Hjelp til å fjerne Liksom virus programmet Security tool.

[poffy]

Sviger mor rinte meg i kveld å spurte om hjep til å fjerne dette her. Security Tool heter programmet ivertfall. Jeg prøvde å få det fjernet over programmer, men det står ingen ting om det dær. Prøvde å se etter det å få det fjernet over programmfiler, men jeg så det ivertfall ikke dær heller. Prøvde så å innstallere Hijack This, men det gikk ikke. Gikk ikke å gå innstalert det i fra andre nett sider enn Trend micro også å jeg prøvde flere ganger. Det som da skjer er at pc en blir blå med masse tekst. Å programmet peser om penger og at pc en er infisert. Ser ut som om det er ett antivirus programm som er ett virus programm isteden.

 

Kan noen her være så snille å hjelpe meg å sviger mor å få dette fjernet ? Jeg bruker nå pc en vi har hjemme, men har tilgang til den pc en til Sviger mor i mmorgen ivertfall.

 

Tusen takk så mye til dere alle sammen.

[Lednar]

Ved oppstart, etter POST, så trykker du F8 og forsøker å velger "Sikkerhetsmodus med internett". Deretter forsøker du å gå igjennom veiledningen. Security Tool er laget til å starte opp med Windows, og vil blokkere nettsider/programmer som kan fjerne den. Sikkerhetsmodus starter bare opp det mest nødvendigste, så jeg tror det skulle gå fint.

 

Kan kan være lurt å finne fram en minnepenn, og laste ned programmene du har bruk for (MBAM, Hijack This, Combofix o.l.) om du ikke får tilgang til internett selv i sikkerhetsmodus.

 

EDIT: l2tegnsetting ._.

Endret 2. september 2010 av Lednar

[poffy]

Fikk lastet ned Mbam ivertfall, men fikk litt problemer med å få lastet ned combofix fordi jeg fikk ikke slått av AVG en hennes her. Men jeg fikk lastet ned Hijack this ivertfall så kansje det holder ?

 

MBAM Logg :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4531

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

02.09.2010 19:16:36

mbam-log-2010-09-02 (19-16-36).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 142565

Tid tilbakelagt: 28 minutt(er), 58 sekund(er)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 1

Registernøkler infisert: 6

Registerverdier infisert: 4

Registerfiler infisert: 0

Mapper infisert: 2

Filer infisert 35

 

Minneprosesser infisert:

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Downloader) -> Unloaded process successfully.

 

Minnemoduler infisert:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows boot control (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

C:\Documents and Settings\Ny eier\Programdata\U-2535-6853-8747 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Programdata\S-2535-6853-2745 (Worm.Slenping) -> Quarantined and deleted successfully.

 

Filer infisert

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\1183897.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\1243200.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\1963649.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\2090831.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\3040590.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\3306112.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\3717358.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\3898002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\K871j618A1.log (Backdoor.Gootkit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\hFedH7mF7N.log (Backdoor.Gootkit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\NjJHml0jD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\4254662.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\7870828.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\8233101.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\8783807.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\9738256.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\zey.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\4634661.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\4890884.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\5231999.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\6225886.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\6371702.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\6623253.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\6773587.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\6930239.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\Mc3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Programdata\U-2535-6853-8747\winusbmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\Mc5.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Ny eier\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

Hijack this logg :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:06:09, on 02.09.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe

C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE

C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\tp4serv.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Programfiler\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Programfiler\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\java.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

C:\Programfiler\AVG\AVG8\avgcsrvx.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe

O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Programfiler\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Programfiler\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234346135659

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Programfiler\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Programfiler\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

 

--

End of file - 9995 bytes

 

 

Sånn håper det er til hjelp slik at vi får fikset pc en til Sviger mor her.

Tusen takk.

Mvh poffy

[norbat]

Se om du får kjørt combofix og post loggen den lager.

[poffy]

Se om du får kjørt combofix og post loggen den lager.

 

Jeg fikk ikke kjørt combofix fordi jeg fikk ikke slått av AVG. Eller den kjørte, men jeg fant ivertfall ikke combofix. Må du ha den loggen? eller kansje jeg kan prøve det andre programmet dere skrev om i den veiledningen. Eller om dere hvet hvordan jeg slår av AVG ?

 

Jeg fikk ivertfall bort Security Tool og en hel haug trojanere å dritt så jeg med MBAT.

