Effectiv Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Hei jeg har et ekstremt stort problem... Har fått et virus ( GUDENE VET HVORDAN) (muligens fra seriall.com ) Jeg har formatert begge harddiskene uten hell.. har formatert 100%, og etterpå installert xp på nytt igjen. TRE ganger på 2 dager!! Det går ca 30 min før det er der igjen... Kan legge inn en HJT logg, vis noen kan hjelpe meg? eller noen gode anbefalinger av antivirus? For jeg får ikke LOV av pcen å installere Norton lengre, pga viruset tror jeg.. Kommer opp en error som sier at jeg allerede har det installert, og at jeg må AVINSTALLERE det gamle.. men jeg har ikke noe Norton Også kommer det 20+ popups per minutt, ink en SVÆR gul sak nede i hjørnet.. *YOUR COMPUTER IS INFECTED BY A VIRUS! PRESS HERE TO GET IT AWAY* så kommer DRivecleaner opp, samtidig som Errorsafe begynner å spørre om å få lastes ned.. HJEELP... ... Mvh JUlian Lenke til kommentar
norbat Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Ja, legg inn en HJT-logg så ser vi hva som rører seg på pc'n Lenke til kommentar
Effectiv Skrevet 31. mai 2007 Forfatter Del Skrevet 31. mai 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:12:36, on 31.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\MSN Messenger\usnsvc.exe c:\windows\system32\dwdsregt.exe C:\WINDOWS\system32\ipmon.exe C:\WINDOWS\system32\ipmon.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\JulianXD\LOKALE~1\Temp\zer0.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\JulianXD\Skrivebord\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb103\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\nuyhekxx.dll O2 - BHO: (no name) - {DCDF600C-39D7-4325-A16E-528B0CE9ED05} - C:\WINDOWS\system32\geeba.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb103\Dealio.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [{C3-3B-B9-9B-ZN}] c:\windows\system32\dwdsregt.exe OLI001 O4 - HKLM\..\Run: [install.exe] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [ipmon] ipmon.exe O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\nmknfhfd.dll",realset O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\JulianXD\LOKALE~1\Temp\isDel.bat" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\JulianXD\Lokale innstillinger\Temp\bundle.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb103\res\DealioSearch.html O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb103\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DAB76E-B8B0-4CB0-945F-BE760E336FFD}: NameServer = 192.168.1.1 O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll O20 - Winlogon Notify: vtutqqq - C:\WINDOWS\SYSTEM32\vtutqqq.dll O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wmldap.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8244 bytes Lenke til kommentar
norbat Skrevet 31. mai 2007 Del Skrevet 31. mai 2007 Last ned SAS, installer og oppdater. Lukk programmet Last ned CClenaer, installer. Lukk programmet. Last ned Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør en rens med CCleaner Kjør en full scan med SAS Post loggfilen fra combofix. (vanligvis c:\combofix.txt), SAS-loggen (preferences->statistics/logs) + ny HJT-logg Lenke til kommentar
Effectiv Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:09:41, on 01.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svñhost.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB905474-NOB-x86.exe g:\1b21d0fcb9384bb5ba693f4a\update\update.exe C:\Documents and Settings\JulianXD\Skrivebord\HiJackThis_v2.exe C:\WINDOWS\system32\wgatray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C22F075-A0F2-4483-BC38-ED49C38A28C6} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb103\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {78BD2971-EB54-4EE9-95F2-F6321B16AC85} - C:\WINDOWS\system32\vtutqqq.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\jyhldbaj.dll O2 - BHO: (no name) - {CEE491A6-15D0-432E-BB5B-45E33F50F6F7} - C:\WINDOWS\system32\gebyw.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb103\Dealio.