Ingen tilgang til kontrollpanel

[Grosmo]

Jeg er en av de som ikke får tilgang til kontrollpanel i Windows.

Kjører XP home edition. Antivirus soft er Norton, Ad Aware, Spy Bot, Super Anti Spywere.

Har scannet i sikker modus, uten resultat. Om jeg kjører "control" i "dos-vindu" får jeg også feilmelding.

Kommer heller ikke helt tilbake til C:/. Kommer ikke nærmere roten enn C:/Mine dokumenter/øystein..

 

Har scannet med F-secure, og kjørt register cleaner, uten resultat.

 

Prøver å legge ved logger fra HijackThis, i håp om at noen med kompetanse kan hjelpe.

Håpet er at jeg skal slippe å formatere disken.

Ser ut til at jeg bare får lasta opp "start up list" til forumet.

Får feilmelding når jeg skal laste opp loggfila.. ?? "Opplasting feilet. Du har ikke lov til å laste opp denne filtypen"

Hva skjer??

startuplist.txt

[norbat]

Du kan kopiere loggen fra hjt og lime den rett inn i posten.

[Grosmo]

Du kan kopiere loggen fra hjt og lime den rett inn i posten.

 

Ja, selvfølgelig. Var nok litt trøtt og lei i natt.... takk, her kommer loggen:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:06:12, on 17.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\F-Secure Internet Security\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\F-Secure Internet Security\Common\FCH32.EXE

C:\Programfiler\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Programfiler\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Programfiler\F-Secure Internet Security\FSPC\fspc.exe

C:\Programfiler\PDF Complete\pdfsty.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Øystein\Mine dokumenter\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&...20Plus%20v7.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Programfiler\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160745114140

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160749061125

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC9865E-2B22-4835-9044-FA21E5E3A1A3}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{D470D2C7-0F55-4445-B83C-C01EBBCCD67A}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF1358BA-A0C5-424E-813D-81370C7289F1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED134575-7169-4E24-B713-A11241855615}: NameServer = 85.255.113.197,85.255.112.151

O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA22A31-B0BF-4E11-9AB6-B18EA48630D2}: NameServer = 85.255.113.197,85.255.112.151

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

[norbat]

Hent Fixwareout

 

Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install.

Sjekk at det er avkrysset i 'Run fixit'.

Klikk Finish og fixet vil starte. Følg instruksjonen.

Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt .....

 

Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen.

 

Hent deretter Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg.

[Grosmo]

Hent Fixwareout

 

Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install.

Sjekk at det er avkrysset i 'Run fixit'.

Klikk Finish og fixet vil starte. Følg instruksjonen.

Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt .....

 

Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen.

 

Hent deretter Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg.

 

Nå har jeg fulgt dine instruksjoner, og jeg har konstantert at kontrollpanelet er på plass igjen!

Tusen takk, så langt!

 

Legger ved loggen som du ba om...Er litt usikker på om jeg skal legge de her..?? Korriger meg om det er feil..

 

Logfile of HijackThis v1.99.1

Scan saved at 19:21:08, on 18.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\F-Secure Internet Security\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\F-Secure Internet Security\Common\FCH32.EXE

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Programfiler\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Programfiler\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\F-Secure Internet Security\FSPC\fspc.exe

C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Programfiler\PDF Complete\pdfsty.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

C:\Programfiler\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\Øystein\Mine dokumenter\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&...20Plus%20v7.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Programfiler\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Sperre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programfiler\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure internet security\fsps\program\fslsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160745114140

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160749061125

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC9865E-2B22-4835-9044-FA21E5E3A1A3}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{D470D2C7-0F55-4445-B83C-C01EBBCCD67A}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF1358BA-A0C5-424E-813D-81370C7289F1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

 

 

ComboFix 07-10-18.6 - ystein 2007-10-18 19:12:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1453 [GMT 2:00]

Running from: C:\Documents and Settings\ystein\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\prods107.exe

C:\WINDOWS\prods111.exe

C:\WINDOWS\prods114.exe

C:\WINDOWS\prods117.exe

C:\WINDOWS\prods121.exe

C:\WINDOWS\prods127.exe

C:\WINDOWS\prods172.exe

C:\WINDOWS\prods190.exe

C:\WINDOWS\system32\x64

K:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))

.

 

2007-10-18 19:11 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-16 21:31 <DIR> d-------- C:\Programfiler\Advanced Registry Optimizer

2007-10-16 17:44 <DIR> d--h----- C:\WINDOWS\PIF

2007-10-15 23:25 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2007-10-15 23:25 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2007-10-15 23:24 <DIR> d-------- C:\Programfiler\F-Secure Internet Security

2007-10-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\fssg

2007-10-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\F-Secure

2007-10-09 20:55 0 --a------ C:\Documents and Settings\Administrator\control.exe

2007-10-09 20:46 0 C:\Documents and Settings\Øystein\control.exe

2007-10-09 20:32 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-06 19:24 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-10-05 22:11 <DIR> C:\Documents and Settings\Øystein\.housecall6.6

2007-10-03 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2007-10-03 18:54 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2007-10-03 18:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2007-10-03 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2007-10-03 18:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2007-10-03 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SampleView

2007-10-03 18:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2007-10-03 18:54 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2007-10-03 18:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2007-10-03 18:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2007-10-03 18:54 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2007-10-03 18:54 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2007-09-28 15:04 <DIR> d-------- C:\Programfiler\iTunes

2007-09-28 15:04 <DIR> d-------- C:\Programfiler\iPod

2007-09-28 14:49 <DIR> d-------- C:\Programfiler\Apple Software Update

2007-09-23 10:57 <DIR> d-------- C:\Documents and Settings\Thea\Programdata\PC Suite

2007-09-22 12:13 <DIR> d-------- C:\WINDOWS\A4W_DATA

2007-09-22 12:12 <DIR> d-------- C:\Programfiler\Canon

2007-09-22 12:12 <DIR> C:\Documents and Settings\Øystein\WINDOWS

2007-09-22 12:12 304,128 --a------ C:\WINDOWS\IsUninst.exe

2007-09-22 11:56 <DIR> d-------- C:\mine dokumenter

2007-09-22 00:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-09-22 00:18 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2007-09-22 00:10 327,680 --a------ C:\WINDOWS\system32\N122UFW.dll

2007-09-22 00:10 318,976 --a------ C:\WINDOWS\system32\UCS32P.DLL

2007-09-22 00:10 122,880 --a------ C:\WINDOWS\system32\N065UUD.DLL

2007-09-22 00:10 28,718 --a------ C:\WINDOWS\system32\N122UCPL.DLL

2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys

2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys

2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-18 17:11 5,242,880 ---ha-w C:\Documents and Settings\Øystein\NTUSER.DAT

2007-10-18 16:11 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2007-10-18 14:26 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-10-16 20:55 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2007-10-16 20:26 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-10-05 22:34 1,310,720 ---ha-w C:\Documents and Settings\Håkon\NTUSER.DAT

2007-10-04 20:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-04 20:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-04 20:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-04 20:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-04 20:48 --------- d-----w C:\Programfiler\Symantec

2007-10-01 19:00 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-10-01 19:00 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-09-20 21:38 --------- d-----w C:\Programfiler\Norton Internet Security

2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-09-16 19:22 --------- d-----w C:\Programfiler\Fellesfiler\EPSON

2007-09-16 19:06 --------- d-----w C:\Programfiler\EPSON

2007-09-09 12:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage

2007-09-09 10:38 --------- d-----w C:\Programfiler\Programfiler

2007-09-08 17:18 --------- d-----w C:\Programfiler\Microsoft.NET

2007-08-28 19:30 --------- d-----w C:\Programfiler\MSXML 4.0

2007-08-27 19:26 --------- d-----w C:\Programfiler\Nokia

2007-08-27 19:24 --------- d-----w C:\Programfiler\Fellesfiler\PCSuite

2007-08-27 19:24 --------- d-----w C:\Programfiler\Fellesfiler\Nokia

2007-08-27 19:24 --------- d-----w C:\Programfiler\DIFX

2007-08-27 19:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Suite

2007-08-27 19:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Downloaded Installations

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-08-20 10:03 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-20 10:03 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-20 10:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-08-20 10:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-08-20 10:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-08-20 10:03 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-20 10:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-08-20 10:03 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-08-20 10:03 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-08-20 10:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-08-20 10:03 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-20 10:03 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-20 10:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-08-20 10:03 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-08-20 10:03 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-08-20 10:03 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-20 10:03 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-20 10:03 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-08-20 10:03 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-20 10:03 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-08-20 10:03 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-08-20 10:03 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-08-20 10:03 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-17 10:24 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-08-17 10:24 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-08-15 09:45 524,288 ----a-w C:\WINDOWS\opuc.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2007-07-22 18:28 49,181,904 ----a-w C:\Programfiler\nis2007.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 13:48]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 13:50]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 13:47]

"PDF Complete"="C:\Programfiler\PDF Complete\pdfsty.exe" [2006-07-14 08:43]

"SetRefresh"="C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-28 05:10]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05]

"nwiz"="nwiz.exe" [2006-02-13 15:05 C:\WINDOWS\system32\nwiz.exe]

"P17Helper"="P17.dll" [2005-05-03 13:38 C:\WINDOWS\system32\P17.dll]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05]

"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 13:50]

"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 15:44]

"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 11:42]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 14:17]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 14:16]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24]

"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

"F-Secure Manager"="C:\Programfiler\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12]

"F-Secure TNB"="C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 04:00]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 20:08]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-09-16 21:22:17]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys

R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Programfiler\F-Secure Internet Security\HIPS\fshs.sys

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 pdfcDispatcher;PDF Document Manager;C:\Programfiler\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programfiler\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys

R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys

S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys

S3 SE2Cbus;Sony Ericsson Device 044 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys

S3 SE2Cmdfl;Sony Ericsson Device 044 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys

S3 SE2Cmdm;Sony Ericsson Device 044 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys

S3 SE2Cmgmt;Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys

S3 SE2Cobex;Sony Ericsson Device 044 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys

S3 VirtDisk;XSS Virtual Disk Driver;\??\C:\WINDOWS\SMINST\VirtDisk.sys

S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys

S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-09-28 12:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2007-10-15 19:02:43 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Øystein.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-18 19:16:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

*************************************************************************

[norbat]

Dette så bedre ut

 

Bestem deg så for kun ett antivirusprogram. Avinstaller F-Secure eller Norton.

 

Oppdater Java: http://java.com/en/download/index.jsp

 

Kjør en diskopprydding: Tilbehør->systemverktøy->diskopprydding

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

 

Surf trygt.

[Grosmo]

Dette så bedre ut

 

Bestem deg så for kun ett antivirusprogram. Avinstaller F-Secure eller Norton.

 

Oppdater Java: http://java.com/en/download/index.jsp

 

Kjør en diskopprydding: Tilbehør->systemverktøy->diskopprydding

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

 

Surf trygt.

 

 

Takk nok en gang for all hjelp! Har slite med dette en stund, så det er supert å få "rydda" opp!

[norbat]

Ups, jeg ble litt fartsblind:

 

Kjør HJT, velg Do a system scan only, sett merke framfor følgende linjer og klikk 'Fix checked':

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC9865E-2B22-4835-9044-FA21E5E3A1A3}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{D470D2C7-0F55-4445-B83C-C01EBBCCD67A}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF1358BA-A0C5-424E-813D-81370C7289F1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

 

Da sier jeg 'Surf trygt'

[Grosmo]

Ups, jeg ble litt fartsblind:

 

Kjør HJT, velg Do a system scan only, sett merke framfor følgende linjer og klikk 'Fix checked':

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC9865E-2B22-4835-9044-FA21E5E3A1A3}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{D470D2C7-0F55-4445-B83C-C01EBBCCD67A}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF1358BA-A0C5-424E-813D-81370C7289F1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

 

Da sier jeg 'Surf trygt'

 

Takker nok en gang for uvurderlig hjelp!

Kan du forresten si noe om hva som var årsaken til problemene, og hva de 5 linjene (O17), inneholdt?

[norbat]

Ang. 017, disse linjene sier noe om hvilken dns-server man går via. De adressene du hadde er ikke 'badboy', de er knyttet til OpenDNS. Normalt fjerner man ikke disse om de ikke er knyttet til hijacking, men....

 

Kjører alt normalt så lar vi det være slik

[Grosmo]

Ang. 017, disse linjene sier noe om hvilken dns-server man går via. De adressene du hadde er ikke 'badboy', de er knyttet til OpenDNS. Normalt fjerner man ikke disse om de ikke er knyttet til hijacking, men....

 

Kjører alt normalt så lar vi det være slik

 

OK, alt fungerer 100% her