hegefrem Skrevet 11. oktober 2007 Del Skrevet 11. oktober 2007 (endret) kan noen kikke på denne og se om det er noe gugg? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:55:59, on 11.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Test This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.postbanken.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {68E23485-363C-42ED-B25A-78B0CF69D9CC} - (no file) O2 - BHO: (no name) - {8DC0B1F0-F0BD-44B4-AA78-6CE64A954D2B} - (no file) O2 - BHO: (no name) - {D81E2285-9489-4756-B241-29F39C3ABADF} - C:\WINDOWS\system32\awvtt.dll O2 - BHO: (no name) - {DEC63814-5580-4FD3-AAD4-FAAD14ABEE8C} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVP] "C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\kumfnsav.dll",sitypnow O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ddcbbxw - C:\WINDOWS\SYSTEM32\ddcbbxw.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: opnopon - C:\WINDOWS\SYSTEM32\opnopon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Endret 12. oktober 2007 av Zeph Lenke til kommentar
norbat Skrevet 11. oktober 2007 Del Skrevet 11. oktober 2007 Ja, litt gugge var det i den loggen. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg. Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 Får ikke kjørt det:Freeware implementation of REG.EXE har et problem og må lukkes. Vi beklager det inntrufne.Sånn er det på flere program for tiden. Bl.a winrar.Så kommer denne etterpå:Not Admin!! You need administrative privileges to run this tool.Er logget inn som bruker med administrative rettigheter. Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Da starter du bare opp i sikker modus (trykk flere ganger på F8 under oppstart) og kjører combofix på nytt. Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 (endret) ComboFix 07-10-12.4 - Administrator 2007-10-12 13:28:49.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.817 [GMT 2:00] Running from: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\ComboFix.exe . Var det hele raporten? eller har jeg bommet? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 13:48:29, on 12.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Opera\Opera.exe C:\Program Files\Test This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.postbanken.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {68E23485-363C-42ED-B25A-78B0CF69D9CC} - (no file) O2 - BHO: (no name) - {8DC0B1F0-F0BD-44B4-AA78-6CE64A954D2B} - (no file) O2 - BHO: (no name) - {DEC63814-5580-4FD3-AAD4-FAAD14ABEE8C} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVP] "C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ddcbbxw - C:\WINDOWS\SYSTEM32\ddcbbxw.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: opnopon - C:\WINDOWS\SYSTEM32\opnopon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Endret 12. oktober 2007 av Zeph Lenke til kommentar
Demantios Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Greit å la http://hijackthis.de/ sjekke den for deg Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 (endret) Det var nok ikke hele loggen, nei. Du har bla. en vundo-infeksjon. Denne burde combofix ha tatt det meste av. Hvis du fulgte med under Combofix-scannne, så du om det var filer som ble funnet? (filene bruker å komme fortløpende når de blir funnet......) Vi kan kjøre Vundofix: Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen. Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo". Loggen fra Vundofix finnes vanligvis på C:\vundofix.txt. Den poster du sammen med en ny HJT-logg. Endret 12. oktober 2007 av norbat Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 Ja, det ser ut til at den fant litt, men den vil ikke slette det. Er det noe skumle greier som kan lage masse ugang siden ingen av virus/antispy programmene har funnet det? Følgende filer ble funnet: ilnmp.ini pmnli.dll ilnmp.bak1 ilnmp.ini2 ilnmp.tmp Retartet og prøvd på nytt 3 ganger. Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Vundo er plagsom da det fyller PC-en med dårlige filer og gjøre den treg, samt at den også kan gi falske meldinger om at PC-en din er infisert med ditten og datten og at du må laste ned div. prog osv... Har du fått kjørt Vundofix? Hvis ikke, gjør du det. Ønsker å se logger som lages. Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 (endret) Sorry at det tok litt tid, ble bare rot her nå og ingenting virket. Har kjørt det, men den ber bare om å restarte om igjen og om igjen. Klikk for å se/fjerne innholdet nedenfor VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 13:59:34 12.10.2007 Listing files found while scanning.... C:\windows\system32\drvmuxr.dll C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.ini C:\windows\system32\pmnli.dll Beginning removal... Attempting to delete C:\windows\system32\drvmuxr.dll C:\windows\system32\drvmuxr.dll Has been deleted! Attempting to delete C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.bak1 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 14:12:08 12.10.2007 Listing files found while scanning.... C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.tmp C:\windows\system32\pmnli.dll Beginning removal... Attempting to delete C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.bak1 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.ini2 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.tmp C:\windows\system32\ilnmp.tmp Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! Endret 12. oktober 2007 av Zeph Lagt til skjult-tag Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 (endret) Prøvde en gang til jeg Klikk for å se/fjerne innholdet nedenfor VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 13:59:34 12.10.2007 Listing files found while scanning.... C:\windows\system32\drvmuxr.dll C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.ini C:\windows\system32\pmnli.dll Beginning removal... Attempting to delete C:\windows\system32\drvmuxr.dll C:\windows\system32\drvmuxr.dll Has been deleted! Attempting to delete C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.bak1 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 14:12:08 12.10.2007 Listing files found while scanning.... C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.tmp C:\windows\system32\pmnli.dll Beginning removal... Attempting to delete C:\windows\system32\ilnmp.bak1 C:\windows\system32\ilnmp.bak1 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.ini2 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.tmp C:\windows\system32\ilnmp.tmp Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 15:58:32 12.10.2007 Listing files found while scanning.... C:\WINDOWS\system32\awiobskb.dll C:\WINDOWS\system32\bksboiwa.ini C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.tmp C:\windows\system32\pmnli.dll C:\WINDOWS\system32\qyuhoddx.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\awiobskb.dll C:\WINDOWS\system32\awiobskb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bksboiwa.ini C:\WINDOWS\system32\bksboiwa.ini Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.ini2 Has been deleted! Attempting to delete C:\windows\system32\ilnmp.tmp C:\windows\system32\ilnmp.tmp Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qyuhoddx.dll C:\WINDOWS\system32\qyuhoddx.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini Has been deleted! Attempting to delete C:\windows\system32\ilnmp.ini2 C:\windows\system32\ilnmp.ini2 Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 16:20:38 12.10.2007 Listing files found while scanning.... C:\windows\system32\ilnmp.ini C:\windows\system32\pmnli.dll Beginning removal... Attempting to delete C:\windows\system32\ilnmp.ini C:\windows\system32\ilnmp.ini Has been deleted! Attempting to delete C:\windows\system32\pmnli.dll C:\windows\system32\pmnli.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 16:32:35, on 12.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\uTorrent\uTorrent.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Test This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.postbanken.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5DD35BC9-7D89-4084-8D7E-B26200D7B638} - C:\WINDOWS\system32\pmnli.dll (file missing) O2 - BHO: (no name) - {68E23485-363C-42ED-B25A-78B0CF69D9CC} - (no file) O2 - BHO: (no name) - {8DC0B1F0-F0BD-44B4-AA78-6CE64A954D2B} - (no file) O2 - BHO: (no name) - {DEC63814-5580-4FD3-AAD4-FAAD14ABEE8C} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVP] "C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ddcbbxw - C:\WINDOWS\SYSTEM32\ddcbbxw.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: opnopon - C:\WINDOWS\SYSTEM32\opnopon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ComboFix 07-10-12.4 - Hege Fremmerlid 2007-10-12 17:33:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.509 [GMT 2:00] Running from: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt . ---- Previous Run ------- . C:\d.exe C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter\CROSOF~1 C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter\CROSOF~1\??crosoft\ C:\Programfiler\WinAble C:\WINDOWS\cookies.ini C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\bdfnfwpt.ini C:\WINDOWS\system32\cbgndyxd.ini C:\WINDOWS\system32\dxydngbc.dll C:\WINDOWS\system32\eacyitan.dll C:\WINDOWS\system32\hekpuaxs.dll C:\WINDOWS\system32\kumfnsav.dll C:\WINDOWS\system32\natiycae.ini C:\WINDOWS\system32\nynqhoxo.dll C:\WINDOWS\system32\oxohqnyn.ini C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\sxaupkeh.ini C:\WINDOWS\system32\tpwfnfdb.dll C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\vasnfmuk.ini E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE Endret 12. oktober 2007 av Zeph Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Der ja, det nærmer seg Antar combofix-loggen også har litt mer å by på. Kunne du ha lagt ut hele loggen den laget? Trenger også en ny hjt-logg (da den som ligger der er kjørt før combofix) Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 ComboFix 07-10-12.4 - Hege Fremmerlid 2007-10-12 17:33:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.509 [GMT 2:00] Running from: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt . ---- Previous Run ------- . C:\d.exe C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter\CROSOF~1 C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter\CROSOF~1\??crosoft\ C:\Programfiler\WinAble C:\WINDOWS\cookies.ini C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\bdfnfwpt.ini C:\WINDOWS\system32\cbgndyxd.ini C:\WINDOWS\system32\dxydngbc.dll C:\WINDOWS\system32\eacyitan.dll C:\WINDOWS\system32\hekpuaxs.dll C:\WINDOWS\system32\kumfnsav.dll C:\WINDOWS\system32\natiycae.ini C:\WINDOWS\system32\nynqhoxo.dll C:\WINDOWS\system32\oxohqnyn.ini C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\sxaupkeh.ini C:\WINDOWS\system32\tpwfnfdb.dll C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.ini2 C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\ttvwa.tmp C:\WINDOWS\system32\vasnfmuk.ini E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))) . 2007-10-12 16:24 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-10-12 15:46 <DIR> d-------- C:\Programfiler\WINrar NY 2007-10-12 13:59 <DIR> d-------- C:\VundoFix Backups 2007-10-12 13:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecTaskMan 2007-10-11 16:20 <DIR> d-------- C:\Programfiler\Security Task Manager 2007-10-10 12:32 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-07 11:03 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-10-07 11:03 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-10-07 11:02 6,798,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-07 11:02 33,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-05 22:42 <DIR> d-------- C:\Programfiler\vavgbwfs 2007-10-05 17:34 35,328 --a------ C:\WINDOWS\system32\ddcbbxw.dll 2007-10-05 17:26 <DIR> d-------- C:\Programfiler\Kaspersky Lab 2007-10-05 17:09 <DIR> d-------- C:\kav 2007-10-05 16:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-05 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2007-10-05 15:54 <DIR> d-------- C:\Programfiler\Texas Instruments Inc 2007-10-05 15:51 <DIR> d-------- C:\SWSetup 2007-10-01 17:29 <DIR> dr-h----- C:\Documents and Settings\Hege Fremmerlid\Siste 2007-09-29 15:17 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Uniblue 2007-09-27 15:23 <DIR> d-------- C:\Programfiler\Alkohol 120 1.9.6.5429 2007-09-26 21:01 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Nero 2007-09-26 20:51 <DIR> d-------- C:\Programfiler\Nero 2007-09-26 20:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2007-09-26 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2007-09-26 19:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-09-24 20:29 <DIR> d-------- C:\Programfiler\Temporary 2007-09-22 21:02 <DIR> d-------- C:\temp\cheetah 2007-09-22 21:02 <DIR> d-------- C:\temp 2007-09-16 12:07 <DIR> d-------- C:\Programfiler\DVD Shrink 2007-09-16 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink 2007-09-16 11:51 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\NeroVision 2007-09-16 11:39 <DIR> d-------- C:\Programfiler\Ahead 2007-09-16 11:39 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-16 11:39 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-14 15:38 356 --a------ C:\drmHeader.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 15:48 --------- d-----w C:\Documents and Settings\Hege Fremmerlid\Programdata\uTorrent 2007-10-12 15:13 94,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-12 15:13 4,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-12 11:19 --------- d-----w C:\Programfiler\DC++ 2007-10-11 14:18 --------- d-----w C:\Programfiler\RegistryFix 2007-10-05 20:37 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2007-10-05 14:15 --------- d-----w C:\Programfiler\HP 2007-10-05 14:15 --------- d-----w C:\Programfiler\Hewlett-Packard 2007-10-05 14:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-10-05 14:10 --------- d-----w C:\Programfiler\HPQ 2007-10-05 13:08 --------- d-----w C:\Programfiler\Canon 2007-10-02 14:37 --------- d-----w C:\Documents and Settings\Hege Fremmerlid\Programdata\ZoomBrowser EX 2007-10-01 14:44 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-10-01 14:35 5,784 ----a-w C:\Documents and Settings\Hege Fremmerlid\Programdata\wklnhst.dat 2007-09-27 16:02 --------- d-----w C:\Programfiler\Alcohol Soft 2007-09-27 13:24 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-26 20:16 --------- d-----w C:\Programfiler\Registerfiler (gamle) 2007-09-26 18:09 --------- d-----w C:\Programfiler\Sony Ericsson 2007-09-26 17:59 --------- d-----w C:\Programfiler\Creative 2007-09-26 17:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-09-26 17:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2007-09-26 16:27 --------- d-----w C:\Programfiler\Fellesfiler\Seagate 2007-09-16 09:39 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-09-14 14:44 --------- d-----w C:\Programfiler\Apple Software Update 2007-09-11 12:35 --------- d-----w C:\Programfiler\Western Digital Technologies 2007-09-10 14:04 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2007-09-10 14:04 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-09-10 14:04 359,808 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-09-08 11:01 --------- d-----w C:\Programfiler\XviD 2007-09-07 08:18 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-30 16:00 --------- d-----w C:\Programfiler\uTorrent 2007-08-25 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Seagate 2007-08-25 19:09 392,320 ----a-w C:\WINDOWS\system32\drivers\timntr.sys 2007-08-25 19:09 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-08-25 19:09 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys 2007-08-24 10:22 --------- d-----w C:\Programfiler\QuickTime 2007-08-24 10:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2007-08-22 16:46 --------- d-----w C:\Programfiler\CLUE 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 15:45 --------- d-----w C:\Programfiler\Sync 2007-08-20 10:03 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:03 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:03 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:03 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:03 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:03 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:03 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:03 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:03 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:03 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:03 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:03 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:03 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:03 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:03 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:03 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:03 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 14:01 --------- d-----w C:\Programfiler\MSXML 4.0 2007-08-17 13:59 --------- d-----w C:\Programfiler\Opera 2007-08-17 10:24 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:24 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-15 12:10 --------- d-----w C:\Programfiler\MSXML 6.0 2007-08-13 08:29 --------- d-----w C:\Programfiler\CodeStuff 2007-08-04 08:40 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-08-04 08:10 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-08-03 10:52 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-07-12 23:32 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll 2006-08-25 15:04:44 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2007-04-10 17:48:55 514,384 --sh--w C:\WINDOWS\system32\gjkmp.bak1 2007-04-10 20:07:07 515,283 --sh--w C:\WINDOWS\system32\gjkmp.ini2 2007-03-31 20:02:41 506,366 --sh--w C:\WINDOWS\system32\npqss.bak1 2007-04-02 20:03:19 509,271 --sh--w C:\WINDOWS\system32\npqss.bak2 2007-04-11 08:19:06 515,366 --sh--w C:\WINDOWS\system32\oqstv.bak1 2007-04-11 11:08:20 515,924 --sh--w C:\WINDOWS\system32\oqstv.ini2 2007-04-10 20:22:19 515,326 --sh--w C:\WINDOWS\system32\pstwa.bak1 2007-04-10 21:55:32 516,305 --sh--w C:\WINDOWS\system32\pstwa.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05] "AVP"="C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BE666F3C-9D33-4E29-B4BC-7E6AA64B5129}"= C:\WINDOWS\system32\opnopon.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 10:00 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) "LiveUpdate"=3 (0x3) R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys . Contents of the 'Scheduled Tasks' folder "2007-10-06 07:35:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-11 14:18:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-01 14:18:40 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-08-30 01:58:00 C:\WINDOWS\Tasks\{8D3202B7-D864-4DFD-B922-CE7531E17DE6}_PC120922876293_Hege Fremmerlid.job" - C:\WINDOWS\system32\mobsync.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-12 17:48:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe???4?4?3?-??`?? ?B?????hLC???? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-12 17:49:46 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 20:43:37, on 12.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\uTorrent\uTorrent.exe C:\WINDOWS\explorer.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Nero\Nero8\Nero Burning Rom\nero.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Test This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.postbanken.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVP] "C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe om jeg kan ja! Seff, det er jo du som er snill og hjelper meg Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 (endret) Dette så da riktig så bra ut. En opprydding gjenstår: Åpne notisblokk og kopier inn det som står under i fet tekst. Lagre fila som hegefremfix.reg og legg det på skriveborder. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BE666F3C-9D33-4E29-B4BC-7E6AA64B5129}"=- Dobbeltklikk på fila og si ja/ok til å legge til informasjonen. Hent deretter Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\ddcbbxw.dll C:\WINDOWS\system32\gjkmp.bak1 C:\WINDOWS\system32\gjkmp.ini2 C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.bak2 C:\WINDOWS\system32\oqstv.bak1 C:\WINDOWS\system32\oqstv.ini2 C:\WINDOWS\system32\pstwa.bak1 C:\WINDOWS\system32\pstwa.ini2 C:\WINDOWS\system32\opnopon.dll Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Si ifra om den fikk fjernet filene eller ei. (Mulig noen filer ikke finnes) Så... Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Restart PC-en igjen. Opprett et nytt systemgjenopprettingspunkt: Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Slett gamle systemgjenopprettingspunkt unntatt det siste: Tilbehør->systemverktøy->diskopprydding Velg stasjon c:. Etter en sjekk åpnes et vindu der du velger 'Flere alternativer'. Der klikker du på 'Rydd opp...' i Systemgjenopprettings-feltet. Dette burde holde. Fortell hvordan PC-en kjører. Endret 12. oktober 2007 av norbat Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hbrqsfkm ******************* Script file located at: \??\C:\WINDOWS\system32\stajodpk.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\ddcbbxw.dll deleted successfully. File C:\WINDOWS\system32\gjkmp.bak1 deleted successfully. File C:\WINDOWS\system32\gjkmp.ini2 deleted successfully. File C:\WINDOWS\system32\npqss.bak1 deleted successfully. File C:\WINDOWS\system32\npqss.bak2 deleted successfully. File C:\WINDOWS\system32\oqstv.bak1 deleted successfully. File C:\WINDOWS\system32\oqstv.ini2 deleted successfully. File C:\WINDOWS\system32\pstwa.bak1 deleted successfully. File C:\WINDOWS\system32\pstwa.ini2 deleted successfully. File C:\WINDOWS\system32\opnopon.dll not found! Deletion of file C:\WINDOWS\system32\opnopon.dll failed! Could not process line: C:\WINDOWS\system32\opnopon.dll Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Skal jeg fortsette alikevel? Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Ja, bare fortsett. Den fila som ikke ble 'slettet', finnes ikke Lenke til kommentar
Romis Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Norbat, blir du ikke LITT lei av å skrive den SAMME meldingen hele tiden? '' Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg '' Lenke til kommentar
hegefrem Skrevet 12. oktober 2007 Forfatter Del Skrevet 12. oktober 2007 PC-en virker myyyye kjappere. Men har fortsatt problemer med at jeg ikke kan "dra og slippe" filer på skrivebord, utforsker, programmer osv. + at jeg må åpne oppgavebehandler for at ikke maskina skal henge seg (ikke spør meg hvordan jeg fant ut at jeg måtte det) Har lagt inn ett innlegg om det tideligere, men ser ikke ut til at noen har noe svar. Bortsett fra en som foreslo at jeg skulle slette alt av anti-virus/-spyware prog. Syns ikke det hørtes ut som noen god idè Tusen hjertelig takk for hjelpa! Lenke til kommentar
Romis Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 Hadde jeg vært deg hadde jeg formatert hele PC-en. Det kan hende at du har ALT for mye filer på PC-en. Du kan også Defragmentere . Prøv å defragmenter begge stasjonene og se om det blir noe bedre. Forresten grattis med post 100! - RoMiS Lenke til kommentar
norbat Skrevet 12. oktober 2007 Del Skrevet 12. oktober 2007 (endret) Norbat, blir du ikke LITT lei av å skrive den SAMME meldingen hele tiden?'' Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg '' Nei, egentlig ikke. Jeg begynner å få en fin samling med veiledninger og heldigvis så finnes det en klipp og limfunksjon. Så jeg skriver nok ikke inn det samme hele tiden. Kun det som er spesielt. hegefrem: Vet ikke hva du har prøvd tidligere knyttet til det problemet du nevner, men du kunne ha forsøk å sjekket om systemfilene dine er intakte: Klikk: Start->Kjør Skriv: sfc /scannow (mellomrom mellom sfc og / ) Du trenger antakelig XP-CD-en. Du vil muligens ikke få noe tilbakemelding på om noe ble rettet eller ei. Endret 12. oktober 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå