hjelp, symantec og brannmur vil ikke starte!

mmm320 · 23. august 2007

Mitt symantec antivirus program vil ikke starte opp! Det gjør heller ikke brannmuren. Når jeg prøver og starte symantec som skal starte av seg selv når jeg slår på maskina, så kommer bare timeglass symbolet en lite sekund og ingen ting mere skjer. Når jeg prøver å slå på brannmuren, så kommer dette opp:

Har prøvd netsh winsock reset uten resultater. explorer.exe lukkes også jevnlig og må startes på nytt. Datamaskinen har også blitt betydelig tregere den siste tiden. Hva er den lureste fremgangsmåten for å få fjernet dette uten at det oppstår konflikter f. eks mellom det gamle og eventuelt et nytt antivirus program?

Endret 23. august 2007 av jorgen_re

mmm320 · 23. august 2007

Har sett folk på andre forum utrykke liknende problemer med brannmuren, saken er bare det at ingen ting jeg prøver av det som "skal" virke ser ut til å fungere.

norbat · 24. august 2007

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Dette kan kanskje fortelle om det ligger noe på pc'n som ikke bør være der.

mmm320 · 24. august 2007

her er loggen:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:46, on 2007-08-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\services.exe

C:\Documents and Settings\Jørgen\Skrivebord\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skikis.moo.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: C:\WINDOWS\lbbho.dll - {BEF07EBA-5F4B-4E5E-B84D-263CB2E2B5FC} - C:\WINDOWS\lbbho.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O4 - HKLM\..\Run: [AGRSMMSG] -AGRSMMSG.exe

O4 - HKLM\..\Run: [Cpqset] -C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] -"C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ATIPTA] -C:\PROGRAMFILER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [updateManager] -"C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] -C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [synTPLpr] -C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] -C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HPHUPD05] -c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] -C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [HP Component Manager] -"C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] -C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LVCOMSX] -C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] -rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Realtime Audio Engine] -mmrtkrnl.exe

O4 - HKLM\..\Run: [ccApp] -"C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] -C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [] -

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Regscan] -C:\WINDOWS\system32\regscan.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://serverjelsa.no-ip.info:1024/img/Net...layerWeb11g.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://159.171.96.58/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www1.trelleborg.se/Webcams/scripts/AxisCamControl.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://nidelv.axiscam.net:40572/activex/AMC.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - -C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe" (file missing)

O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - -"C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe" (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe" (file missing)

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Programfiler\Symantec AntiVirus\DefWatch.exe" (file missing)

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Programfiler\Symantec AntiVirus\SavRoam.exe" (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe" (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - -C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe (file missing)

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -"C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe" (file missing)

O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Programfiler\Symantec AntiVirus\Rtvscan.exe" (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -C:\Programfiler\Windows Media Player\WMPNetwk.exe (file missing)

O24 - Desktop Component 0: (no name) - http://cache.finn.no/mmo/741/302/5_1242359775.jpg

O24 - Desktop Component 1: (no name) - http://www.freewebs.com/jorgen_re/FWThumbn...0flip-thumb.png

--

End of file - 13366 bytes

ps: pc en går bare saktere og saktere. Håper noen kan hjelpe meg

Endret 24. august 2007 av jorgen_re

mmm320 · 25. august 2007

Bare en opplysning. Når jeg starter symantec mens windows oppgavebehandling er oppe, så ser jeg at prosessen starter opp, men etter et lite sekund så avsluttes den. Tror nok det er ett eller annet virus på gang her ja.

norbat · 25. august 2007

Vi gjør følgende:

1. Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: C:\WINDOWS\lbbho.dll - {BEF07EBA-5F4B-4E5E-B84D-263CB2E2B5FC} - C:\WINDOWS\lbbho.dll

O4 - HKLM\..\Run: [] -

O4 - HKCU\..\Run: [Regscan] -C:\WINDOWS\system32\regscan.exe

O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe

2. Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\services.exe

C:\WINDOWS\lbbho.dll

C:\WINDOWS\system32\fservice.exe

C:\WINDOWS\system32\regscan.exe

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den.

3. Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (vanligvis c:\combofix.txt) sammen med ny HJT-logg

Endret 25. august 2007 av norbat

mmm320 · 25. august 2007

combofix loggfil:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-08-25.2 - "J›rgen" 2007-08-25 14:16:15.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.678 [GMT 2:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\services.exe

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 14:15 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-25 14:14 351,788 ---hs---- C:\WINDOWS\system32\fservice.exe

2007-08-25 14:14 351,788 ---hs---- C:\WINDOWS\services.exe

2007-08-23 22:53 105 --a------ C:\WINDOWS\system32\fservice.exe.bat

2007-08-22 17:48 <DIR> d-------- C:\WINDOWS\Performance

2007-08-22 17:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Corporation

2007-08-21 07:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet

2007-08-21 07:42 <DIR> d-------- C:\Programfiler\Bonjour

2007-08-21 07:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2007-08-20 18:17 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys

2007-08-20 18:17 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys

2007-08-20 18:17 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-08-20 18:17 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2007-08-20 18:16 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2007-08-20 18:16 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2007-08-20 18:16 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-08-20 18:16 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-08-20 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Logitech

2007-08-15 21:55 351,788 ---hs---- C:\WINDOWS\system\sservice.exe

2007-08-15 21:55 20,992 --a------ C:\WINDOWS\system32\reginv.dll

2007-08-15 21:55 13,312 --a------ C:\WINDOWS\system32\winkey.dll

2007-08-15 03:06 <DIR> d-------- C:\Programfiler\MSXML 6.0

2007-08-15 00:25 <DIR> d-------- C:\Programfiler\Brad Smith

2007-08-15 00:24 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-08-14 23:29 <DIR> d-------- C:\Programfiler\jibberish deluxe beta

2007-07-25 14:00 <DIR> d-------- C:\Programfiler\7-Zip

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 20:19 --------- d-------- C:\DOCUME~1\JRGEN~1\PROGRA~1\uTorrent

2007-08-20 18:19 --------- d-------- C:\DOCUME~1\JRGEN~1\PROGRA~1\Logitech

2007-08-20 18:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-08-20 18:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2007-08-20 18:16 --------- d--h----- C:\Programfiler\InstallShield Installation Information

2007-08-20 18:16 --------- d-------- C:\Programfiler\Logitech

2007-08-20 18:16 --------- d-------- C:\Programfiler\Fellesfiler\Logitech

2007-08-15 03:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help

2007-08-15 00:24 286720 --------- C:\WINDOWS\SETUP1.EXE

2007-08-11 23:26 --------- d-------- C:\Programfiler\Google

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-25 15:12 --------- d-------- C:\Programfiler\Microsoft ActiveSync

2007-07-24 18:09 --------- d-------- C:\Programfiler\Sony

2007-07-23 18:37 --------- d-------- C:\DOCUME~1\JRGEN~1\PROGRA~1\InternetCalls

2007-07-23 16:56 --------- d-------- C:\Programfiler\Free iPod Video Converter

2007-07-23 16:38 --------- d-------- C:\Programfiler\iTunes

2007-07-23 14:02 --------- d-------- C:\DOCUME~1\JRGEN~1\PROGRA~1\Apple Computer

2007-07-22 23:15 --------- d-------- C:\Programfiler\QuickTime

2007-07-20 17:44 --------- d-------- C:\Programfiler\ElcomSoft

2007-07-19 23:54 --------- d-------- C:\Programfiler\Game_Maker6

2007-07-19 23:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google

2007-07-19 23:35 --------- d-------- C:\Programfiler\Audacity 1.3 Beta

2007-07-19 21:51 --------- d-------- C:\Programfiler\iPod

2007-07-19 21:47 --------- d-------- C:\Programfiler\Fellesfiler\Apple

2007-07-19 21:47 --------- d-------- C:\Programfiler\Apple Software Update

2007-07-19 21:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple

2007-07-19 20:24 --------- d-------- C:\Programfiler\uTorrent

2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-12 01:54 --------- d-------- C:\DOCUME~1\JRGEN~1\PROGRA~1\Corel

