Infisert med virus. Hjelp

[birte013]

SAS:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/30/2007 at 06:32 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3370

Trace Rules Database Version: 1365

 

Scan type : Complete Scan

Total Scan Time : 00:40:30

 

Memory items scanned : 695

Memory threats detected : 6

Registry items scanned : 5909

Registry threats detected : 77

File items scanned : 45432

File threats detected : 72

 

Adware.webHancer

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WEBHDLL.DLL

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WEBHDLL.DLL

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WHAGENT.EXE

C:\PROGRAMFILER\WEBHANCER\PROGRAMS\WHAGENT.EXE

HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000026

HKCR\WhIeHelperObj.WhIeHelperObj

HKCR\WhIeHelperObj.WhIeHelperObj\CurVer

HKCR\WhIeHelperObj.WhIeHelperObj.1

HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\win32

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR

HKLM\Software\WebHancer

HKLM\Software\WebHancer#BaseDir

HKLM\Software\WebHancer\CC

HKLM\Software\WebHancer\CC#DistTag

HKLM\Software\WebHancer\CC#INSTFRM

HKLM\Software\WebHancer\CC#DWLLTM

HKLM\Software\WebHancer\CC#SLNTIND

HKLM\Software\WebHancer\CC#ACCPTPS

HKLM\Software\WebHancer\CC#id

HKLM\Software\WebHancer\ESO

HKLM\Software\WebHancer\ESO#aa

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#DisplayName

C:\Programfiler\WEBHANCER\Programs\whagent.ini

C:\Programfiler\WEBHANCER\Programs\license.txt

C:\Programfiler\WEBHANCER\Programs\readme.txt

C:\Programfiler\WEBHANCER\Programs\sporder.dll

C:\Programfiler\WEBHANCER\Programs\whinstaller.exe

C:\Programfiler\WEBHANCER\Programs

C:\Programfiler\WEBHANCER

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#webHancer Agent [ C:\Programfiler\webHancer\Programs\whagent.exe ]

C:\WINDOWS\Prefetch\WHAGENT.EXE-172E5893.pf

 

Adware.ZenoSearch-NVON

C:\WINDOWS\SYSTEM32\KODSRNGL.EXE

C:\WINDOWS\SYSTEM32\KODSRNGL.EXE

C:\WINDOWS\SYSTEM32\DWDSRNGT.EXE

C:\DOCUMENTS AND SETTINGS\mittnavn\START-MENY\PROGRAMMER\OPPSTART\TA_START.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP1\A0000016.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP3\A0000128.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP4\A0000247.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0000353.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0001353.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0002351.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0003353.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP8\A0004348.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP9\A0005351.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP9\A0006349.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP12\A0008351.LNK

C:\WINDOWS\Prefetch\KODSRNGL.EXE-28C8AE89.pf

 

Trojan.Unclassified/FukuRuku

C:\WINDOWS\SYSTEM32\GZMRT.DLL

C:\WINDOWS\SYSTEM32\GZMRT.DLL

C:\WINDOWS\SYSTEM32\_GZMRT.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP3\A0000102.DLL

 

Trojan.ZenoSearch

C:\WINDOWS\SYSTEM32\KWINPLDQ.EXE

C:\WINDOWS\SYSTEM32\KWINPLDQ.EXE

C:\WINDOWS\system32\msnav32.ax

C:\WINDOWS\SYSTEM32\KWINPLDT.EXE

C:\WINDOWS\SYSTEM32\KWINPLDS.EXE

C:\DOCUMENTS AND SETTINGS\mittnavn\START-MENY\PROGRAMMER\OPPSTART\THINK-ADZ.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP1\A0000019.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP3\A0000129.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP4\A0000216.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP4\A0000250.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0000354.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0001358.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0002354.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP7\A0003359.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP8\A0004354.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP9\A0005357.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP9\A0006356.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP12\A0008352.LNK

C:\WINDOWS\Prefetch\KWINPLDQ.EXE-18B97261.pf

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\InprocServer32

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\InprocServer32#ThreadingModel

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\ProgID

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\Programmable

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\TypeLib

HKCR\CLSID\{10F3E8BD-257A-4702-A2F5-DC02055B068C}\VersionIndependentProgID

HKLM\Software\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32#ThreadingModel

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\ProgID

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\Programmable

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\TypeLib

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\NSB4A5.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}

 

Adware.Vundo-Variant/B

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}

HKCR\CLSID\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}

HKCR\CLSID\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}\InprocServer32

HKCR\CLSID\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\KBDG.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\mittnavn\Cookies\[email protected][2].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@pro-market[2].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][2].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@directtrack[1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@tradedoubler[1].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@doubleclick[1].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@atdmt[1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][1].txt

C:\Documents and Settings\mittnavn\Cookies\[email protected][2].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@zedo[2].txt

C:\Documents and Settings\mittnavn\Cookies\mittnavn@mediaplex[1].txt

 

Adware.Think-Adz

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString

 

Malware.MalwareAlarm

HKCR\MalwareAlarm.WebInstall

HKCR\MalwareAlarm.WebInstall\CLSID

HKCR\MalwareAlarm.WebInstall\CurVer

HKCR\MalwareAlarm.WebInstall.1

HKCR\MalwareAlarm.WebInstall.1\CLSID

 

Adware.Unknown Origin

C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

 

Trojan.Downloader-Gen

C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

 

Adware.AdRotator/AdsSite

C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE

 

Adware.AdRotator/RightOnz

C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE

 

Trace.Known Threat Sources

C:\Documents and Settings\mittnavn\Lokale innstillinger\Temporary Internet Files\Content.IE5\E0DQF4E6\favicon[1].ico

C:\Documents and Settings\mittnavn\Lokale innstillinger\Temporary Internet Files\Content.IE5931UW7D\rd-fakeout2-720x300[1].gif

 

 

 

 

hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:11:29, on 30.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\AdVantage\AdVantage.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Programfiler\Vista Start Menu\VistaStartMenu.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\DOCUME~1\BIRTEL~1\LOKALE~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jucheck.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [{41-16-6D-DC-ZN}] C:\windows\system32\kodsrngl.exe P2D002

O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitDownload] "C:\Programfiler\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [AdVantage] "C:\Programfiler\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programfiler\Vista Start Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner.malware-scan.com/50_swp/webinst.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13957 bytes

 

 

 

Jeg tror etter hva jeg så, at jeg har en del virus ja.

[norbat]

Ja, men SAS har tatt det meste.

 

Start HJT igjen, velg "Do a system scan only", sett merke framfor følengde linjer og klikk Fix checked:

 

- O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

- O4 - HKLM\..\Run: [{41-16-6D-DC-ZN}] C:\windows\system32\kodsrngl.exe P2D002

- O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

- O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner.malware-scan.com/50_swp/webinst.cab

 

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det ligger noe igjen.

Endret 30. desember 2007 av norbat

[birte013]

 

ComboFix 07-12-21.4 - mittnavn 2007-12-30 20:09:03.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.370 [GMT 1:00]

Running from: C:\Documents and Settings\mittnavn\Lokale innstillinger\Temporary Internet Files\Content.IE5\0931UW7D\ComboFix[1].exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

 

2007-12-30 19:09 . 2007-12-30 19:09 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-30 18:47 . 2007-12-30 18:47 <DIR> d--hs---- C:\FOUND.009

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Documents and Settings\mittnavn\Programdata\SUPERAntiSpyware.com

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-30 17:37 . 2007-12-30 17:37 <DIR> dr-h----- C:\Documents and Settings\mittnavn\Siste

2007-12-30 17:37 . 2007-12-30 17:37 <DIR> dr-h----- C:\Documents and Settings\mittnavn\Siste

2007-12-30 17:22 . 2007-12-30 17:22 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-30 16:37 . 2007-12-30 16:37 <DIR> d-------- C:\Programfiler\Vista Start Menu

2007-12-30 16:29 . 2007-12-30 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7

2007-12-26 18:32 . 2007-12-30 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-26 18:32 . 2007-12-26 18:35 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-26 18:28 . 2007-12-26 18:28 3,262 --a------ C:\WINDOWS\system32\ocasino2.ico

2007-12-26 13:44 . 2007-12-26 13:44 <DIR> d--hs---- C:\FOUND.008

2007-12-26 01:23 . 2007-12-26 01:23 <DIR> d-------- C:\Programfiler\SereneScreen

2007-12-26 01:23 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\Free Aquarium Screensaver

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\Desktop XP

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\AdVantage

2007-12-26 01:16 . 2006-03-13 15:16 2,871,848 --a------ C:\WINDOWS\system32\Free Aquarium Screensaver.scr

2007-12-26 01:16 . 2007-02-15 13:40 524,288 --a------ C:\WINDOWS\system32\Desktop XP Screensaver Manager.scr

2007-12-26 01:16 . 2007-02-07 18:11 2,591 --a------ C:\WINDOWS\system32\Free Aquarium Screensaver.html

2007-12-26 00:57 . 2007-12-26 00:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-12-26 00:49 . 2007-12-26 00:49 <DIR> d-------- C:\Programfiler\Stardock

2007-12-26 00:49 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2007-12-21 21:13 . 2007-12-21 21:13 1,283,174 --a------ C:\Install

2007-12-15 17:22 . 19,456 C:\WINDOWS\system32\drivers\xvsvcmah.dat

2007-12-15 17:21 . 2004-08-04 20:00 84,992 --a------ C:\WINDOWS\system32\kbdg.dll

2007-11-04 17:48 . 2007-11-04 17:48 <DIR> d--hs---- C:\FOUND.007

2007-11-03 11:01 . 2007-11-03 11:01 <DIR> d--hs---- C:\FOUND.006

2007-11-02 15:47 . 2007-11-02 15:47 2,238 --a------ C:\WINDOWS\system32\fpoker.ico

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:14 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2007-09-12 20:59 40,315 ----a-w C:\WINDOWS\system32\gzmrot-uninst.exe

2007-07-04 21:35 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-04 15:20 88 --sh--r C:\WINDOWS\system32\563CA73EDA.sys

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-30_19.02.02.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}]

2004-08-04 20:00 84992 --a------ C:\WINDOWS\system32\kbdg.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

"msnmsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"BitDownload"="C:\Programfiler\BitDownload\BitDownload.exe" []

"ares"="C:\Programfiler\Ares\Ares.exe" []

"AdVantage"="C:\Programfiler\AdVantage\AdVantage.exe" [2007-06-28 15:19]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]

"ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-06-12 16:11 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 22:29]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39]

"LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47]

"LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 18:58]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 09:36]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

Sitecom WL-112 Utility.lnk - C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe [2006-12-19 21:12:46]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

R0 gxktaaqi;gxktaaqi;C:\WINDOWS\system32\drivers\xvsvcmah.dat []

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-27 23:05]

R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 14:10]

R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 19:17]

R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 19:17]

R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 19:17]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S3 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-28 21:50:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Birte Lønnum.job"

- C:\PROGRA~1\NORTON~1\Navw32.exe

"2007-12-17 14:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 20:11:26

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe"

.

Completion time: 2007-12-30 20:12:16

C:\ComboFix2.txt ... 2007-12-30 19:02

.

2007-12-22 10:06:34 --- E O F ---

 

 

 

Sånn der!

Endret 30. desember 2007 av birte013

[norbat]

birte013:

 

Avinstaller, om mulig, Free Aquarium Screensaver fra legg til/fjern programmer.

 

Last ned på ny combofix og legg det på skrivebordet. Kjør programmet og post loggen

[birte013]

 

ComboFix 07-12-21.4 - 2007-12-30 23:04:42.3 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.296 [GMT 1:00]

Running from: C:\Documents and Settings\\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

 

2007-12-30 21:39 . 2007-12-30 21:39 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition

2007-12-30 21:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-12-30 21:38 . 2007-12-30 21:38 <DIR> d-------- C:\WINDOWS\LastGood

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Programfiler\Windows Live

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d--hs---- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-30 19:09 . 2007-12-30 19:09 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-30 18:47 . 2007-12-30 18:47 <DIR> d--hs---- C:\FOUND.009

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Documents and Settings\\Programdata\SUPERAntiSpyware.com

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-30 17:37 . 2007-12-30 17:37 <DIR> dr-h----- C:\Documents and Settings\\Siste

2007-12-30 17:37 . 2007-12-30 17:37 <DIR> dr-h----- C:\Documents and Settings\\Siste

2007-12-30 17:22 . 2007-12-30 17:22 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-30 16:37 . 2007-12-30 16:37 <DIR> d-------- C:\Programfiler\Vista Start Menu

2007-12-30 16:29 . 2007-12-30 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7

2007-12-26 18:32 . 2007-12-30 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-26 18:32 . 2007-12-26 18:35 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-26 18:28 . 2007-12-26 18:28 3,262 --a------ C:\WINDOWS\system32\ocasino2.ico

2007-12-26 13:44 . 2007-12-26 13:44 <DIR> d--hs---- C:\FOUND.008

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\Free Aquarium Screensaver

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\Desktop XP

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\AdVantage

2007-12-26 01:16 . 2007-02-15 13:40 524,288 --a------ C:\WINDOWS\system32\Desktop XP Screensaver Manager.scr

2007-12-26 00:57 . 2007-12-26 00:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-12-26 00:49 . 2007-12-26 00:49 <DIR> d-------- C:\Programfiler\Stardock

2007-12-26 00:49 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2007-12-21 21:13 . 2007-12-21 21:13 1,283,174 --a------ C:\Install

2007-12-15 17:22 . 19,456 C:\WINDOWS\system32\drivers\xvsvcmah.dat

2007-12-15 17:21 . 2004-08-04 20:00 84,992 --a------ C:\WINDOWS\system32\kbdg.dll

2007-11-04 17:48 . 2007-11-04 17:48 <DIR> d--hs---- C:\FOUND.007

2007-11-03 11:01 . 2007-11-03 11:01 <DIR> d--hs---- C:\FOUND.006

2007-11-02 15:47 . 2007-11-02 15:47 2,238 --a------ C:\WINDOWS\system32\fpoker.ico

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:14 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2007-09-12 20:59 40,315 ----a-w C:\WINDOWS\system32\gzmrot-uninst.exe

2007-07-04 21:35 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-04 15:20 88 --sh--r C:\WINDOWS\system32\563CA73EDA.sys

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-30_19.02.02.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-30 20:40:48 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Client\12.0.1366.1026__31bf3856ad364e35_bfd0647a\WindowsLive.Client.dll

+ 2007-12-30 20:40:26 57,344 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Api\1.0.0.0__31bf3856ad364e35_b7ef5011\WindowsLive.Writer.Api.dll

+ 2007-12-30 20:40:28 450,560 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.ApplicationFramework\12.0.1366.1026__31bf3856ad364e35_fe00fa01\WindowsLive.Writer.ApplicationFramework.dll

+ 2007-12-30 20:40:30 466,944 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.BlogClient\12.0.1366.1026__31bf3856ad364e35_c75b4e5d\WindowsLive.Writer.BlogClient.dll

+ 2007-12-30 20:40:32 114,688 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.BrowserControl\12.0.1366.1026__31bf3856ad364e35_e6054e5c\WindowsLive.Writer.BrowserControl.dll

+ 2007-12-30 20:40:32 262,144 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Controls\12.0.1366.1026__31bf3856ad364e35_72308218\WindowsLive.Writer.Controls.dll

+ 2007-12-30 20:40:34 917,504 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.CoreServices\12.0.1366.1026__31bf3856ad364e35_90f4898e\WindowsLive.Writer.CoreServices.dll

+ 2007-12-30 20:40:50 65,536 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Extensibility\12.0.1366.1026__31bf3856ad364e35_c3dec512\WindowsLive.Writer.Extensibility.dll

+ 2007-12-30 20:40:36 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.FileDestinations\12.0.1366.1026__31bf3856ad364e35_2de50ef7\WindowsLive.Writer.FileDestinations.dll

+ 2007-12-30 20:40:38 286,720 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.HtmlEditor\12.0.1366.1026__31bf3856ad364e35_f85a5f91\WindowsLive.Writer.HtmlEditor.dll

+ 2007-12-30 20:40:38 114,688 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.HtmlParser\12.0.1366.1026__31bf3856ad364e35_bd1da44b\WindowsLive.Writer.HtmlParser.dll

+ 2007-12-30 20:40:40 159,744 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Interop.Mshtml\12.0.1366.1026__31bf3856ad364e35_adb1e6b7\WindowsLive.Writer.Interop.Mshtml.dll

+ 2007-12-30 20:40:42 217,088 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Interop.SHDocVw\1.1.0.0__31bf3856ad364e35_453ba324\WindowsLive.Writer.Interop.SHDocVw.dll

+ 2007-12-30 20:40:40 221,184 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Interop\12.0.1366.1026__31bf3856ad364e35_f0eac017\WindowsLive.Writer.Interop.dll

+ 2007-12-30 20:40:42 151,552 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Mshtml\12.0.1366.1026__31bf3856ad364e35_c177c7ff\WindowsLive.Writer.Mshtml.dll

+ 2007-12-30 20:40:48 77,824 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.Passport\12.0.1366.1026__31bf3856ad364e35_6e103994\WindowsLive.Writer.Passport.dll

+ 2007-12-30 20:40:46 2,297,856 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLive.Writer.PostEditor\12.0.1366.1026__31bf3856ad364e35_b9812770\WindowsLive.Writer.PostEditor.dll

+ 2007-12-30 20:40:50 28,672 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\WindowsLiveWriter\12.0.1366.1026__31bf3856ad364e35_bf440175\WindowsLiveWriter.exe

+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

+ 2007-12-30 20:39:30 125,472 ----a-r C:\WINDOWS\Installer\{21667E3B-5BD0-49F9-A1EE-BB50D5A306F4}\WLXPhotoGalleryIcon.exe

+ 2007-12-30 20:37:40 86,746 ----a-r C:\WINDOWS\Installer\{29CB1674-DE1D-4D39-A871-FA0194FC58E9}\wlmail.exe

+ 2007-12-30 20:38:28 29,926 ----a-r C:\WINDOWS\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe

+ 2007-12-30 20:36:38 9,780 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{FC9EE7B1-011D-4D37-A596-D211A1081127}.bin

+ 2006-10-24 11:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll

- 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll

+ 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll

- 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-16 15:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-24 11:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll

+ 2006-10-24 11:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll

+ 2006-10-24 11:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}]

2004-08-04 20:00 84992 --a------ C:\WINDOWS\system32\kbdg.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

"BitDownload"="C:\Programfiler\BitDownload\BitDownload.exe" []

"ares"="C:\Programfiler\Ares\Ares.exe" []

"AdVantage"="C:\Programfiler\AdVantage\AdVantage.exe" [2007-06-28 15:19]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]

"ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-06-12 16:11 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 22:29]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39]

"LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47]

"LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 18:58]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 09:36]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MessengerPlusLiveUninstall"="C:\DOCUME~1\BIRTEL~1\LOKALE~1\Temp\MsgPlusUninstall.exe" [2006-11-28 06:23]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

Sitecom WL-112 Utility.lnk - C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe [2006-12-19 21:12:46]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

R0 gxktaaqi;gxktaaqi;C:\WINDOWS\system32\drivers\xvsvcmah.dat []

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-27 23:05]

R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 14:10]

R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 19:17]

R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 19:17]

R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 19:17]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S3 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

*Newly Created Service* - WLSETUPSVC

.

Contents of the 'Scheduled Tasks' folder

"2007-12-28 21:50:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Birte Lønnum.job"

- C:\PROGRA~1\NORTON~1\Navw32.exe

"2007-12-17 14:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 23:06:25

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe"

.

Completion time: 2007-12-30 23:07:05

C:\ComboFix3.txt ... 2007-12-30 19:02

C:\ComboFix2.txt ... 2007-12-30 20:12

.

2007-12-22 10:06:34 --- E O F ---

 

 

 

Der tror jeg at jeg gjorde det rett. Jeg avinstallerte Free Aquarium Screensaver!

Endret 30. desember 2007 av birte013

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\FOUND.009

C:\FOUND.008

C:\WINDOWS\system32\Desktop XP Screensaver Manager.scr

C:\WINDOWS\system32\kbdg.dll

C:\FOUND.007

C:\FOUND.006

 

Folder::

C:\Programfiler\Free Aquarium Screensaver

C:\Programfiler\Desktop XP

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MessengerPlusLiveUninstall"=-

 

 

Gå deretter til nettstedet http://virusscan.jotti.org/. Øverst på siden kan du laste opp filer for en sjekk. Gjør det med følgende filer:

 

C:\WINDOWS\system32\fpoker.ico

C:\WINDOWS\system32\ocasino2.ico

C:\WINDOWS\system32\drivers\xvsvcmah.dat

C:\WINDOWS\system32\563CA73EDA.sys

 

For å se alle filene må du antakelig gjøre følgende: Gå til kontrollpanel->Mappealternativer.

Velg arkfanen Vis

Sette merke framfor "Vis skjulte filer og mapper"

Fjern merke framfor "Skjul beskyttede operativsystemfiler"

 

 

Post combofix-loggen og gi tilbakemelding på hva jotti sier om nevnte filer.

[birte013]

 

ComboFix 07-12-21.4 - 2007-12-31 0:06:09.4 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.391 [GMT 1:00]

Running from: C:\Documents and Settings\\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\\Skrivebord\CFScript.txt

* Created a new restore point

 

FILE

C:\FOUND.006

C:\FOUND.007

C:\FOUND.008

C:\FOUND.009

C:\WINDOWS\system32\Desktop XP Screensaver Manager.scr

C:\WINDOWS\system32\kbdg.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\Desktop XP

C:\Programfiler\Desktop XP\Screensaver Manager\error.log

C:\Programfiler\Desktop XP\Screensaver Manager\Help\help.html

C:\Programfiler\Desktop XP\Screensaver Manager\Help\style.css

C:\Programfiler\Desktop XP\Screensaver Manager\Img\default.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Img\new.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Img\tick.gif

C:\Programfiler\Desktop XP\Screensaver Manager\Launcher.exe

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\3dmatrix.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\default.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\fishaqua3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\flowerclock3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\freeaqua.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\lake3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\lighthouse.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\nightcity3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\solarsystem.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\waterfall3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\wilddolphin3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\Screenshots\winter3d.jpg

C:\Programfiler\Desktop XP\Screensaver Manager\unins000.dat

C:\Programfiler\Desktop XP\Screensaver Manager\unins000.exe

C:\Programfiler\Desktop XP\Screensaver Manager\XML\configuration.xml

C:\Programfiler\Free Aquarium Screensaver

C:\Programfiler\Free Aquarium Screensaver\ags.ico

C:\Programfiler\Free Aquarium Screensaver\ags.url

C:\Programfiler\Free Aquarium Screensaver\xp.ico

C:\Programfiler\Free Aquarium Screensaver\xp.url

C:\WINDOWS\system32\Desktop XP Screensaver Manager.scr

C:\WINDOWS\system32\kbdg.dll . . . . failed to delete

 

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

 

2007-12-30 21:39 . 2007-12-30 21:39 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition

2007-12-30 21:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Programfiler\Windows Live

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d--hs---- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-30 19:09 . 2007-12-30 19:09 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-30 19:02 . <DIR> C:\Documents and Settings\Birte L°nnum\Lokale innstillinger

2007-12-30 19:02 . <DIR> C:\Documents and Settings\Birte L°nnum\Lokale innstillinger

2007-12-30 18:47 . 2007-12-30 18:47 <DIR> d--hs---- C:\FOUND.009

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-30 17:50 . 2007-12-30 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-30 17:22 . 2007-12-30 17:22 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-30 16:37 . 2007-12-30 16:37 <DIR> d-------- C:\Programfiler\Vista Start Menu

2007-12-30 16:29 . 2007-12-30 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7

2007-12-26 18:32 . 2007-12-30 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-26 18:32 . 2007-12-26 18:35 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-26 18:28 . 2007-12-26 18:28 3,262 --a------ C:\WINDOWS\system32\ocasino2.ico

2007-12-26 13:44 . 2007-12-26 13:44 <DIR> d--hs---- C:\FOUND.008

2007-12-26 01:16 . 2007-12-26 01:16 <DIR> d-------- C:\Programfiler\AdVantage

2007-12-26 00:57 . 2007-12-26 00:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-12-26 00:49 . 2007-12-26 00:49 <DIR> d-------- C:\Programfiler\Stardock

2007-12-26 00:49 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2007-12-21 21:13 . 2007-12-21 21:13 1,283,174 --a------ C:\Install

2007-12-15 17:22 . 19,456 C:\WINDOWS\system32\drivers\xvsvcmah.dat

2007-12-15 17:21 . 2007-12-31 00:08 84,992 --a------ C:\WINDOWS\system32\kbdg.dll

2007-11-04 17:48 . 2007-11-04 17:48 <DIR> d--hs---- C:\FOUND.007

2007-11-03 11:01 . 2007-11-03 11:01 <DIR> d--hs---- C:\FOUND.006

2007-11-02 15:47 . 2007-11-02 15:47 2,238 --a------ C:\WINDOWS\system32\fpoker.ico

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:14 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2007-09-12 20:59 40,315 ----a-w C:\WINDOWS\system32\gzmrot-uninst.exe

2007-07-04 21:35 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-04 15:20 88 --sh--r C:\WINDOWS\system32\563CA73EDA.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0E7866-EA68-44D8-B816-4FB0D2D29099}]

2007-12-31 00:08 84992 --a------ C:\WINDOWS\system32\kbdg.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

"BitDownload"="C:\Programfiler\BitDownload\BitDownload.exe" []

"ares"="C:\Programfiler\Ares\Ares.exe" []

"AdVantage"="C:\Programfiler\AdVantage\AdVantage.exe" [2007-06-28 15:19]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]

"ntiMUI"="C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-06-12 16:11 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 22:29]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39]

"LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47]

"LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 18:58]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 09:36]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

Sitecom WL-112 Utility.lnk - C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe [2006-12-19 21:12:46]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

R0 gxktaaqi;gxktaaqi;C:\WINDOWS\system32\drivers\xvsvcmah.dat []

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-06-27 23:05]

R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 14:10]

R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 19:17]

R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 19:17]

R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 19:17]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S3 GoogleDesktopManager-121807-210419;Google Desktop Manager 5.7.712.18632;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 16:33]

 

*Newly Created Service* - INT15.SYS

.