Nå har jeg ikke tilgang til den pcen mer i kveld ivertfall, Men jeg kan sikkert ta en tur opp til Siger mor i morgen igjenn hvis det trengs ?

 

Tusen takk Norbat.

[norbat]

Hvis du starter AVG, vil jeg tro du har mulighet til å slå av sanntidsøk-funksjonen.

 

Hvis du fikk kjørt combofix, kan du sjekke om ikke loggen ligger på c:/combofix.txt

 

Kjør gjerne dds

[poffy]

Hvis du starter AVG, vil jeg tro du har mulighet til å slå av sanntidsøk-funksjonen.

 

Hvis du fikk kjørt combofix, kan du sjekke om ikke loggen ligger på c:/combofix.txt

 

Kjør gjerne dds

 

Oki. Tusen takk norbat. Jeg prøvde å slå av AVG flege ganger i går, men det gikk dårlig, men, men jeg får ta ett nytt forsøk igjenn i morgen å går ikke det så prøver jeg med dds å skriver her igjenn.

 

hilsen poffy

[poffy]

Fant ikke Combofix, men fikk lastet og sånn med DDS.

 

DDS Logg 1.

65trf

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 05.10.2008 09:23:50

System Uptime: 09.04.2010 17:08:31 (3552 hours ago)

 

Motherboard: IBM | | 2367GG2

Processor: Mobile Intel® Pentium® 4 - M CPU 1.80GHz | None | 1798/400mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 36 GiB total, 23,879 GiB free.

D: is CDROM (CDFS)

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP154: 09.03.2010 17:51:00 - Kontrollpunkt for system

RP155: 10.03.2010 08:11:34 - Avg8 Update

RP156: 11.03.2010 16:28:19 - Software Distribution Service 3.0

RP157: 14.03.2010 20:27:34 - Kontrollpunkt for system

RP158: 20.03.2010 17:42:08 - Avg8 Update

RP159: 20.03.2010 17:50:17 - Avg8 Update

RP160: 01.04.2010 09:03:13 - Software Distribution Service 3.0

RP161: 05.04.2010 18:50:03 - Kontrollpunkt for system

RP162: 12.04.2010 21:22:36 - Kontrollpunkt for system

RP163: 14.04.2010 11:47:11 - Software Distribution Service 3.0

RP164: 17.04.2010 19:04:57 - Kontrollpunkt for system

RP165: 19.04.2010 11:51:46 - Kontrollpunkt for system

RP166: 21.04.2010 21:13:04 - Kontrollpunkt for system

RP167: 03.05.2010 21:11:18 - Kontrollpunkt for system

RP168: 05.05.2010 21:26:51 - Kontrollpunkt for system

RP169: 09.05.2010 19:57:59 - Kontrollpunkt for system

RP170: 12.05.2010 17:10:12 - Software Distribution Service 3.0

RP171: 20.05.2010 16:27:43 - Kontrollpunkt for system

RP172: 26.05.2010 22:29:16 - Kontrollpunkt for system

RP173: 27.05.2010 00:18:19 - Software Distribution Service 3.0

RP174: 30.05.2010 20:17:50 - Kontrollpunkt for system

RP175: 01.06.2010 18:47:00 - Kontrollpunkt for system

RP176: 03.06.2010 23:21:52 - Software Distribution Service 3.0

RP177: 06.06.2010 21:43:06 - Kontrollpunkt for system

RP178: 10.06.2010 23:54:13 - Software Distribution Service 3.0

RP179: 23.06.2010 08:45:00 - Avg8 Update

RP180: 23.06.2010 20:27:20 - Software Distribution Service 3.0

RP181: 08.07.2010 21:36:25 - Avg8 Update

RP182: 08.07.2010 21:44:11 - Avg8 Update

RP183: 13.07.2010 23:26:25 - Software Distribution Service 3.0

RP184: 20.07.2010 21:06:09 - Kontrollpunkt for system

RP185: 03.08.2010 22:25:10 - Software Distribution Service 3.0

RP186: 22.08.2010 01:35:47 - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

Access ThinkPad

Adobe Flash Player 10 ActiveX

Adobe Reader 9 - Norsk

Agere Systems AC'97 Modem

ATI Display Driver

AVG Free 8.5

Batteri- og strømstyringsfunksjoner for IBM ThinkPad

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Hurtigreparasjon for Windows XP (KB952287)

