norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 Hent Combofix og legg det på skrivebordet: Klikk: Start -> Kjør Kopier det som står under og lim det inn i 'kjør-vinduet': "%userprofile%\Skrivebord\ComboFix.exe" /v enqpnnbd Klikk OK, og følg anvisningen. Ikke klikk på vinduet mens programmet kjører. Når programmet er ferdig åpnes en loggfil: combofix.txt Den loggfilen poster du sammen med en ny HJT-logg Lenke til kommentar
Kles Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Fikk ikke til dette... det gikk ikke ann å lime noe inn i vinduet:s Kopier det som står under og lim det inn i 'kjør-vinduet': "%userprofile%\Skrivebord\ComboFix.exe" /v enqpnnbd Klikk OK, og følg anvisningen.... 8730519[/snapback] Men her er loggene: "Administrator" - 2007-05-29 13:58:13 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\administrator\Skrivebord\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\enqpnnbd.dll C:\WINDOWS\system32\qkabagwx.dll C:\WINDOWS\system32\tegfanmr.dll C:\WINDOWS\system32\tvvwa.bak1 C:\WINDOWS\system32\tvvwa.ini C:\WINDOWS\system32\dbnnpqne.ini C:\WINDOWS\system32\tvvwa.bak1 C:\WINDOWS\system32\tvvwa.ini C:\WINDOWS\system32\awvvt.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 )))))))))))))))))))))))))))))))))) 2007-05-28 22:49 <DIR> dr-h----- C:\Documents and Settings\administrator\Siste 2007-05-28 22:49 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste 2007-05-28 22:46 <DIR> d-------- C:\avenger 2007-05-28 22:17 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2007-05-25 13:58 <DIR> d-------- C:\Programfiler\Alcohol Soft 2007-05-20 10:53 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-05-20 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\vlc 2007-05-20 10:46 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-05-19 00:13 704,512 --------- C:\WINDOWS\system32\SYNSOACC.dll 2007-05-19 00:13 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2007-05-19 00:13 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2007-05-19 00:13 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2007-05-08 13:49 <DIR> d-------- C:\Programfiler\Sonik Synth 2 Free 2007-05-03 21:44 <DIR> d-------- C:\Documents and Settings\administrator\DoctorWeb 2007-05-03 21:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb 2007-05-03 21:32 <DIR> d-------- C:\Documents and Settings\administrator\Koblinger 2007-05-03 21:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Koblinger 2007-05-03 20:04 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-02 17:57 0 --a------ C:\WINDOWS\XGPLAYER.EXE 2007-05-02 17:57 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-02 13:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-01 21:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-29 11:38:38 5 ----a-w C:\NPF_USER.DAT 2007-05-28 20:23:28 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\uTorrent 2007-05-28 20:18:23 -------- d-----w C:\Programfiler\Syncrosoft 2007-05-20 08:49:42 -------- d-----w C:\Programfiler\VideoLAN 2007-05-18 22:17:03 -------- d-----w C:\Programfiler\Steinberg 2007-05-02 20:23:01 -------- d-----w C:\Programfiler\Native Instruments 2007-05-02 20:22:52 -------- d-----w C:\Programfiler\Fellesfiler\Native Instruments 2007-05-02 20:19:51 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\Ableton 2007-05-02 20:13:30 -------- d-----w C:\Programfiler\Finale 2006 2007-05-02 19:43:03 -------- d-----w C:\Programfiler\Ricochet Xtreme 2007-05-02 19:42:03 -------- d-----w C:\Programfiler\Ski Jump International 2007-04-25 16:55:07 -------- d-----w C:\Programfiler\Foxit Software 2007-04-25 16:02:34 -------- d-----w C:\Programfiler\CCleaner 2007-04-24 12:15:53 -------- d-----w C:\Programfiler\Docudesk 2007-04-24 12:15:50 -------- d-----w C:\Programfiler\Analog Devices 2007-04-24 12:15:35 -------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-04-24 12:15:35 -------- d-----w C:\Programfiler\Analog Devices(2) 2007-04-22 18:04:50 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-28 12:08:32 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\Steinberg 2007-03-25 08:05:01 46,522 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-03-25 08:05:01 319,198 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programfiler\google\googletoolbar2.dll [2006-10-12 11:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 14:15] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 07:27] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 13:57] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 13:57] "TPKMAPHELPER"="C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 18:23] "TpShocks"="TpShocks.exe" [2005-08-22 19:29 C:\WINDOWS\system32\TpShocks.exe] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01] "QCTRAY"="C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-09-06 03:08] "QCWLICON"="C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-09-06 03:08] "NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe] "Norman ZANDA"="C:\Norman\bin\ZLH.exe" [2006-05-31 12:22] "SxgTkBar"="SxgTkBar.exe" [] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20] "H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-11-02 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-25 16:47] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjhhi] qomjhhi.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2006-11-02 19:08:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-05-29 12:06:32 C:\WINDOWS\tasks\PMTask.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 14:06:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-29 14:08:07 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-29 14:07 C:\ComboFix2.txt ... 2007-05-06 20:22 C:\ComboFix3.txt ... 2007-05-03 20:04 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 14:08:46, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe C:\WINDOWS\system32\emitray.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\System32\wm.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\Norman\bin\ZLH.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\administrator\Skrivebord\HijackThis.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linksidene.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksidene.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: qomjhhi - qomjhhi.dll (file missing) O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe Lenke til kommentar
norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O20 - Winlogon Notify: qomjhhi - qomjhhi.dll (file missing) Restart pc'n Kjør på ny en combofix-scan. Legg ut loggen. Er det fortsatt problemer? Lenke til kommentar
Kles Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Jeg har ikke merket noen stor forskjel ennå, men tar kontakt viss det skal være noe;) Tusen takk for all hjelp!! "Administrator" - 2007-05-29 14:34:17 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\administrator\Skrivebord\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 )))))))))))))))))))))))))))))))))) 2007-05-28 22:49 <DIR> dr-h----- C:\Documents and Settings\administrator\Siste 2007-05-28 22:49 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste 2007-05-28 22:46 <DIR> d-------- C:\avenger 2007-05-28 22:17 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2007-05-25 13:58 <DIR> d-------- C:\Programfiler\Alcohol Soft 2007-05-20 10:53 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-05-20 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\vlc 2007-05-20 10:46 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-05-19 00:13 704,512 --------- C:\WINDOWS\system32\SYNSOACC.dll 2007-05-19 00:13 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2007-05-19 00:13 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2007-05-19 00:13 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2007-05-08 13:49 <DIR> d-------- C:\Programfiler\Sonik Synth 2 Free 2007-05-03 21:44 <DIR> d-------- C:\Documents and Settings\administrator\DoctorWeb 2007-05-03 21:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb 2007-05-03 21:32 <DIR> d-------- C:\Documents and Settings\administrator\Koblinger 2007-05-03 21:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Koblinger 2007-05-03 20:04 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-02 17:57 0 --a------ C:\WINDOWS\XGPLAYER.EXE 2007-05-02 17:57 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-02 13:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-01 21:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-29 12:33:16 5 ----a-w C:\NPF_USER.DAT 2007-05-28 20:23:28 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\uTorrent 2007-05-28 20:18:23 -------- d-----w C:\Programfiler\Syncrosoft 2007-05-20 08:49:42 -------- d-----w C:\Programfiler\VideoLAN 2007-05-18 22:17:03 -------- d-----w C:\Programfiler\Steinberg 2007-05-02 20:23:01 -------- d-----w C:\Programfiler\Native Instruments 2007-05-02 20:22:52 -------- d-----w C:\Programfiler\Fellesfiler\Native Instruments 2007-05-02 20:19:51 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\Ableton 2007-05-02 20:13:30 -------- d-----w C:\Programfiler\Finale 2006 2007-05-02 19:43:03 -------- d-----w C:\Programfiler\Ricochet Xtreme 2007-05-02 19:42:03 -------- d-----w C:\Programfiler\Ski Jump International 2007-04-25 16:55:07 -------- d-----w C:\Programfiler\Foxit Software 2007-04-25 16:02:34 -------- d-----w C:\Programfiler\CCleaner 2007-04-24 12:15:53 -------- d-----w C:\Programfiler\Docudesk 2007-04-24 12:15:50 -------- d-----w C:\Programfiler\Analog Devices 2007-04-24 12:15:35 -------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-04-24 12:15:35 -------- d-----w C:\Programfiler\Analog Devices(2) 2007-04-22 18:04:50 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-28 12:08:32 -------- d-----w C:\DOCUME~1\ADMINI~1\PROGRA~1\Steinberg 2007-03-25 08:05:01 46,522 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-03-25 08:05:01 319,198 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programfiler\google\googletoolbar2.dll [2006-10-12 11:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 14:15] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" [2004-08-06 07:27] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 13:57] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 13:57] "TPKMAPHELPER"="C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 18:23] "TpShocks"="TpShocks.exe" [2005-08-22 19:29 C:\WINDOWS\system32\TpShocks.exe] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01] "QCTRAY"="C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-09-06 03:08] "QCWLICON"="C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-09-06 03:08] "NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe] "Norman ZANDA"="C:\Norman\bin\ZLH.exe" [2006-05-31 12:22] "SxgTkBar"="SxgTkBar.exe" [] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20] "H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-11-02 21:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-25 16:47] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2006-11-02 19:08:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-05-29 12:36:09 C:\WINDOWS\tasks\PMTask.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 14:37:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-29 14:38:29 C:\ComboFix-quarantined-files.txt ... 2007-05-29 14:38 C:\ComboFix2.txt ... 2007-05-29 14:08 C:\ComboFix3.txt ... 2007-05-06 20:22 --- E O F --- Lenke til kommentar
norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 Loggen ser fin ut. Var det slik at du fortsatt plages med popup eller virker det som om det har tatt en slutt? Hvis det fortsatt kommer noe, kan du kjøre en scan med en rookit-scanner: F-secure Blacklight. Hvis ting og tang virker ok, bør du nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. En rens av tempmapper vha. CCleaner er også en grei vane. Lenke til kommentar
Kles Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Flott! Tusen takk for hjelpen! Jeg skal gjøre dette. CCleaner hadde jeg fra før av og pleier regelmessig å kjøre det;) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå