nanaki Skrevet 17. september 2007 Del Skrevet 17. september 2007 Hei og beklager hvis denne tråden ikke passer inn her eller om det en tråd angående mitt problem fra før:) Uansett, her om dagen merket jeg plutselig at jeg får popups fra Explorer (bruker Firefox jeg egentlig), og jeg bruker jo aldri Explorer, så jeg aaaaner ikke hvordan det såkalte "bugen/viruset/trojan" kom seg dit...kanskje fordi andre har lånt min pc og automatisk velger de Explorer for å surfe på nettet..... Men jeg har merket at popupsene er 35mb.com og nylig kom Partypoker opp også...jeg har scannet med norton, spyware doctor, SUPER Antispyware pro og ad-aware SE pro, og ingen av dem kunne fikse problemet. Både i vanlig og sikkermodus. (PS: i vanlig modus, når jeg klikket på noen av de programmene, så lukket de seg automatisk...som om den "bugen" jeg har ikke tillater den å komme opp eller noe...) Jeg er ikke helt newbie på pc, men noe mer aner jeg ikke hva jeg kan gjøre. Og ja...jeg har googla problemet mitt...fant ikke noe særlig. Så derfor håper jeg virkelig noen kan hjelpe meg med det problemet her, gjerne forklare step by step hva jeg kan gjøre. Er ikke så veldig hypp på å formatere PC-en min......=/ PS: Har merket at når først popupsen kommer opp, så legger det seg en fil i C:\WINDOWS, ved navnet "iexplorer" ....og det er jo feil for den ekte iexplorer ligger i annen mappe Håper på positive tilbakemeldinger, venter spent på hva jeg kan gjøre med det problemet - Nanaki Lenke til kommentar
nanaki Skrevet 18. september 2007 Forfatter Del Skrevet 18. september 2007 b u m p Lenke til kommentar
Dan-Levi Skrevet 18. september 2007 Del Skrevet 18. september 2007 (endret) b u m p 9519026[/snapback] Det høres nesten ut som du har fått ett virus ja :| Jeg hadde ett liknende problem på PC-en min etter a søsken hadde vært på den mens jeg var borte noen dager. Måtte bare formatere for og være helt sikker. ingen spyware/antivirus programmer hjalp meg heller så kann jo være viruset "hijacker" antivirus programmene så de ikke blir tatt? har ikke peil på ditt tilfelle men hvis du har mulighet så bare formater og legg inn os på nytt Håper dette var litt til hjelp Endret 18. september 2007 av Danbannan Lenke til kommentar
Svenni212000 Skrevet 18. september 2007 Del Skrevet 18. september 2007 Når det gjelder iexplorer skal orginalen vises fra programfiler mappen. Det er faktisk ganske mange virusfiler som kler seg ut som iexplorer. RapidBlaster Reur Banker-AN Lovgate Agent-DM Cult.C Cult.H Gaobot.AZ Evivinc Bancos-BC Rbot-MK Banker-EU Singu-U Feutel-W Gappy-A Ranky NetDevil-A Threadsys Gaobot.AP Rbot.TN Sdbot-DQ Last ned og installer Revo Uninstaller Bruk dette programmet til å avinstallere 35mb.com og Partypoker Slå av Systemgjenopprettingsfunksjonen 1. Klikk Start, høyreklikk Min datamaskin, og klikk deretter Egenskaper. 2. Velg kategorien Systemgjenoppretting. 3. Merk av for Slå av systemgjenoppretting (eller Slå av Systemgjenoppretting på alle stasjoner), og klikk deretter OK. 4. Klikk Ja når du blir spurt om du vil slå av Systemgjenoppretting. Last ned og installer Ashampoo Antispyware 2 - Klikk på; Check for update, og last ned oppdateringer - Klikk på; Full system scan Last ned og start opp HouseCall 6.5 Kjør så en Complete Scan Last ned CCleaner og nCleaner Bruk CCleaner og nCleaner til å renske maskinen for skrotfiler og ubrukelig registerfiler. Last ned HijackThis Kjør HijackThis, og post loggen i denne tråden Lenke til kommentar
kvase Skrevet 18. september 2007 Del Skrevet 18. september 2007 leste i en artikkel her for en stund siden at det probleme der ofte skyltes at java(program) hadde en bakdel med at slike sider benyttet en bakdør i det programet å at java ikke tokk høyde for å fjerne denne feilen. Lenke til kommentar
nanaki Skrevet 18. september 2007 Forfatter Del Skrevet 18. september 2007 (endret) Ja dere har rett. Leste om det også...noe med java greier osv. Svenni, takk for en nydelig step by step forklaring, skal prøve det etter treninga idag Kan gi feedback etterpå, sånn at dere vet hva som skjer/har skjedd Igjen takk allesammen og ikke nøl med å skrive inn mer! - Nanaki Endret 18. september 2007 av nanaki Lenke til kommentar
nanaki Skrevet 18. september 2007 Forfatter Del Skrevet 18. september 2007 Her har vi da loggen....(måtte kjøre i safemode, fordi ellers bare lukket programmene seg og klikka helt) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:59, on 18.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [block buster] C:\Documents and Settings\Nanaki\Skrivebord O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184194929171 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe -- End of file - 9549 bytes Lenke til kommentar
snippsat Skrevet 18. september 2007 Del Skrevet 18. september 2007 (endret) Du har LORSIS WORM iexplore.exe. Du kan jo søke litt,det beste var om Norbat hadde sett på loggen. Dette er en metode,kan lage krøll viss windows filer er smittet. http://oss.viztnd.com/bitdefender.shtml Endret 18. september 2007 av SNIPPSAT Lenke til kommentar
nanaki Skrevet 18. september 2007 Forfatter Del Skrevet 18. september 2007 Takk Snippsat, hører med Norbat jeg, og ser hva han kan få til! Appreciate.... - Nanaki Lenke til kommentar