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\wrqnflus.dll",realset O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = ? O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = ? O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb103\res\DealioSearch.html O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb103\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DAB76E-B8B0-4CB0-945F-BE760E336FFD}: NameServer = 192.168.1.1 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll O20 - Winlogon Notify: vtutqqq - C:\WINDOWS\SYSTEM32\vtutqqq.dll O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wmldap.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8848 bytes "JulianXD" - 2007-05-31 22:37:02 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\JulianXD\Skrivebord\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\geeba.dll C:\WINDOWS\system32\nmknfhfd.dll C:\WINDOWS\system32\nuyhekxx.dll C:\WINDOWS\system32\yostoftx.dll C:\WINDOWS\system32\abeeg.bak1 C:\WINDOWS\system32\abeeg.ini C:\WINDOWS\system32\dfhfnkmn.ini C:\WINDOWS\system32\abeeg.bak1 C:\WINDOWS\system32\abeeg.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\WINDOWS\system32\dwdsregt.exe" "C:\WINDOWS\svchost.exe" "C:\WINDOWS\system32\drivers\core.sys" ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\core -------\Driver ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 )))))))))))))))))))))))))))))))))) 2007-05-31 22:35 <DIR> d-------- C:\Programfiler\Yahoo! 2007-05-31 22:35 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-05-31 22:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-31 22:35 <DIR> d-------- C:\DOCUME~1\JulianXD\PROGRA~1\SUPERAntiSpyware.com 2007-05-31 22:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-31 22:34 <DIR> d-------- C:\Programfiler\CCleaner 2007-05-31 21:37 <DIR> d-------- C:\DOCUME~1\JulianXD\PROGRA~1\WinRAR 2007-05-31 21:24 7,680 -ra-s---- C:\WINDOWS\system32\wmldap.dll 2007-05-31 21:24 61,096 --a------ C:\WINDOWS\system32\xpdx.sys 2007-05-31 21:24 48,128 --a------ C:\mupsfkdw.exe 2007-05-31 21:24 30,720 --a------ C:\WINDOWS\system32\ipmon.exe 2007-05-31 21:24 27,136 --a------ C:\WINDOWS\system32\wmldap2.dll 2007-05-31 21:24 18,432 --a------ C:\WINDOWS\system32\cssrss.exe 2007-05-31 21:24 122,880 -ra-s---- C:\WINDOWS\system32\sv¤host.exe 2007-05-31 21:24 11,265 --a------ C:\yyfh.exe 2007-05-31 21:24 1,696 --a------ C:\WINDOWS\system32\nso12k.sys 2007-05-31 21:24 1,536 --a------ C:\djmggki.exe 2007-05-31 21:23 29,206 --a------ C:\WINDOWS\system32\vtutqqq.dll 2007-05-31 21:23 <DIR> d-------- C:\WINDOWS\Web Download 2007-05-31 21:23 <DIR> d-------- C:\Programfiler\Dealio 2007-05-31 19:02 <DIR> d-------- C:\Programfiler\MSXML 4.0 2007-05-31 18:53 52,854 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-05-31 18:53 <DIR> d--hs---- C:\RECYCLER 2007-05-31 18:53 <DIR> d-------- C:\Documents and Settings\JulianXD\Contacts 2007-05-31 18:53 <DIR> d-------- C:\DOCUME~1\JulianXD\Contacts 2007-05-31 18:51 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-05-31 18:50 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-05-31 18:50 <DIR> d-------- C:\WINDOWS\BricoPacks 2007-05-31 18:50 <DIR> d-------- C:\Documents and Settings\JulianXD\Incomplete 2007-05-31 18:50 <DIR> d-------- C:\DOCUME~1\JulianXD\Incomplete 2007-05-31 18:49 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-05-31 18:49 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-05-31 18:49 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-05-31 18:49 <DIR> d-------- C:\Programfiler\Winamp 2007-05-31 18:48 <DIR> d-------- C:\Programfiler\VideoLAN 2007-05-31 18:48 <DIR> d-------- C:\Programfiler\LimeWire 2007-05-31 18:48 <DIR> d-------- C:\Documents and Settings\JulianXD\.limewire 2007-05-31 18:48 <DIR> d-------- C:\DOCUME~1\JulianXD\.limewire 2007-05-31 18:47 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-05-31 18:47 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-05-31 18:47 <DIR> d--h----- C:\Programfiler\Creative Installation Information 2007-05-31 18:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Creative 2007-05-31 18:46 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-05-31 18:46 <DIR> d-------- C:\DOCUME~1\JulianXD\PROGRA~1\Logitech 2007-05-31 18:46 <DIR> d-------- C:\DOCUME~1\JulianXD\PROGRA~1\Azureus 2007-05-31 18:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Azureus 2007-05-31 18:44 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-05-31 18:44 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-05-31 18:44 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-05-31 18:44 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-05-31 