Hurtigreparasjon for Windows XP (KB961118)

Hurtigreparasjon for Windows XP (KB970653-v3)

Hurtigreparasjon for Windows XP (KB976098-v2)

Hurtigreparasjon for Windows XP (KB979306)

Hurtigreparasjon for Windows XP (KB981793)

IBM Access Connections

IBM Rapid Restore PC Setup

IBM ThinkPad-konfigurering

IBM ThinkPad EasyEject

IBM ThinkPad Power Management Driver

IBM ThinkPad Presentasjonsstyrer

IBM ThinkPad UltraNav Driver

IBM ThinkPad UltraNav Wizard

IBM TrackPoint Support

IBM TrackPoint Tilgjengelighetsfunksjoner

IBM Update Connector

Intel® PRO Ethernet Adapter and Software

InterVideo WinDVD

Java 6 Update 17

Java 6 Update 3

Junk Mail filter update

Linksys EasyLink Advisor

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

Nero 7 Essentials

neroxml

Odyssey SDK

Oppdatering for Windows Internet Explorer 8 (KB971180)

Oppdatering for Windows Internet Explorer 8 (KB976662)

Oppdatering for Windows Internet Explorer 8 (KB976749)

Oppdatering for Windows Internet Explorer 8 (KB980182)

Oppdatering for Windows XP (KB951072-v2)

Oppdatering for Windows XP (KB951978)

Oppdatering for Windows XP (KB955759)

Oppdatering for Windows XP (KB955839)

Oppdatering for Windows XP (KB961503)

Oppdatering for Windows XP (KB967715)

Oppdatering for Windows XP (KB968389)

Oppdatering for Windows XP (KB971737)

Oppdatering for Windows XP (KB973687)

Oppdatering for Windows XP (KB973815)

Opplastingsverktøy for Windows Live

Påloggingsassistent for Windows Live

Pure Networks Platform

Segoe UI

Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127-v2)

Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)

Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)

Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)

Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2183461)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB976325)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB981332)

Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB982381)

Sikkerhetsoppdatering for Windows Media Player (KB952069)

Sikkerhetsoppdatering for Windows Media Player (KB954155)

Sikkerhetsoppdatering for Windows Media Player (KB968816)

Sikkerhetsoppdatering for Windows Media Player (KB973540)

Sikkerhetsoppdatering for Windows Media Player (KB978695)

Sikkerhetsoppdatering for Windows Media Player (KB979402)

Sikkerhetsoppdatering for Windows XP (KB2079403)

Sikkerhetsoppdatering for Windows XP (KB2115168)

Sikkerhetsoppdatering for Windows XP (KB2160329)

Sikkerhetsoppdatering for Windows XP (KB2229593)

Sikkerhetsoppdatering for Windows XP (KB2286198)

Sikkerhetsoppdatering for Windows XP (KB923561)

Sikkerhetsoppdatering for Windows XP (KB923689)

Sikkerhetsoppdatering for Windows XP (KB923789)

Sikkerhetsoppdatering for Windows XP (KB938464)

Sikkerhetsoppdatering for Windows XP (KB941569)

Sikkerhetsoppdatering for Windows XP (KB946648)

Sikkerhetsoppdatering for Windows XP (KB950762)

Sikkerhetsoppdatering for Windows XP (KB950974)

Sikkerhetsoppdatering for Windows XP (KB951066)

Sikkerhetsoppdatering for Windows XP (KB951376-v2)

Sikkerhetsoppdatering for Windows XP (KB951698)

Sikkerhetsoppdatering for Windows XP (KB951748)

Sikkerhetsoppdatering for Windows XP (KB952004)

Sikkerhetsoppdatering for Windows XP (KB952954)

Sikkerhetsoppdatering for Windows XP (KB953839)

Sikkerhetsoppdatering for Windows XP (KB954211)

Sikkerhetsoppdatering for Windows XP (KB954459)

Sikkerhetsoppdatering for Windows XP (KB954600)

Sikkerhetsoppdatering for Windows XP (KB955069)

Sikkerhetsoppdatering for Windows XP (KB956572)

Sikkerhetsoppdatering for Windows XP (KB956744)

Sikkerhetsoppdatering for Windows XP (KB956802)

Sikkerhetsoppdatering for Windows XP (KB956803)

Sikkerhetsoppdatering for Windows XP (KB956841)

Sikkerhetsoppdatering for Windows XP (KB956844)

Sikkerhetsoppdatering for Windows XP (KB957097)

Sikkerhetsoppdatering for Windows XP (KB958644)

Sikkerhetsoppdatering for Windows XP (KB958687)

Sikkerhetsoppdatering for Windows XP (KB958690)

Sikkerhetsoppdatering for Windows XP (KB958869)

Sikkerhetsoppdatering for Windows XP (KB959426)

Sikkerhetsoppdatering for Windows XP (KB960225)

Sikkerhetsoppdatering for Windows XP (KB960715)

Sikkerhetsoppdatering for Windows XP (KB960803)

Sikkerhetsoppdatering for Windows XP (KB960859)

Sikkerhetsoppdatering for Windows XP (KB961371)

Sikkerhetsoppdatering for Windows XP (KB961373)

Sikkerhetsoppdatering for Windows XP (KB961501)

Sikkerhetsoppdatering for Windows XP (KB968537)

Sikkerhetsoppdatering for Windows XP (KB969059)

Sikkerhetsoppdatering for Windows XP (KB969898)

Sikkerhetsoppdatering for Windows XP (KB969947)

Sikkerhetsoppdatering for Windows XP (KB970238)

Sikkerhetsoppdatering for Windows XP (KB970430)

Sikkerhetsoppdatering for Windows XP (KB971468)

Sikkerhetsoppdatering for Windows XP (KB971486)

Sikkerhetsoppdatering for Windows XP (KB971557)

Sikkerhetsoppdatering for Windows XP (KB971633)

Sikkerhetsoppdatering for Windows XP (KB971657)

Sikkerhetsoppdatering for Windows XP (KB972270)

Sikkerhetsoppdatering for Windows XP (KB973346)

Sikkerhetsoppdatering for Windows XP (KB973354)

Sikkerhetsoppdatering for Windows XP (KB973507)

Sikkerhetsoppdatering for Windows XP (KB973525)

Sikkerhetsoppdatering for Windows XP (KB973869)

Sikkerhetsoppdatering for Windows XP (KB973904)

Sikkerhetsoppdatering for Windows XP (KB974112)

Sikkerhetsoppdatering for Windows XP (KB974318)

Sikkerhetsoppdatering for Windows XP (KB974392)

Sikkerhetsoppdatering for Windows XP (KB974571)

Sikkerhetsoppdatering for Windows XP (KB975025)

Sikkerhetsoppdatering for Windows XP (KB975467)

Sikkerhetsoppdatering for Windows XP (KB975560)

Sikkerhetsoppdatering for Windows XP (KB975561)

Sikkerhetsoppdatering for Windows XP (KB975562)

Sikkerhetsoppdatering for Windows XP (KB975713)

Sikkerhetsoppdatering for Windows XP (KB977165)

Sikkerhetsoppdatering for Windows XP (KB977816)

Sikkerhetsoppdatering for Windows XP (KB977914)

Sikkerhetsoppdatering for Windows XP (KB978037)

Sikkerhetsoppdatering for Windows XP (KB978251)

Sikkerhetsoppdatering for Windows XP (KB978262)

Sikkerhetsoppdatering for Windows XP (KB978338)

Sikkerhetsoppdatering for Windows XP (KB978542)

Sikkerhetsoppdatering for Windows XP (KB978601)

Sikkerhetsoppdatering for Windows XP (KB978706)

Sikkerhetsoppdatering for Windows XP (KB979309)

Sikkerhetsoppdatering for Windows XP (KB979482)

Sikkerhetsoppdatering for Windows XP (KB979559)

Sikkerhetsoppdatering for Windows XP (KB979683)

Sikkerhetsoppdatering for Windows XP (KB980195)

Sikkerhetsoppdatering for Windows XP (KB980218)

Sikkerhetsoppdatering for Windows XP (KB980232)

Sikkerhetsoppdatering for Windows XP (KB980436)

Sikkerhetsoppdatering for Windows XP (KB981852)

Sikkerhetsoppdatering for Windows XP (KB981997)

Sikkerhetsoppdatering for Windows XP (KB982214)

Sikkerhetsoppdatering for Windows XP (KB982665)

ThinkPad FullScreen Magnifier

ThinkPad Software Installer

Uninstall PC-Doctor

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

WebEx Support Manager for Internet Explorer

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalleri

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Tryggere for familien

Windows Live Writer

Windows Media Format Runtime

Windows Presentation Foundation

Windows XP Service Pack 3

Wireless-G Notebook Adapter

XML Paper Specification Shared Components Pack 1.0

 

==== End Of File ===========================

 

DDS Logg 2.