norbat Skrevet 18. september 2007 Del Skrevet 18. september 2007 (endret) Vet ikke om du har fulgt de forslagene over, men hvis du har og det fortsatt er problemer (noe det tydeligvis er ), så kan vi prøve følgende: Punkt 1: Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Punkt 2: Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Punkt 3: Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked': O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe Punkt 4: Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->'vis skjulte filer og mapper'), og bruk utforsker til å finne og slett (i fet): C:\WINDOWS\iexplorer.exe Punkt 5: Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Når SDFix er ferdig vil det ligge en Report.txt i SDFix-mappa. Den poster du senere. Punkt 6: Fra normal modus (hvis mulig): Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Punkt 7: Post loggfilen fra combofix (vanligvis c:\combofix.txt)+ SDFix-loggen + ny HJT-logg Edit: Veiledningen ble litt lang så jeg laget punkter slik at det ble litt bedre oversikt NB! Om du ikke klarer å gjennomføre noen av punktene, fortsetter du bare videre med neste! Endret 20. september 2007 av norbat Lenke til kommentar
nanaki Skrevet 19. september 2007 Forfatter Del Skrevet 19. september 2007 Superb Norbat, skal gjøre det etter jobben idag, kommer med resultater senere takk takk! Lenke til kommentar
nanaki Skrevet 20. september 2007 Forfatter Del Skrevet 20. september 2007 (endret) Beklager forsinkelsen, hatt en helv** mye å gjøre i det siste. Men gjorde som du skrev Norbat, og jeg kom ikke lenger enn punkt 3.....fant ikke explorer filen jeg skulle krysse av på...... :S DAMN! Andre forslag her? Edit: og ja, virsuet er der forsat,, fikk NETTOPP en popup Endret 20. september 2007 av nanaki Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 (endret) Rettelse: Hvis du ikke kom lengre enn til punkt 3, så har du egentlig ikke gjort noe som helst av betydning knyttet til rensingen, så kjør videre med veiledningen (altså, fortsett med punkt 4...) Endret 20. september 2007 av norbat Lenke til kommentar
nanaki Skrevet 20. september 2007 Forfatter Del Skrevet 20. september 2007 COMBOFIX: --- ComboFix 07-09-20.1 - "Nanaki" 2007-09-20 21:37:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1515 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\iexplorer.exe E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 ))))))))))))))))))))))))))))))) . 2007-09-20 21:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-20 21:21 <DIR> d-------- C:\WINDOWS\ERUNT 2007-09-20 20:12 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared 2007-09-19 21:35 <DIR> d-------- C:\Programfiler\Real 2007-09-19 21:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Real 2007-09-19 21:35 <DIR> d-------- C:\DOCUME~1\Nanaki\PROGRA~1\Real 2007-09-18 20:55 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-18 20:02 <DIR> d-------- C:\Programfiler\VS Revo Group 2007-09-16 15:47 <DIR> d-------- C:\DOCUME~1\Nanaki\PROGRA~1\Lavasoft 2007-09-16 15:46 <DIR> d-------- C:\Programfiler\Lavasoft 2007-08-27 17:13 97,672 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-08-27 17:13 537,992 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-08-27 17:13 31,624 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-08-27 17:13 28,040 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-08-27 17:13 23,944 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2007-08-27 17:13 189,320 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2007-08-27 17:13 161,160 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-08-27 17:13 12,680 --a------ C:\WINDOWS\system32\drivers\symdns.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-19 21:31 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\uTorrent 2007-09-19 15:10 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\Skype 2007-09-18 21:04 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-18 16:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-09-18 16:13 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-18 16:13 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-18 16:13 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-09-18 16:13 --------- d-------- C:\Programfiler\Symantec 2007-09-18 16:13 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2007-09-16 15:48 --------- d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-08 05:23 --------- d-------- C:\Programfiler\uTorrent 2007-09-07 22:55 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\FrostWire 2007-09-05 22:41 --------- d-------- C:\Programfiler\World of Warcraft 2007-09-04 19:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet 2007-08-31 15:29 --------- d-------- C:\Programfiler\MSN Messenger 2007-08-29 17:43 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\DVD Flick 2007-08-27 18:43 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\dvdcss 2007-08-25 20:55 --------- d-------- C:\Programfiler\FrostWire 2007-08-18 17:16 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\Slickr 2007-08-15 16:51 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\UploadInternetSixth 2007-08-15 16:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\live 64 math does 2007-08-15 16:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Grey Global Mode Live 2007-08-15 16:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-15 16:41 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-15 16:41 --------- d-------- C:\DOCUME~1\Nanaki\PROGRA~1\SUPERAntiSpyware.com 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:13 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:13 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:13 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:13 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:13 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:13 