Poster utskilt fra veiledertråden-2

norbat · 6. januar 2008

Start HJT, velg "Do a system scan only", sett merke framfor følgendel linjer og klikk Fix checked:

O4 - HKLM\..\Run: [irfud] F:\WINDOWS\system32\uddg\irfud.exe

O4 - HKLM\..\RunServices: [iE Runtime] winlo.exe

O4 - HKCU\..\Run: [iE Runtime] winlo.exe

O4 - HKCU\..\RunServices: [iE Runtime] winlo.exe

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2AD79297-69D1-4A5C-8FEB-630C5B50F448}: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE54553-3E1C-490D-9DB6-67159F4A5C80}: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CCS\Services\Tcpip\..\{E90B84EC-9F65-401C-BB12-F3A0359A88CA}: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.136

O17 - HKLM\System\CS1\Services\Tcpip\..\{2AD79297-69D1-4A5C-8FEB-630C5B50F448}: NameServer = 85.255.115.60,85.255.112.136

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.136

Hent Fixwareout

Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install.

Sjekk at det er avkrysset i 'Run fixit'.

Klikk Finish og fixet vil starte. Følg instruksjonen.

Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt .....

Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen.

Post en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt)

-=SjuR=- · 7. januar 2008

yes da var det gjort.

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:39:00, on 07.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\Programfiler\Windows Defender\MsMpEng.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

F:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

F:\Programfiler\Network Associates\Common Framework\FrameworkService.exe

F:\Programfiler\Network Associates\VirusScan\mcshield.exe

F:\Programfiler\Network Associates\VirusScan\vstskmgr.exe

F:\WINDOWS\system32\PnkBstrA.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\notepad.exe

F:\WINDOWS\system32\RunDll32.exe

F:\WINDOWS\system32\LVCOMSX.EXE

F:\Programfiler\Network Associates\Common Framework\UpdaterUI.exe

F:\Programfiler\Network Associates\VirusScan\SHSTAT.EXE

F:\Programfiler\Fellesfiler\Network Associates\TalkBack\tbmon.exe

F:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

F:\Programfiler\Windows Defender\MSASCui.exe

F:\Programfiler\Logitech\Video\LogiTray.exe

F:\WINDOWS\System32\svchost.exe

F:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe

F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

F:\Programfiler\Logitech\Video\FxSvr2.exe

F:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

F:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

F:\Programfiler\Fellesfiler\ACD Systems\EN\DevDetect.exe

F:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe

F:\Games\iPod\iTunes\iTunesHelper.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

F:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

F:\Programfiler\iPod\bin\iPodService.exe

F:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\test.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - F:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - F:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - F:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Programfiler\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "F:\Programfiler\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "F:\Programfiler\Fellesfiler\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "F:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] F:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Component Manager] "F:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "F:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] F:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] F:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [QuickTime Task] "F:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "F:\Games\iPod\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] F:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [startCCC] F:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = F:\Programfiler\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://F:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Games\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Games\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll

O12 - Plugin for .spop: F:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - F:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Programfiler\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Programfiler\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Programfiler\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - F:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 11843 bytes

Fixwareout

Fixwareout Last edited 2/11/2007

Post this report in the forums please

...

»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

»»»»» Misc files.

....

»»»»» Checking for older varients.

....

Search five digit cs, dm, kd, jb, other, files.

The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.

http://www.virustotal.com/flash/index_en.html

Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"LVCOMSX"="F:\\WINDOWS\\system32\\LVCOMSX.EXE"

"McAfeeUpdaterUI"="\"F:\\Programfiler\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

"ShStatEXE"="\"F:\\Programfiler\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"

"Network Associates Error Reporting Service"="\"F:\\Programfiler\\Fellesfiler\\Network Associates\\TalkBack\\tbmon.exe\""

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

"NvCplDaemon"="RUNDLL32.EXE F:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"SunJavaUpdateSched"="\"F:\\Programfiler\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

"Windows Defender"="\"F:\\Programfiler\\Windows Defender\\MSASCui.exe\" -hide"

"Adobe Photo Downloader"="\"F:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"LogitechVideoRepair"="F:\\Programfiler\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="F:\\Programfiler\\Logitech\\Video\\LogiTray.exe"

"HP Component Manager"="\"F:\\Programfiler\\HP\\hpcoretech\\hpcmpmgr.exe\""

"HP Software Update"="\"F:\\Programfiler\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""

"HPDJ Taskbar Utility"="F:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

"DeviceDiscovery"="F:\\Programfiler\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"

"NvMediaCenter"="RUNDLL32.EXE F:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"Sony Ericsson PC Suite"="\"F:\\Programfiler\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"SweetIM"="F:\\Programfiler\\Macrogaming\\SweetIM\\SweetIM.exe"

"Device Detector"="DevDetect.exe -autorun"

"QuickTime Task"="\"F:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"F:\\Games\\iPod\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AutorunsDisabled]

"HP Component Manager"="\"F:\\Programfiler\\HP\\hpcoretech\\hpcmpmgr.exe\""

"HP Software Update"="\"F:\\Programfiler\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""

"iTunesHelper"="\"F:\\Games\\iPod\\iTunes\\iTunesHelper.exe\""

"IE Runtime"="winlo.exe"

"lcquuc"="F:\\WINDOWS\\system32\\mcjjxq\\lcquuc.exe"

"admx"="F:\\WINDOWS\\system32\\ugpacuh\\admx.exe"

"bpkw"="F:\\WINDOWS\\system32\\rkuqs\\bpkw.exe"

"cucjkop"="F:\\WINDOWS\\system32\\snuyh\\cucjkop.exe"

"fracqhu"="F:\\WINDOWS\\system32\\qkwmvuvm\\fracqhu.exe"

"mepxavm"="F:\\WINDOWS\\system32\\efdkk\\mepxavm.exe"

"MsUpdate"="F:\\Programfiler\\MsUpdate\\MsUpdate.exe /auto"

"NapsterShell"="F:\\Programfiler\\Napster\\napster.exe /systray"

"obfvg"="F:\\WINDOWS\\system32\\bkkevl\\obfvg.exe"

"smasry"="F:\\WINDOWS\\system32\\wqysi\\smasry.exe"

"sobdujvb"="F:\\WINDOWS\\system32\\xqaurwnd\\sobdujvb.exe"

"trirfva"="F:\\WINDOWS\\system32\\hyqpm\\trirfva.exe"

"ubafqzob"="F:\\WINDOWS\\ubafqzob.exe"

"yjrkc"="F:\\WINDOWS\\system32\\eajsn\\yjrkc.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\\WINDOWS\\system32\\ctfmon.exe"

"LogitechSoftwareUpdate"="F:\\Programfiler\\Logitech\\Video\\ManifestEngine.exe boot"

"StartCCC"="F:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

Takk for hjelpen så langt

norbat · 7. januar 2008

Kjør combofix på nytt og post loggen.

Carlgutt · 7. januar 2008

carlgutt:
Loggen ser fin ut. Ingen filer der som viser noen infeksjoner.

Du kunne ha kjørt en rens og fått ryddet litt:

1. Avinstaller program du ikke bruker.

2. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

3. Sjekk om det trengs en defragmentering: Tilbehør->systemverktøy->diskdefragmentering.

Du kan også scanne med et antispywareprog: Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

gjorde alt du sa men ingenting virket..får vel sende datan inn til reparasjon da..er ikke så veldig flink med data egentlig :roll:

edit: glemte så klart å takke for hjelpen

Endret 7. januar 2008 av carlgutt

norbat · 7. januar 2008

carlgutt:

Vi kan godt ta en titt på en combofix-logg også. Den kan kanskje fortelle noe mer:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt)

Carlgutt · 7. januar 2008

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"IAAnotif"="C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]

"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]

"avgnt"="C:\Programfiler\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:23 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]

--a------ 2004-02-19 13:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-01-27 01:02 86016 C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

--------- 2004-10-12 16:54 57344 C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 17:24 1694208 C:\Programfiler\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2004-01-07 01:01 110592 C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

R2 IAANTMon;IAA Event Monitor;C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 11:22]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-07 14:29:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-01-07 18:49:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-07 19:58:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-07 19:59:15

.

2008-01-04 14:15:38 --- E O F ---

norbat · 7. januar 2008

Savner toppen av combofix-loggen. Kunne du ha lagt ut den?

Carlgutt · 7. januar 2008

Savner toppen av combofix-loggen. Kunne du ha lagt ut den?

sånn?

ComboFix 08-01-07.5 - bruker 2008-01-07 21:24:34.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.596 [GMT 1:00]

Running from: C:\Documents and Settings\bruker\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))

.

2008-01-07 19:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-07 18:51 . 2008-01-07 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-01-07 18:06 . 2008-01-07 18:06 <DIR> d-------- C:\Documents and Settings\bruker\SystemRequirementsLab

2008-01-06 20:29 . 2008-01-06 20:29 <DIR> d-------- C:\Documents and Settings\bruker\Programdata\Image Zone Express

2008-01-06 20:01 . 2008-01-06 20:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-06 20:01 . 2008-01-06 20:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-06 20:01 . 2008-01-06 20:01 <DIR> d-------- C:\Documents and Settings\bruker\Programdata\SUPERAntiSpyware.com

2008-01-06 20:01 . 2008-01-06 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-06 19:53 . 2008-01-06 21:05 <DIR> dr-h----- C:\Documents and Settings\bruker\Siste

2008-01-06 18:53 . 2008-01-06 18:53 <DIR> d-------- C:\Programfiler\Yahoo!

2008-01-06 13:07 . 2008-01-06 13:07 <DIR> d-------- C:\Programfiler\Trend Micro

2008-01-06 00:20 . 2008-01-06 00:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-01-06 00:14 . 2008-01-07 20:47 <DIR> d-------- C:\Programfiler\World of Warcraft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-06 19:21 --------- d-----w C:\Programfiler\DivX

2008-01-06 18:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-01-06 10:53 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-06 10:38 --------- d-----w C:\Programfiler\BitLord

2008-01-06 01:27 --------- d-----w C:\Programfiler\Java

2007-11-30 11:42 --------- d-----w C:\Programfiler\Windows Live Toolbar

2007-11-15 15:04 --------- d-----w C:\Programfiler\7-Zip

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll

2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

2007-10-10 23:54 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll

2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll

2007-10-10 23:53 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll

2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll

2007-10-10 23:53 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll

2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll

2007-10-10 23:53 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll

2007-10-10 23:53 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll

2007-10-10 23:53 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll

2007-10-10 23:53 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll

2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll

2007-10-10 23:53 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll

2007-10-10 23:53 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll

2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll

2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll

2007-10-10 23:53 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll

2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll

2007-10-10 23:53 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll

2007-10-10 23:53 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll

2007-10-10 23:53 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll

2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll

2007-10-10 11:02 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

2007-10-10 11:02 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]