Contents of the 'Scheduled Tasks' folder

"2007-12-28 21:50:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Birte Lønnum.job"

"2007-12-17 14:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 00:11:35

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe"

.

Completion time: 2007-12-31 0:12:25 - machine was rebooted

C:\ComboFix3.txt ... 2007-12-30 20:12

C:\ComboFix2.txt ... 2007-12-30 23:07

.

2007-12-22 10:06:34 --- E O F ---

 

 

 

C:\WINDOWS\system32\fpoker.ico - Found Nothing. Status - OK

C:\WINDOWS\system32\ocasino2.ico - Found Nothing. Status - OK

C:\WINDOWS\system32\drivers\xvsvcmah.dat - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

C:\WINDOWS\system32\563CA73EDA.sys - Found Nothing. Status - OK

[norbat]

Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen.

Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo".

 

Hvis den finner noe, lages det en logg som du kan poste.

 

Kjør deretter en full scan med SAS, og post loggen.

[birte013]

Vundofix fant ingenting!

 

 

SAS

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/31/2007 at 02:03 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3370

Trace Rules Database Version: 1365

 

Scan type : Complete Scan

Total Scan Time : 00:40:48

 

Memory items scanned : 691

Memory threats detected : 0

Registry items scanned : 6198

Registry threats detected : 0

File items scanned : 53774

File threats detected : 50

 

Adware.Tracking Cookie

C:\Documents and Settings\\Cookies\@statcounter[1].txt

C:\Documents and Settings\\Cookies\@anad.tacoda[1].txt

C:\Documents and Settings\\Cookies\@ad1.emediate[1].txt

C:\Documents and Settings\\Cookies\@mediaplex[1].txt

C:\Documents and Settings\\Cookies\@revenue[2].txt

C:\Documents and Settings\\Cookies\@cassava[1].txt

C:\Documents and Settings\\Cookies\@clicks.smartbizsearch[1].txt

C:\Documents and Settings\\Cookies\@stat.katalysatormedia[1].txt

C:\Documents and Settings\\Cookies\@888[2].txt

C:\Documents and Settings\\Cookies\@adbrite[2].txt

C:\Documents and Settings\\Cookies\@advertising[1].txt

C:\Documents and Settings\\Cookies\@ads.adbrite[1].txt

C:\Documents and Settings\\Cookies\@fastclick[2].txt

C:\Documents and Settings\\Cookies\@specificclick[1].txt

C:\Documents and Settings\\Cookies\@2o7[2].txt

C:\Documents and Settings\\Cookies\@ads.vg.basefarm[2].txt

C:\Documents and Settings\\Cookies\@casalemedia[1].txt

C:\Documents and Settings\\Cookies\@windowsmedia[1].txt

C:\Documents and Settings\\Cookies\@goclick[2].txt

C:\Documents and Settings\\Cookies\@cgi-bin[2].txt

C:\Documents and Settings\\Cookies\@upspiral[2].txt

C:\Documents and Settings\\Cookies\@msnportal.112.2o7[1].txt

C:\Documents and Settings\\Cookies\@servedby.adxpower[2].txt

C:\Documents and Settings\\Cookies\@ad1.hardware[1].txt

C:\Documents and Settings\\Cookies\@statse.webtrendslive[1].txt

C:\Documents and Settings\\Cookies\@ad.zanox[1].txt

C:\Documents and Settings\\Cookies\@atdmt[2].txt

C:\Documents and Settings\\Cookies\@ehg-fifa.hitbox[2].txt

C:\Documents and Settings\\Cookies\@hitbox[2].txt

C:\Documents and Settings\\Cookies\@adtech[1].txt

C:\Documents and Settings\\Cookies\@track.adform[2].txt

C:\Documents and Settings\\Cookies\@ad.yieldmanager[1].txt

C:\Documents and Settings\\Cookies\@tradedoubler[1].txt

C:\Documents and Settings\\Cookies\@doubleclick[2].txt

C:\Documents and Settings\\Cookies\birte lø[email protected][1].txt

C:\Documents and Settings\\Cookies\birte lønnum@advertising[2].txt

C:\Documents and Settings\\Cookies\birte lø[email protected][1].txt

C:\Documents and Settings\\Cookies\birte lø[email protected][2].txt

 

Adware.Vundo-Variant/B

C:\PROGRAMFILER\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071230-200746-607.DLL

 

Adware.webHancer

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0009975.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010115.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010116.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010117.EXE

 

Adware.ZenoSearch-NVON

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0009976.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010118.EXE

 

Trojan.Unclassified/FukuRuku

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0009978.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010119.DLL

 

Trojan.ZenoSearch

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0009980.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0009981.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{384CDBD9-2BEB-438C-92EC-F259D691E4CA}\RP13\A0010120.EXE

 

 

[norbat]

Ok, post en ny hjt-logg og fortell om PC-en kjører ok og at om du opplever noe som tilsier at du fortsatt har noe rusk i maskineriet.

[birte013]

Den går litt treigt, men det går greit. Visst det er mulig å gjøre den raskere så hadde det vært fint. Og så kommer det pop'ups i ny og ne, men ellers går det greit. - Jeg vet ikke hvor jeg har lastet det ned, men et program som heter AdVantage popper opp hele tiden, men jeg finner ikke hvor jeg sletter det, går det ant å slette det fra hjt?

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:09, on 31.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\AdVantage\AdVantage.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\DOCUME~1\BIRTEL~1\LOKALE~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Java\jre1.5.0_11\bin\jucheck.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitDownload] "C:\Programfiler\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [AdVantage] "C:\Programfiler\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 14033 bytes

 

 

[norbat]

Kjør HJT og fix følgende linjer:

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

O4 - HKCU\..\Run: [AdVantage] "C:\Programfiler\AdVantage\AdVantage.exe"

 

----

 

Hent Avenger og pakk det ut.

 

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

 

Files to delete:

C:\Programfiler\AdVantage\AdVantage.exe

C:\WINDOWS\system32\kbdg.dll

 

Folders to delete:

C:\Programfiler\AdVantage

 

Klikk på Trafikklyset. Restart PC-en.

Etter restart vil det komme en loggfil som forteller hva som har skjedd.

 

Den poster du sammen med ny hjt-logg.

Endret 31. desember 2007 av norbat

[birte013]

Det gikk ikke å åpne loggfilen til Avenger, fordi den fantes ikke. Men jeg er ikke sikker på om jeg gjorde det rett, hva mente du med lupen? Hvilken?

 

Her er hjt loggen:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:15, on 31.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\DOCUME~1\BIRTEL~1\LOKALE~1\Temp\RtkBtMnt.exe

C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Symantec\LiveUpdate\AUpdate.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitDownload] "C:\Programfiler\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 14148 bytes

 

 

[norbat]

Lupen = forstørrelsesglasset.

 

Fila vi prøver å slette er der fortsatt så prøv følgende:

 

- Hent Divfinst, start programmet.

- Velg arkfanen 'Delete file on boot'

- Finn fila C:\WINDOWS\system32\kbdg.dll, merk den og klikk på knappen "Delete file at boot via short name". Bekreft at du vil slette fila.

- Klikk Exit

- Restart PC-en

- lag ny hjt-logg som du poster.

[birte013]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:43:08, on 01.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

C:\DOCUME~1\BIRTEL~1\LOKALE~1\Temp\RtkBtMnt.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jucheck.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitDownload] "C:\Programfiler\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Sitecom WL-112 Utility.lnk = C:\Programfiler\Sitecom\Sitecom Wireless Network PC Card 54G WL-112\Installer\WINXP\WLANUTL.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13891 bytes

 

 

[norbat]

Hm, det virker som om fila fortsatt biter seg fast. Skal sove litt på denne....

[snippsat]

Blander meg litt.

 

Disable alt av norton,tror deg er den som holder igjen kbdg.dll

Prøvd da og gå til C:\WINDOWS\system32\kbdg.dll og slett den.

 

Kan også prøve med norton disable starte hjt merk og fixed på denne.

O2 - BHO: (no name) - {3C0E7866-EA68-44D8-B816-4FB0D2D29099} - C:\WINDOWS\system32\kbdg.dll

 

Post ny hjt-logg

Går ikke dette er jeg sikker på at norbat finner en løsning

Endret 1. januar 2008 av SNIPPSAT

[norbat]

Prøv SNIPPSATs forslag. Ellers, kan du bekrefte om fila C:\WINDOWS\system32\kbdg.dll virkelig ligger der?

 

Problemet her er at SAS fjernet både fila og registeroppføringen i starten av denne tråden. Spørsmålet blir hvorfor den dukker opp i hjt-loggen.