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:13 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:13 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 16:12 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:12 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:12 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:12 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:12 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:12 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:11 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:11 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:11 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:11 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:11 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:11 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:29 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-05-08 20:20 87608 --a--c--- C:\DOCUME~1\Nanaki\PROGRA~1\ezpinst.exe 2007-05-08 20:20 47360 --a--c--- C:\DOCUME~1\Nanaki\PROGRA~1\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 13:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 16:01] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 22:19] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 16:57] "Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 12:04] "CloneCDTray"="C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47] "block buster"="C:\Documents and Settings\Nanaki\Skrivebord" [2007-09-20 20:10] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-09-20 20:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-27 17:02:06] C:\DOCUME~1\Nanaki\START-~1\PROGRA~1\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-12 01:52:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\setup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-15 14:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-08-31 18:11:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Nanaki.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 21:38:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??? ?@?????@???`Z??(?@???@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\viaagp] "ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys" . Completion time: 2007-09-20 21:39:20 C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:39 . --- E O F --- --- SDFIX: --- SDFix: Version 1.106 Run by Nanaki on 20.09.2007 at 21:22 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Documents and Settings\\Nanaki\\Skrivebord\\utorrent.exe"="C:\\Documents and Settings\\Nanaki\\Skrivebord\\utorrent.exe:*:Enabled:æTorrent" "C:\\Programfiler\\uTorrent\\utorrent.exe"="C:\\Programfiler\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\FrostWire\\FrostWire.exe"="C:\\Programfiler\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: C:\WINDOWS\SMINST\HPCD.SYS C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\Documents and Settings\Nanaki\Skrivebord\Agnete backup\Arbeids oppgaver\Norsk\~WRL0001.tmp C:\WINDOWS\SoftwareDistribution\Download\a0d90e4e1b522ea439dd792d1e2eedcb\BIT3.tmp Finished! --- hijack: --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:12, on 20.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [block buster] C:\Documents and Settings\Nanaki\Skrivebord O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184194929171 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe -- End of file - 9478 bytes --- Sånn....now what? Lenke til kommentar
norbat Skrevet 20. september 2007 Del Skrevet 20. september 2007 Så starter du i normal modus, lager en ny HJT-logg fra normal modus og forteller hvordan PC-en kjører. Lenke til kommentar
nanaki Skrevet 20. september 2007 Forfatter Del Skrevet 20. september 2007 går jo ikke som sagt...tror viruset gjør at den lukker programmet hver gang jeg åpner den i normal modus. funker kun i safe-mode .....:S Lenke til kommentar
norbat Skrevet 21. september 2007 Del Skrevet 21. september 2007 (endret) Klarer PC-en å fungere i normal tilstand (starte andre programmer, internett etc) eller er det også problemer med dette. Får du fortsatt popups i IE? Det du kan forsøke med hijackthis, er å forandre progamnavnet, hijackthis, til noe annet før du starter programmet. Kall det hva du vil (eks. nanaki). Endret 21. september 2007 av norbat Lenke til kommentar
nanaki Skrevet 21. september 2007 Forfatter Del Skrevet 21. september 2007 Ja den klarer å fungere i normal tilstand, men har merket at sånne "fjern virus"/"søke, cleane" programmer, de lukker seg med en gang jeg velger å åpne. Ja det var lurt, kan prøve å forandre på navnet og prøve igjen. Og ja, har forsatt popupsi IE Kommer med tilbake melding senere idag (er på jobb nå) Igjen takk for tålmodigheten og hjelpen - Nanakiiiii Lenke til kommentar
norbat Skrevet 21. september 2007 Del Skrevet 21. september 2007 (endret) Du kan også kjøre en engangsscanner for å se om den kan klare å kjøre gjennom hele scannen uten å lukke: Hent DrWeb Restart i Sikker modus (tapp F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Endret 21. september 2007 av norbat Lenke til kommentar
nanaki Skrevet 22. september 2007 Forfatter Del Skrevet 22. september 2007 hei folkens.... ser ut som alt jeg prøver er umulig... veldig frustrerende og irriterende...det tar bare masse tid, så jeg har bestemt meg for å bare formatere hele shitten! MEN jeg setter pris på all hjelpen jeg har fått, og vil da ha bedre forståelse neste gang noe slikt dukker opp Dere får ha en fin helg videre, takk for hjelpen yall og peace out Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå