Espenh\Cookies\[email protected][2].txt

C:\Documents and Settings\Espenh\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@2o7[1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\frank@adtech[1].txt

C:\Documents and Settings\Frank\Cookies\frank@advertising[2].txt

C:\Documents and Settings\Frank\Cookies\frank@atdmt[2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@countercentral[2].txt

C:\Documents and Settings\Frank\Cookies\frank@doubleclick[2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@ez-tracks[1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][3].txt

C:\Documents and Settings\Frank\Cookies\frank@hitbox[2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@mediaplex[1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@questionmarket[2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][3].txt

C:\Documents and Settings\Frank\Cookies\frank@serving-sys[2].txt

C:\Documents and Settings\Frank\Cookies\frank@specificclick[2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][2].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt

C:\Documents and Settings\Frank\Cookies\frank@tradedoubler[2].txt

C:\Documents and Settings\Frank\Cookies\frank@winantivirus[1].txt

C:\Documents and Settings\Frank\Cookies\[email protected][1].txt