2007-07-12 01:36 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-10 20:41 --------- d-------- C:\Programfiler\Rockstar Custom Tracks

2007-07-09 19:54 --------- d-------- C:\Programfiler\Game_Maker7

2007-07-09 03:04 --------- d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2007-07-07 23:41 --------- d-------- C:\Programfiler\Microsoft Works

2007-07-07 23:40 --------- d-------- C:\Programfiler\MSBuild

2007-07-07 23:33 --------- d-------- C:\Programfiler\Microsoft Visual Studio 8

2007-07-06 23:37 3 --a------ C:\WINDOWS\system32\Boot.dll

2007-06-27 16:13 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 16:13 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 16:13 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 16:13 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 16:13 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 16:13 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 16:13 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 16:13 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 16:12 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 16:12 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 16:12 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 16:12 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 16:12 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 16:12 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 16:11 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 16:11 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 16:11 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 16:11 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 16:11 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 16:11 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:29 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:33 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-18 15:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2007-06-13 15:24 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-13 15:24 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

2007-03-06 20:58 1115728 --a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\pswi_preloaded.exe

2006-05-02 17:03 14186008 --a------ C:\Programfiler\NVC581_R7NON.EXE

2007-03-06 22:02:40 88 --sh--r C:\WINDOWS\system32\4FA9C70E80.sys

2007-03-06 15:48:20 56 --sh--r C:\WINDOWS\system32\800EC7A94F.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="-AGRSMMSG.exe" []

"Cpqset"="-C:\Programfiler\HPQ\Default Settings\cpqset.exe" []

"SunJavaUpdateSched"="-C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" []

"ATIPTA"="-C:\PROGRAMFILER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" []

"UpdateManager"="-C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" []

"dla"="-C:\WINDOWS\system32\dla\tfswctrl.exe" []

"SynTPLpr"="-C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" []

"SynTPEnh"="-C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" []

"HPHUPD05"="-c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []

"HPHmon05"="-C:\WINDOWS\system32\hphmon05.exe" []

"HP Component Manager"="-C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" []

"HP Software Update"="-C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" []

"LVCOMSX"="-C:\WINDOWS\system32\LVCOMSX.EXE" []

"BluetoothAuthenticationAgent"="-bthprops.cpl" []

"Realtime Audio Engine"="-mmrtkrnl.exe" []

"ccApp"="-C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" []

"vptray"="-C:\PROGRA~1\SYMANT~1\VPTray.exe" []

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]

"NBJ"="C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="Explorer.exe C:\WINDOWS\system32\fservice.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Programfiler\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

-C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

-C:\Programfiler\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

-C:\Programfiler\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Services]

C:\RECYCLER\msnservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

-"C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

-C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

-C:\Programfiler\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-"C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start]

-"C:\Programfiler\Telenor\Online Start\Telenor.exe"

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys

R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 gtermddo;gtermddo;\??\C:\DOCUME~1\JRGEN~1\LOKALE~1\Temp\gtermddo.sys

S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\drivers\libusb0.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 w70n51;Intel® PRO/Wireless 7100 Adapter-driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d400a80-a671-11db-bf63-000e35a14cb7}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c62fea3-04ff-11db-beb0-000e35a14cb7}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}]

C:\WINDOWS\system\sservice.exe

Contents of the 'Scheduled Tasks' folder

2007-08-22 20:08:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

2005-10-06 21:04:25 C:\WINDOWS\Tasks\Edderkoppkabal.job

2005-11-10 20:32:00 C:\WINDOWS\Tasks\MSN Messenger 7.job - C:\Documents and Settings\All Users\Start-meny\Programmer\MSN Messenger 7.5.lnk

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-25 14:26:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-25 14:27:49

C:\ComboFix-quarantined-files.txt ... 2007-08-25 14:27

--- E O F ---

hijackThis loggfil:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:29:46, on 25.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\services.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Internet Explorer\iexplore.exe