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Ny eier at 17:37:23,96 on 04.09.2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.511.230 [GMT 2:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe

C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE

C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\tp4serv.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Programfiler\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Programfiler\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\Programfiler\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

C:\Programfiler\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\java.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\Ny eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\35IMG79V\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.startsiden.no/

uSearch Page =

uSearch Bar =

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programfiler\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programfiler\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programfiler\avg\avg8\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programfiler\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programfiler\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programfiler\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programfiler\avg\avg8\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programfiler\windows live\toolbar\wltcore.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programfiler\fellesfiler\ahead\lib\NMBgMonitor.exe"

uRun: [msnmsgr] "c:\programfiler\windows live\messenger\msnmsgr.exe" /background

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [synTPLpr] c:\programfiler\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\programfiler\synaptics\syntp\SynTPEnh.exe

mRun: [bMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor

mRun: [TPTRAY] c:\progra~1\thinkpad\utilit~1\TP98TRAY.EXE

mRun: [TP4EX] tp4ex.exe

mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe

mRun: [NPDTray] c:\progra~1\thinkpad\utilit~1\NPDTray.exe

mRun: [QCTRAY] c:\programfiler\thinkpad\connectutilities\QCTRAY.EXE

mRun: [QCWLICON] c:\programfiler\thinkpad\connectutilities\QCWLICON.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [uC_SMB]

mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [TrackPointSrv] tp4serv.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NeroFilterCheck] c:\programfiler\fellesfiler\ahead\lib\NeroCheck.exe

mRun: [nmctxth] "c:\programfiler\fellesfiler\pure networks shared\platform\nmctxth.exe"

mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\linksy~1.lnk - c:\programfiler\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\wirele~1.lnk - c:\programfiler\linksys\wireless-g notebook adapter\Gcc.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programfiler\windows live\writer\WriterBrowserExtension.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234346135659

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programfiler\avg\avg8\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\programfiler\fellesfiler\pure networks shared\platform\puresp3.dll

Notify: avgrsstarter - avgrsstx.dll

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-10-4 12288]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-18 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-18 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-28 54752]

R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2002-6-19 14096]

S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\programfiler\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-8-31 50704]

 

=============== Created Last 30 ================

 

2010-09-02 18:05:37 0 d-----w- c:\programfiler\Trend Micro

2010-09-02 16:39:38 0 d-----w- c:\docume~1\nyeier~1\progra~1\Malwarebytes

2010-09-02 16:37:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-02 16:37:06 0 d-----w- c:\docume~1\alluse~1\progra~1\Malwarebytes

2010-09-02 16:36:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-02 16:36:48 0 d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-08-31 21:08:10 197632 ----a-w- c:\windows\Mdobea.exe

2010-08-31 20:56:21 200704 ----a-w- c:\windows\Mtilab.exe

2010-08-31 20:50:44 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2010-08-31 20:50:44 281104 ----a-w- c:\windows\system32\wpcap.dll

2010-08-31 20:50:44 100880 ----a-w- c:\windows\system32\Packet.dll

2010-08-25 18:40:29 188416 ----a-w- c:\windows\Mtilaa.exe

 

==================== Find3M ====================

 

2010-08-25 18:38:54 188416 ----a-w- c:\windows\Mtilaa.exe

2010-08-21 23:53:01 76354 ----a-w- c:\windows\system32\perfc014.dat

2010-08-21 23:53:01 436554 ----a-w- c:\windows\system32\perfh014.dat

2010-07-27 06:30:30 8468480 ------w- c:\windows\system32\dllcache\shell32.dll

2010-06-30 12:33:22 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:33:22 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 15:57:44 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 09:03:07 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-24 09:03:07 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 14:03:51 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:43:20 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:43:20 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

 

============= FINISH: 17:39:10,99 ===============

 

 

Kjempe fint om du tar en titt på de norbat. Greide liksom ikke å få lagt de sjult desverre. Tusen takk så mye.

 

Hilsen poffy

[norbat]

Gå til virscan.org og last opp følgende filer for sjekk:

c:\windows\Mtilaa.exe

c:\windows\Mtilab.exe

c:\windows\Mdobea.exe