18:44 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-05-31 18:44 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-05-31 18:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-05-31 18:44 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2007-05-31 18:44 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-31 18:44 <DIR> d-------- C:\Programfiler\Logitech 2007-05-31 18:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2007-05-31 18:44 <DIR> d-------- C:\Programfiler\Creative 2007-05-31 18:44 <DIR> d-------- C:\Programfiler\Azureus 2007-05-31 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Logitech 2007-05-31 18:42 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-05-31 18:41 <DIR> d-------- C:\Programfiler\WIDCOMM 2007-05-31 18:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google 2007-05-31 18:40 <DIR> d--h----- C:\Documents and Settings\JulianXD\Temporary Internet Files 2007-05-31 18:40 <DIR> d--h----- C:\Documents and Settings\JulianXD\Logg 2007-05-31 18:40 <DIR> d--h----- C:\DOCUME~1\JulianXD\Temporary Internet Files 2007-05-31 18:40 <DIR> d--h----- C:\DOCUME~1\JulianXD\Logg 2007-05-31 18:38 1,048,576 --ah----- C:\Documents and Settings\JulianXD\NTUSER.DAT 2007-05-31 18:38 1,048,576 --ah----- C:\DOCUME~1\JulianXD\NTUSER.DAT 2007-05-31 18:38 <DIR> dr-h----- C:\Documents and Settings\JulianXD\Siste 2007-05-31 18:38 <DIR> dr-h----- C:\Documents and Settings\JulianXD\Programdata 2007-05-31 18:38 <DIR> dr-h----- C:\DOCUME~1\JulianXD\Siste 2007-05-31 18:38 <DIR> dr-h----- C:\DOCUME~1\JulianXD\Programdata 2007-05-31 18:38 <DIR> dr------- C:\Documents and Settings\JulianXD\Start-meny 2007-05-31 18:38 <DIR> dr------- C:\Documents and Settings\JulianXD\Mine dokumenter 2007-05-31 18:38 <DIR> dr------- C:\Documents and Settings\JulianXD\Favoritter 2007-05-31 18:38 <DIR> dr------- C:\DOCUME~1\JulianXD\Start-meny 2007-05-31 18:38 <DIR> dr------- C:\DOCUME~1\JulianXD\Mine dokumenter 2007-05-31 18:38 <DIR> dr------- C:\DOCUME~1\JulianXD\Favoritter 2007-05-31 18:38 <DIR> d--h----- C:\Documents and Settings\JulianXD\Skrivere 2007-05-31 18:38 <DIR> d--h----- C:\Documents and Settings\JulianXD\Maler 2007-05-31 18:38 <DIR> d--h----- C:\Documents and Settings\JulianXD\Lokale innstillinger 2007-05-31 18:38 <DIR> d--h----- C:\Documents and Settings\JulianXD\AndrMask 2007-05-31 18:38 <DIR> d--h----- C:\DOCUME~1\JulianXD\Skrivere 2007-05-31 18:38 <DIR> d--h----- C:\DOCUME~1\JulianXD\Maler 2007-05-31 18:38 <DIR> d--h----- C:\DOCUME~1\JulianXD\Lokale innstillinger 2007-05-31 18:38 <DIR> d--h----- C:\DOCUME~1\JulianXD\AndrMask 2007-05-31 18:38 <DIR> d-------- C:\Documents and Settings\JulianXD\Skrivebord 2007-05-31 18:38 <DIR> d-------- C:\DOCUME~1\JulianXD\Skrivebord 2007-05-31 18:37 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT 2007-05-31 18:36 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-05-31 18:36 <DIR> d-------- C:\WINDOWS\Prefetch 2007-05-31 18:35 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-05-31 18:35 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-05-31 18:35 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-05-31 18:35 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 01:18:53 -------- d-----w C:\Programfiler\Windows NT 2007-06-01 01:18:46 -------- d-----w C:\Programfiler\Synaptics 2007-06-01 01:18:44 -------- d-----w C:\Programfiler\Sonic 2007-06-01 01:17:56 -------- d-----w C:\Programfiler\NetWaiting 2007-06-01 01:17:53 -------- d-----w C:\Programfiler\MSN Gaming Zone 2007-06-01 01:17:52 -------- d-----w C:\Programfiler\Microsoft Works 2007-06-01 01:17:22 -------- d-----w C:\Programfiler\microsoft frontpage 2007-06-01 01:17:22 -------- d-----w C:\Programfiler\Messenger 2007-06-01 01:17:12 -------- d-----w C:\Programfiler\Intel 2007-06-01 01:17:01 -------- d-----w C:\Programfiler\Hp 2007-06-01 01:16:16 -------- d-----w C:\Programfiler\Hewlett-Packard 2007-06-01 01:16:06 -------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-06-01 01:16:06 -------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared 2007-06-01 01:15:42 -------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared 2007-06-01 01:15:41 -------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-06-01 01:15:41 -------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2007-06-01 01:15:39 -------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-06-01 01:15:39 -------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-06-01 01:15:32 -------- d-----w C:\Programfiler\Fellesfiler\LightScribe 2007-06-01 01:15:26 -------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-06-01 01:15:22 -------- d-----w C:\Programfiler\Fellesfiler\HP 2007-06-01 01:15:22 -------- d-----w C:\Programfiler\Elektroniske tjenester 2007-06-01 01:15:13 -------- d-----w C:\Programfiler\EasyBits 2007-06-01 01:15:11 -------- d-----w C:\Programfiler\CONEXANT 2007-05-31 20:39:53 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-05-31 19:24:39 122,880 --s-a-r C:\WINDOWS\system32\svñhost.exe 2007-05-31 19:23:32 60,714 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-05-31 19:23:32 385,330 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-05-31 19:20:41 -------- d-----w C:\Programfiler\Movie Maker 2007-05-31 19:20:39 -------- d-----w C:\Programfiler\Google 2007-05-31 16:53:08 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-05-31 16:48:20 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-05-31 16:35:00 -------- d-----w C:\Programfiler\HPQ 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17] {6A87B991-A31F-4130-AE72-6D0C294BF082}=C:\Programfiler\Dealio\kb103\Dealio.dll [2007-02-06 19:31] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {78BD2971-EB54-4EE9-95F2-F6321B16AC85}=C:\WINDOWS\system32\vtutqqq.dll [2007-05-31 21:23] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programfiler\google\googletoolbar2.dll [2007-01-19 23:56] {CD3447D4-CA39-4377-8084-30E86331D74C}=[sASInprocServer32] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49] "nwiz"="nwiz.exe" [2006-04-15 20:26 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 13:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 07:46] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "QlbCtrl"="" [] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [] "au"="C:\Programfiler\Dealio\DealioAU.exe" [2006-11-08 20:29] "ipmon"="ipmon.exe" [2007-05-31 21:24 C:\WINDOWS\system32\ipmon.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 20:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00] "Creative MediaSource Go"="C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoClose"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] "{78BD2971-EB54-4EE9-95F2-F6321B16AC85}"="C:\WINDOWS\system32\vtutqqq.dll" [2007-05-31 21:23] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{12345B67-1234-1234-D123-7F84D123BC7D}"="C:\WINDOWS\system32\wmldap.dll" [2007-05-31 21:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqqq] vtutqqq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 22:40:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??? ?@?????@???8U??(?@???@ scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-31 22:42:27 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-31 22:42 --- E O F --- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/31/2007 at 11:55 PM Application Version : 3.8.1002 Core Rules Database Version : 3247 Trace Rules Database Version: 1258 Scan type : Complete Scan Total Scan Time : 00:36:46 Memory items scanned : 158 Memory threats detected : 1 Registry items scanned : 4969 Registry threats detected : 15 File items scanned : 36344 File threats detected : 20 Trojan.WinFixer C:\WINDOWS\SYSTEM32\PMKHE.DLL C:\WINDOWS\SYSTEM32\PMKHE.DLL HKLM\Software\Classes\CLSID\{5C22F075-A0F2-4483-BC38-ED49C38A28C6} HKCR\CLSID\{5C22F075-A0F2-4483-BC38-ED49C38A28C6} HKCR\CLSID\{5C22F075-A0F2-4483-BC38-ED49C38A28C6}\InprocServer32 HKCR\CLSID\{5C22F075-A0F2-4483-BC38-ED49C38A28C6}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{DCDF600C-39D7-4325-A16E-528B0CE9ED05} HKCR\CLSID\{DCDF600C-39D7-4325-A16E-528B0CE9ED05} HKCR\CLSID\{DCDF600C-39D7-4325-A16E-528B0CE9ED05}\InprocServer32 C:\WINDOWS\SYSTEM32\GEEBA.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C22F075-A0F2-4483-BC38-ED49C38A28C6} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmkhe Adware.Vundo Variant HKLM\Software\Classes\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C} HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C} HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32 HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\NUYHEKXX.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD3447D4-CA39-4377-8084-30E86331D74C} HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C} Adware.Tracking Cookie C:\Documents and Settings\JulianXD\Cookies\julianxd@cgi-bin[2].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@drivecleaner[2].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@cgi-bin[1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@advertising[1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@zedo[2].txt C:\Documents and Settings\JulianXD\Cookies\[email protected][1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@cpvfeed[2].txt C:\Documents and Settings\JulianXD\Cookies\[email protected][1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@2o7[1].txt C:\Documents and Settings\JulianXD\Cookies\[email protected][1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@mediaplex[1].txt C:\Documents and Settings\JulianXD\Cookies\julianxd@atdmt[2].txt Trojan.ZenoSearch C:\WINDOWS\system32\msnav32.ax Trojan.Rootkit-TnCore C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS.VIR Adware.ZenoSearch C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.EXE.VIR Trojan.Downloader-SpyTool C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YOSTOFTX.DLL.VIR Worm.Forbot-CE C:\WINDOWS\SYSTEM32\CSSRSS.EXE Der har jeg loggene Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {5C22F075-A0F2-4483-BC38-ED49C38A28C6} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: (no name) - {78BD2971-EB54-4EE9-95F2-F6321B16AC85} - C:\WINDOWS\system32\vtutqqq.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\jyhldbaj.dll O2 - BHO: (no name) - {CEE491A6-15D0-432E-BB5B-45E33F50F6F7} - C:\WINDOWS\system32\gebyw.dll O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\wrqnflus.dll",realset O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll O20 - Winlogon Notify: vtutqqq - C:\WINDOWS\SYSTEM32\vtutqqq.dll O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wmldap.dll Last ned Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\vtutqqq.dll C:\WINDOWS\system32\jyhldbaj.dll C:\WINDOWS\system32\gebyw.dll C:\WINDOWS\system32\wrqnflus.dll C:\WINDOWS\system32\wmldap.dll Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Den poster du sammen med nok en HJT-logg Lenke til kommentar
Effectiv Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:01:20, on 01.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Documents and Settings\JulianXD\Skrivebord\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb103\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {78BD2971-EB54-4EE9-95F2-F6321B16AC85} - C:\WINDOWS\system32\vtutqqq.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: (no name) - {CEE491A6-15D0-432E-BB5B-45E33F50F6F7} - C:\WINDOWS\system32\gebyw.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb103\Dealio.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\wrqnflus.dll",realset O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = ? O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = ? O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb103\res\DealioSearch.html O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb103\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DAB76E-B8B0-4CB0-945F-BE760E336FFD}: NameServer = 192.168.1.1 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing) O20 - Winlogon Notify: vtutqqq - vtutqqq.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8008 bytes På den andre sto det at alt var fjernet Tror ikke jeg har viruset lengre, men vi får se Sjekker innom iløpet av dagen og sier ifra Lenke til kommentar
Gjest medlem-105082 Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 Uansett om du ikke merker noe, så kan det fortsatt ligge litt igjen Må bare vente på svar fra norbat, om loggen er ren. Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 (endret) Fix følgende linjer i HJT: O2 - BHO: (no name) - {78BD2971-EB54-4EE9-95F2-F6321B16AC85} - C:\WINDOWS\system32\vtutqqq.dll (file missing) O2 - BHO: (no name) - {CEE491A6-15D0-432E-BB5B-45E33F50F6F7} - C:\WINDOWS\system32\gebyw.dll (file missing) O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing) O20 - Winlogon Notify: vtutqqq - vtutqqq.dll (file missing) Gå til nettstedet: Øverst på siden kan du laste opp en fil for virussjekk. Gjør det på følgende fil: C:\WINDOWS\system32\wrqnflus.dll For å se filen må du antakelig sørge for at du kan se skjulte filer og mapper: Kontrollpanel->mappealt.->vis->"vis skulte filer og mapper" Gi tilbakemelding på om det ga noe resultat. Endret 1. juni 2007 av norbat Lenke til kommentar
Effectiv Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 Done it, men nå er hele pcen fucket igjen.. hehe.. Kan ikke lengre SLÅ av datamaskinen.. kan bare velge logg av.. Legger ved et bilde Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 (endret) Glemte å legge ved nettadressen til der du skulle sjekke filen Gå til nettstedet: http://virusscan.jotti.org/ Øverst på siden kan du laste opp en fil for virussjekk. Gjør det på følgende fil: C:\WINDOWS\system32\wrqnflus.dll For å se filen må du antakelig sørge for at du kan se skjulte filer og mapper: Kontrollpanel->mappealt.->vis->"vis skulte filer og mapper" Gi tilbakemelding på om det ga noe resultat. En ny HJT-logg er ønskelig Endret 1. juni 2007 av norbat Lenke til kommentar
Effectiv Skrevet 1. juni 2007 Forfatter Del Skrevet 1. juni 2007 (endret) EDIT: Jeg kan ikke laste opp filen =/ Står bare 0 bytes uploaded, please check if you have a firewall on. eller noe lignende Her er HJT loggen fra nå: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:41, on 2007-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Notebook Hardware Control\nhc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Google\Gmail Notifier\gnotify.exe C:\Documents and Settings\JulianXD\Skrivebord\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programfiler\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DAB76E-B8B0-4CB0-945F-BE760E336FFD}: NameServer = 192.168.1.1 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10105 bytes Endret 1. juni 2007 av Effectiv Lenke til kommentar
norbat Skrevet 1. juni 2007 Del Skrevet 1. juni 2007 HJT-loggen din ser fin ut. Vil tro at en reinstallering av Vista Inspirat 2, vil løse problemet med 'logg av' Lenke til kommentar
Effectiv Skrevet 2. juni 2007 Forfatter Del Skrevet 2. juni 2007 Nei det hjalp ikke helt det heller Før det skjedde kom det opp sånn.. You dont got the administration rights on this computer anymore. Kan heller ikke endre på ting på kontroll panel osv... =/ Lenke til kommentar
norbat Skrevet 2. juni 2007 Del Skrevet 2. juni 2007 Sjekk/reparer evt. defekte systemfiler ved å kjøre sfc /scannow fra Start -> Kjør (mellomrom mellom sfc og / ). I de fleste tilfeller trenger du XP-cd'n Lenke til kommentar
Effectiv Skrevet 3. juni 2007 Forfatter Del Skrevet 3. juni 2007 Virket ikke, og pcen virker såvidt!.. Det hakker når jeg skriver akkurat nå Merkelige saker dette viruset, for du sier jo at det er vekke?.. men det virker ikke slik i det hele tatt..! =o Lenke til kommentar
norbat Skrevet 3. juni 2007 Del Skrevet 3. juni 2007 (endret) HJT-loggen viser ingen infeksjoner. Trenger ikke å bety at alt er ok Kjør en onlinescan med f.eks http://housecall.trendmicro.com/ og se om det dukker opp noe. Sjekk også for rootkit ved å kjøre følgende scanner: Rootchk. Den lager en logg som du kan poste om den finner noe Endret 3. juni 2007 av norbat Lenke til kommentar
johome Skrevet 3. juni 2007 Del Skrevet 3. juni 2007 Her er mitt forslag til dette problemet . Som antivirusprogram foreslår jeg Avira antivirus. Som firewall foreslår jeg Kerio firewall . (stopper effektivt slike popup meldinger ). Etter at du har lastet ned programmene skal du brenne de på en CD. Skal du være helt grundig så foreslår jeg at du istedet for å formattere , heller laster ned Killdisk som er et sletteprogram. Deretter må du brenne programmet på en helt ny CD som et image. For å gjøre det kan du laste ned Active ISO burner Når tiden er kommet for å formattere(eller bruke sletteprogrammet )skal du trekke ut nettverkskabelen. Deretter setter du igang. Så installerer du Windows på nytt. Deretter installerer du antivirusprogrammet + Firewallen fra CD'en La Dataen stå på ca 20- 30 minutter , og legg merke til om du blir plaget med Pop up meldinger. Hvis ikke kan du endelig koble til nettverkskabelen og kommer deg på nettet. Lykke til. Lenke til kommentar
Effectiv Skrevet 4. juni 2007 Forfatter Del Skrevet 4. juni 2007 Takk for tipset, men en ny reformatering funket Nå er alt helt perfekt igjen og pcen går som en kule igjen Takk for ALLe svar !! ;) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå